diff options
author | Kevin Krakauer <krakauer@google.com> | 2019-12-12 15:48:24 -0800 |
---|---|---|
committer | Kevin Krakauer <krakauer@google.com> | 2020-01-08 10:08:14 -0800 |
commit | 8cc1c35bbdc5c9bd6b3965311497885ce72317a8 (patch) | |
tree | c21ff66a637297055ff881f3c3797d6383c75803 /pkg/sentry/socket/socket.go | |
parent | 0cc1e74b57e539e66c1a421c047a08635c0008e8 (diff) |
Write simple ACCEPT rules to the filter table.
This gets us closer to passing the iptables tests and opens up iptables
so it can be worked on by multiple people.
A few restrictions are enforced for security (i.e. we don't want to let
users write a bunch of iptables rules and then just not enforce them):
- Only the filter table is writable.
- Only ACCEPT rules with no matching criteria can be added.
Diffstat (limited to 'pkg/sentry/socket/socket.go')
0 files changed, 0 insertions, 0 deletions