From ae8f6d96ba472d2fff0a09da41486a33b4c80096 Mon Sep 17 00:00:00 2001
From: dma <dma@subgraph.com>
Date: Sat, 9 Sep 2017 04:47:02 +0000
Subject: [PATCH] Fix rule evaluation of outgoing connections emerging from
 sandbox proxy ports

---
 sgfw/rules.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sgfw/rules.go b/sgfw/rules.go
index 8d7f477..67e44f1 100644
--- a/sgfw/rules.go
+++ b/sgfw/rules.go
@@ -167,10 +167,13 @@ log.Notice("r.saddr: ", r.saddr, "src: ", src , "sandboxed ", sandboxed, "optstr
 		if r.saddr == nil && src != nil && sandboxed {
 log.Notice("! Skipping comparison against incompatible rule types: rule src = ", r.saddr, " / packet src = ", src)
 			continue
+		} else if r.saddr == nil && src == nil && sandboxed {
+			continue
 		} else if r.saddr != nil && !r.saddr.Equal(src) && r.proto != "icmp" {
 log.Notice("! Skipping comparison of mismatching source ips")
 			continue
 		}
+		log.Notice("r.saddr = ", r.saddr, "src = ", src, "\n")
 		if r.pid >= 0 && r.pid != pinfo.Pid {
 //log.Notice("! Skipping comparison of mismatching PIDs")
 			continue