diff options
| author | gVisor bot <gvisor-bot@google.com> | 2020-05-08 15:39:04 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2020-05-08 15:44:54 -0700 |
| commit | cfd30665c1d857f20dd05e67c6da6833770e2141 (patch) | |
| tree | 223515237833691eeeaf1fc1ef19218a98b26831 /pkg/tcpip/stack/nic.go | |
| parent | e4d2d21f6b1b93146378ed5edc0c55d2ae4fb3af (diff) | |
iptables - filter packets using outgoing interface.
Enables commands with -o (--out-interface) for iptables rules.
$ iptables -A OUTPUT -o eth0 -j ACCEPT
PiperOrigin-RevId: 310642286
Diffstat (limited to 'pkg/tcpip/stack/nic.go')
| -rw-r--r-- | pkg/tcpip/stack/nic.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/tcpip/stack/nic.go b/pkg/tcpip/stack/nic.go index 8f4c1fe42..54103fdb3 100644 --- a/pkg/tcpip/stack/nic.go +++ b/pkg/tcpip/stack/nic.go @@ -1233,7 +1233,7 @@ func (n *NIC) DeliverNetworkPacket(linkEP LinkEndpoint, remote, local tcpip.Link // iptables filtering. ipt := n.stack.IPTables() address := n.primaryAddress(protocol) - if ok := ipt.Check(Prerouting, &pkt, nil, nil, address.Address); !ok { + if ok := ipt.Check(Prerouting, &pkt, nil, nil, address.Address, ""); !ok { // iptables is telling us to drop the packet. return } |