Merge release-20210628.0-22-gfcf0ff2fc (automated)

2 files changed, 4 insertions, 0 deletions

diff --git a/pkg/sentry/socket/netfilter/ipv4.go b/pkg/sentry/socket/netfilter/ipv4.go
index d8bd86292..af31cbc5b 100644
--- a/pkg/sentry/socket/netfilter/ipv4.go
+++ b/pkg/sentry/socket/netfilter/ipv4.go
@@ -81,6 +81,8 @@ func getEntries4(table stack.Table, tablename linux.TableName) (linux.KernelIPTG
 		copy(entry.Entry.IP.SrcMask[:], rule.Filter.SrcMask)
 		copy(entry.Entry.IP.OutputInterface[:], rule.Filter.OutputInterface)
 		copy(entry.Entry.IP.OutputInterfaceMask[:], rule.Filter.OutputInterfaceMask)
+		copy(entry.Entry.IP.InputInterface[:], rule.Filter.InputInterface)
+		copy(entry.Entry.IP.InputInterfaceMask[:], rule.Filter.InputInterfaceMask)
 		if rule.Filter.DstInvert {
 			entry.Entry.IP.InverseFlags |= linux.IPT_INV_DSTIP
 		}
diff --git a/pkg/sentry/socket/netfilter/ipv6.go b/pkg/sentry/socket/netfilter/ipv6.go
index c68230847..6cefe0b9c 100644
--- a/pkg/sentry/socket/netfilter/ipv6.go
+++ b/pkg/sentry/socket/netfilter/ipv6.go
@@ -81,6 +81,8 @@ func getEntries6(table stack.Table, tablename linux.TableName) (linux.KernelIP6T
 		copy(entry.Entry.IPv6.SrcMask[:], rule.Filter.SrcMask)
 		copy(entry.Entry.IPv6.OutputInterface[:], rule.Filter.OutputInterface)
 		copy(entry.Entry.IPv6.OutputInterfaceMask[:], rule.Filter.OutputInterfaceMask)
+		copy(entry.Entry.IPv6.InputInterface[:], rule.Filter.InputInterface)
+		copy(entry.Entry.IPv6.InputInterfaceMask[:], rule.Filter.InputInterfaceMask)
 		if rule.Filter.DstInvert {
 			entry.Entry.IPv6.InverseFlags |= linux.IP6T_INV_DSTIP
 		}