From 70f8733426f8b5272c94c308ed6ae1673fe22e0c Mon Sep 17 00:00:00 2001
From: afranco <afonso@francof.net>
Date: Sat, 16 Aug 2025 12:15:56 +0100
Subject: [PATCH] fix: allow all traffic if acls field is omited from the
 policy

---
 hscontrol/policy/v2/filter.go      | 2 +-
 hscontrol/policy/v2/policy_test.go | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hscontrol/policy/v2/filter.go b/hscontrol/policy/v2/filter.go
index c546eb20..ecd8f83e 100644
--- a/hscontrol/policy/v2/filter.go
+++ b/hscontrol/policy/v2/filter.go
@@ -21,7 +21,7 @@ func (pol *Policy) compileFilterRules(
 	users types.Users,
 	nodes views.Slice[types.NodeView],
 ) ([]tailcfg.FilterRule, error) {
-	if pol == nil {
+	if pol == nil || pol.ACLs == nil {
 		return tailcfg.FilterAllowAll, nil
 	}
 
diff --git a/hscontrol/policy/v2/policy_test.go b/hscontrol/policy/v2/policy_test.go
index a91831ad..0140653e 100644
--- a/hscontrol/policy/v2/policy_test.go
+++ b/hscontrol/policy/v2/policy_test.go
@@ -40,8 +40,8 @@ func TestPolicyManager(t *testing.T) {
 			name:         "empty-policy",
 			pol:          "{}",
 			nodes:        types.Nodes{},
-			wantFilter:   nil,
-			wantMatchers: []matcher.Match{},
+			wantFilter:   tailcfg.FilterAllowAll,
+			wantMatchers: matcher.MatchesFromFilterRules(tailcfg.FilterAllowAll),
 		},
 	}