Merge release-20201019.0-101-g02fe467b4 (automated)

author: gVisor bot <gvisor-bot@google.com> 2020-10-29 19:34:29 +0000
committer: gVisor bot <gvisor-bot@google.com> 2020-10-29 19:34:29 +0000
commit: 322b3f8d1e275eae3154d28f56b1c0644d9fcabc (patch)
tree: f8d2a3d7bb7ebf7116e65f54a93c26919f212cd8 /pkg/tcpip/stack/stack.go
parent: 966abed75cd61507d6e739f8ef6787e94c30f96a (diff)
parent: 02fe467b476474477d226b949307ec8bf1253108 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/pkg/tcpip/stack/stack.go b/pkg/tcpip/stack/stack.go
index e8f1c110e..25ea6b459 100644
--- a/pkg/tcpip/stack/stack.go
+++ b/pkg/tcpip/stack/stack.go
@@ -518,6 +518,10 @@ type Options struct {
 	//
 	// RandSource must be thread-safe.
 	RandSource mathrand.Source
+
+	// IPTables are the initial iptables rules. If nil, iptables will allow
+	// all traffic.
+	IPTables *IPTables
 }
 
 // TransportEndpointInfo holds useful information about a transport endpoint
@@ -620,6 +624,10 @@ func New(opts Options) *Stack {
 		randSrc = &lockedRandomSource{src: mathrand.NewSource(generateRandInt64())}
 	}
 
+	if opts.IPTables == nil {
+		opts.IPTables = DefaultTables()
+	}
+
 	opts.NUDConfigs.resetInvalidFields()
 
 	s := &Stack{
@@ -633,7 +641,7 @@ func New(opts Options) *Stack {
 		clock:              clock,
 		stats:              opts.Stats.FillIn(),
 		handleLocal:        opts.HandleLocal,
-		tables:             DefaultTables(),
+		tables:             opts.IPTables,
 		icmpRateLimiter:    NewICMPRateLimiter(),
 		seed:               generateRandUint32(),
 		nudConfigs:         opts.NUDConfigs,
author	gVisor bot <gvisor-bot@google.com>	2020-10-29 19:34:29 +0000
committer	gVisor bot <gvisor-bot@google.com>	2020-10-29 19:34:29 +0000
commit	322b3f8d1e275eae3154d28f56b1c0644d9fcabc (patch)
tree	f8d2a3d7bb7ebf7116e65f54a93c26919f212cd8 /pkg/tcpip/stack/stack.go
parent	966abed75cd61507d6e739f8ef6787e94c30f96a (diff)
parent	02fe467b476474477d226b949307ec8bf1253108 (diff)