I think INPUT works with protocol

author: Kevin Krakauer <krakauer@google.com> 2020-01-10 18:07:15 -0800
committer: Kevin Krakauer <krakauer@google.com> 2020-01-10 18:07:15 -0800
commit: d793677cd424fef10ac0b080871d181db0bcdec0 (patch)
tree: 697f86dac1fc3ac7015582a9588684a74bb95d1d /pkg/tcpip/network
parent: ff719159befaee7d2abcfeb88905a7486cd34845 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/pkg/tcpip/network/ipv4/ipv4.go b/pkg/tcpip/network/ipv4/ipv4.go
index f856081e6..5388d2549 100644
--- a/pkg/tcpip/network/ipv4/ipv4.go
+++ b/pkg/tcpip/network/ipv4/ipv4.go
@@ -353,7 +353,8 @@ func (e *endpoint) HandlePacket(r *stack.Route, pkt tcpip.PacketBuffer) {
 	}
 	pkt.NetworkHeader = headerView[:h.HeaderLength()]
 
-	// iptables filtering.
+	// iptables filtering. All packets that reach here are intended for
+	// this machine and will not be forwarded.
 	ipt := e.stack.IPTables()
 	if ok := ipt.Check(iptables.Input, pkt); !ok {
 		// iptables is telling us to drop the packet.
author	Kevin Krakauer <krakauer@google.com>	2020-01-10 18:07:15 -0800
committer	Kevin Krakauer <krakauer@google.com>	2020-01-10 18:07:15 -0800
commit	d793677cd424fef10ac0b080871d181db0bcdec0 (patch)
tree	697f86dac1fc3ac7015582a9588684a74bb95d1d /pkg/tcpip/network
parent	ff719159befaee7d2abcfeb88905a7486cd34845 (diff)