fix: add CONNMARK restore-mark to mangle OUTPUT chain

The CONNMARK --restore-mark rule was only in PREROUTING, which handles forwarded packets. Locally-bound listeners (e.g. vhost) generate replies through the OUTPUT chain, where the fwmark was never restored. This caused response packets to route via the default table instead of back through the originating interface.
2026-03-30 04:01:58 +00:00 · 2026-02-16 19:22:07 -07:00
parent d97ab59bab
commit cfbace1d91
9 changed files with 176 additions and 45 deletions
--- a/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts
+++ b/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts
@@ -497,13 +497,12 @@ export class MockApiService extends ApiService {
    return null
  }

-  async testPortForward(params: {
-    gateway: string
-    port: number
-  }): Promise<boolean> {
+  async checkPort(
+    params: T.CheckPortParams,
+  ): Promise<T.CheckPortRes> {
    await pauseFor(2000)

-    return false
+    return { ip: '0.0.0.0', port: params.port, reachable: false }
  }

  // marketplace URLs