diff options
-rw-r--r-- | pkg/tcpip/iptables/iptables.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/tcpip/iptables/iptables.go b/pkg/tcpip/iptables/iptables.go index 921546984..5c813d8a0 100644 --- a/pkg/tcpip/iptables/iptables.go +++ b/pkg/tcpip/iptables/iptables.go @@ -187,7 +187,7 @@ func (it *IPTables) checkRule(hook Hook, pkt tcpip.PacketBuffer, table Table, ru // First check whether the packet matches the IP header filter. // TODO(gvisor.dev/issue/170): Support other fields of the filter. - if rule.Filter.Protocol != header.IPv4(pkt.NetworkHeader).TransportProtocol() { + if rule.Filter.Protocol != 0 && rule.Filter.Protocol != header.IPv4(pkt.NetworkHeader).TransportProtocol() { return Continue } |