Fix nft run

internal/dhcp4d/dhcp4d.go

@@ -362,7 +362,7 @@ func (h *Handler) serveDHCP(p dhcp4.Packet, msgType dhcp4.MessageType, options d
 			Expiry:           now.Add(h.leasePeriodForDevice(hwAddr)),
 			Hostname:         string(options[dhcp4.OptionHostName]),
 			VendorIdentifier: string(bytes.ToValidUTF8(bytes.ReplaceAll(options[dhcp4.OptionVendorClassIdentifier], []byte{0}, []byte{}), []byte{})),
-			LastACK:      h.timeNow(),
+			LastACK:          h.timeNow(),
 		}
 		copy(lease.Addr, reqIP.To4())
 

internal/dns/dns.go

@@ -599,7 +599,7 @@ func (s *Server) handleRequest(w dns.ResponseWriter, r *dns.Msg) {
 	// DNS has no reply for resolving errors
 }
 
-func (s *Server) getSubname(domain string, queryName string) (IP,bool) {
+func (s *Server) getSubname(domain string, queryName string) (IP, bool) {
 	name := strings.TrimSuffix(queryName, ".")
 	name = strings.TrimSuffix(name, ".lan")                                               // trim lan domain
 	name = strings.TrimSuffix(name, "."+string(s.domain))                                 // trim server domain
@@ -607,14 +607,14 @@ func (s *Server) getSubname(domain string, queryName string) (IP,bool) {
 	if ip, ok := s.subname(domain, name); ok {
 		return ip, true
 	}
-	return IP{},false
+	return IP{}, false
 }
 
 func (s *Server) resolveSubname(domain string, q dns.Question) (dns.RR, error) {
 	if q.Qclass != dns.ClassINET {
 		return nil, nil
 	}
-	ip,ok := s.getSubname(domain,q.Name)
+	ip, ok := s.getSubname(domain, q.Name)
 	if q.Qtype == dns.TypeA || q.Qtype == dns.TypeAAAA /*|| q.Qtype == dns.TypeMX*/ {
 		if ok {
 			if q.Qtype == dns.TypeA && ip.IPv4.To4() != nil {
@@ -665,7 +665,7 @@ func (s *Server) subnameHandler(domain lcHostname) func(w dns.ResponseWriter, r
 		}
 
 		// Send an authoritative NXDOMAIN for local names:
-		if _,ok := s.getSubname(string(domain),r.Question[0].Name);r.Question[0].Qtype == dns.TypePTR || (r.Question[0].Qtype == dns.TypeCNAME && ok) || !strings.Contains(strings.TrimSuffix(r.Question[0].Name, "."), ".") || strings.HasSuffix(r.Question[0].Name, ".lan.") {
+		if _, ok := s.getSubname(string(domain), r.Question[0].Name); r.Question[0].Qtype == dns.TypePTR || (r.Question[0].Qtype == dns.TypeCNAME && ok) || !strings.Contains(strings.TrimSuffix(r.Question[0].Name, "."), ".") || strings.HasSuffix(r.Question[0].Name, ".lan.") {
 			s.promInc("local", r)
 			m := new(dns.Msg)
 			m.SetReply(r)

internal/netconfig/netconfig.go

@@ -1241,13 +1241,15 @@ func Apply(dir, root string, firewall bool) error {
 			log.Println("Applying custom firewall")
 			cmd := &exec.Cmd{
 				Path:   "/user/nft",
-				Args:   []string{"/user/nft", "-f/etc/firewall.nft"},
+				Args:   []string{"/user/nft", "-ef", "/etc/firewall.nft"},
-				Env:    os.Environ(),
+				Env:    cleanEnviron(os.Environ()),
 				Stdout: os.Stdout,
 				Stderr: os.Stderr,
 			}
 			if err := cmd.Run(); err != nil {
 				appendError(fmt.Errorf("firewall: nft: %v", err))
+			} else {
+				log.Println("Custom firewall successfully applied:", cmd.ProcessState.ExitCode())
 			}
 		} else {
 			log.Println("Firewall Disabled")
@@ -1263,3 +1265,12 @@ func Apply(dir, root string, firewall bool) error {
 	}
 	return nil
 }
+
+func cleanEnviron(environ []string) []string {
+	for i, env := range environ {
+		if strings.Contains(env, "GOKRAZY") {
+			environ[i] = ""
+		}
+	}
+	return environ
+}