Write simple ACCEPT rules to the filter table.

This gets us closer to passing the iptables tests and opens up iptables so it can be worked on by multiple people. A few restrictions are enforced for security (i.e. we don't want to let users write a bunch of iptables rules and then just not enforce them): - Only the filter table is writable. - Only ACCEPT rules with no matching criteria can be added.
author: Kevin Krakauer <krakauer@google.com> 2019-12-12 15:48:24 -0800
committer: Kevin Krakauer <krakauer@google.com> 2020-01-08 10:08:14 -0800
commit: 8cc1c35bbdc5c9bd6b3965311497885ce72317a8 (patch)
tree: c21ff66a637297055ff881f3c3797d6383c75803 /pkg/tcpip/iptables/targets.go
parent: 0cc1e74b57e539e66c1a421c047a08635c0008e8 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/tcpip/iptables/targets.go b/pkg/tcpip/iptables/targets.go
index 19a7f77e3..03c9f19ff 100644
--- a/pkg/tcpip/iptables/targets.go
+++ b/pkg/tcpip/iptables/targets.go
@@ -33,3 +33,11 @@ type UnconditionalDropTarget struct{}
 func (UnconditionalDropTarget) Action(packet buffer.VectorisedView) (Verdict, string) {
 	return Drop, ""
 }
+
+// PanicTarget just panics.
+type PanicTarget struct{}
+
+// Actions implements Target.Action.
+func (PanicTarget) Action(packet buffer.VectorisedView) (Verdict, string) {
+	panic("PanicTarget triggered.")
+}
author	Kevin Krakauer <krakauer@google.com>	2019-12-12 15:48:24 -0800
committer	Kevin Krakauer <krakauer@google.com>	2020-01-08 10:08:14 -0800
commit	8cc1c35bbdc5c9bd6b3965311497885ce72317a8 (patch)
tree	c21ff66a637297055ff881f3c3797d6383c75803 /pkg/tcpip/iptables/targets.go
parent	0cc1e74b57e539e66c1a421c047a08635c0008e8 (diff)