mirror of
https://github.com/juanfont/headscale.git
synced 2026-03-30 22:22:14 +02:00
835b7eb960
According to Tailscale SaaS behavior, autogroup:internet is handled by exit node routing via AllowedIPs, not by packet filtering. ACL rules with autogroup:internet as destination should produce no filter rules for any node. Previously, Headscale expanded autogroup:internet to public CIDR ranges and distributed filters to exit nodes (because 0.0.0.0/0 "covers" internet destinations). This was incorrect. Add detection for AutoGroupInternet in filter compilation to skip filter generation for this autogroup. Update test expectations accordingly.