summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2020-01-08 12:43:46 -0800
committerKevin Krakauer <krakauer@google.com>2020-01-08 12:43:46 -0800
commit7cebd77806d164a3baec52eaeb05662e8c404967 (patch)
treeb6b0bc786c1521b4c7c4652d7a2fac4a97485459 /pkg/sentry
parent366e050ad516d6085bcae1215e8e122c6077e9ff (diff)
First commit -- re-adding DROP
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/socket/netfilter/netfilter.go5
1 files changed, 1 insertions, 4 deletions
diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go
index 347342f98..e4c493141 100644
--- a/pkg/sentry/socket/netfilter/netfilter.go
+++ b/pkg/sentry/socket/netfilter/netfilter.go
@@ -410,10 +410,7 @@ func parseTarget(optVal []byte) (iptables.Target, uint32, *syserr.Error) {
case iptables.Accept:
return iptables.UnconditionalAcceptTarget{}, linux.SizeOfXTStandardTarget, nil
case iptables.Drop:
- // TODO(gvisor.dev/issue/170): Return an
- // iptables.UnconditionalDropTarget to support DROP.
- log.Infof("netfilter DROP is not supported yet.")
- return nil, 0, syserr.ErrInvalidArgument
+ return iptables.UnconditionalDropTarget{}, linux.SizeOfXTStandardTarget, nil
default:
panic(fmt.Sprintf("Unknown verdict: %v", verdict))
}