diff options
author | Kevin Krakauer <krakauer@google.com> | 2020-01-13 16:10:00 -0800 |
---|---|---|
committer | Kevin Krakauer <krakauer@google.com> | 2020-01-13 16:10:00 -0800 |
commit | bd292894097ffdf316bc78d81aebd0a2988124f3 (patch) | |
tree | 78428f8b15d5f64df3904470f4f128eb3435a19b /pkg | |
parent | d51eaa59c020cca9b7bc27cec0338ead089f3ed6 (diff) |
Protocol filtering works.
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/tcpip/iptables/iptables.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/tcpip/iptables/iptables.go b/pkg/tcpip/iptables/iptables.go index 921546984..5c813d8a0 100644 --- a/pkg/tcpip/iptables/iptables.go +++ b/pkg/tcpip/iptables/iptables.go @@ -187,7 +187,7 @@ func (it *IPTables) checkRule(hook Hook, pkt tcpip.PacketBuffer, table Table, ru // First check whether the packet matches the IP header filter. // TODO(gvisor.dev/issue/170): Support other fields of the filter. - if rule.Filter.Protocol != header.IPv4(pkt.NetworkHeader).TransportProtocol() { + if rule.Filter.Protocol != 0 && rule.Filter.Protocol != header.IPv4(pkt.NetworkHeader).TransportProtocol() { return Continue } |