[client] Apply return traffic rules only if firewall is stateless

[lixmal]

Describe your changes

The return traffic rules are mostly obsolete since stateful firewalls are enabled by default everywhere.
Those rules are now only applied if the stateful firewall was disabled.

Issue ticket number and link

Stack

Checklist

• Is it a bug fix
• Is a typo/documentation fix
• Is a feature enhancement
• It is a refactor
• Created tests that fail without the change (if possible)
• Extended the README / documentation, if necessary

By submitting this pull request, you confirm that you have read and agree to the terms of the Contributor License Agreement.

[Copilot]

Pull Request Overview

This PR refines firewall rule application logic by ensuring that return traffic rules are only applied for stateless firewalls. Key changes include removing an outdated comment in the route file, introducing a conditional check for stateful firewalls in the ACL manager, and adding IsStateful() implementations in various firewall manager modules.

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
client/internal/routemanager/static/route.go	Removed redundant comment on route methods
client/internal/acl/manager.go	Added a conditional to skip outbound rule addition if firewall is stateful
client/firewall/uspfilter/uspfilter.go	Removed conditional to always track outbound netflow data
client/firewall/nftables/manager_linux.go	Added IsStateful() returning true
client/firewall/manager/firewall.go	Updated Manager interface with IsStateful()
client/firewall/iptables/manager_linux.go	Added IsStateful() returning true

Comments suppressed due to low confidence (4)

client/firewall/uspfilter/uspfilter.go:613

• Update the inline comment to reflect that outbound tracking is always performed now, independent of the firewall state.

m.trackOutbound(d, srcIP, dstIP, size)

client/firewall/nftables/manager_linux.go:173

• Review whether returning true unconditionally for IsStateful aligns with the intended firewall behavior in all deployments.

func (m *Manager) IsStateful() bool {

client/firewall/iptables/manager_linux.go:150

• Confirm that a constant true return in the iptables manager is sufficient to represent its stateful behavior, or if future logic might be needed.

func (m *Manager) IsStateful() bool {

client/firewall/manager/firewall.go:119

• Ensure that all implementations of the Manager interface correctly support the new IsStateful method.

IsStateful() bool

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud