Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-03-16 | Merge pull request #1943 from kevinGC:ipt-filter-ip | gVisor bot | |
PiperOrigin-RevId: 301197007 | |||
2020-02-26 | Fix merge conflicts. | Nayana Bidari | |
2020-02-26 | iptables: filter by IP address (and range) | Kevin Krakauer | |
Enables commands such as: $ iptables -A INPUT -d 127.0.0.1 -j ACCEPT $ iptables -t nat -A PREROUTING ! -d 127.0.0.1 -j REDIRECT Also adds a bunch of REDIRECT+destination tests. | |||
2020-02-25 | Merge branch 'master' into iptables | nybidari | |
2020-02-25 | Add nat table support for iptables. | Nayana Bidari | |
- commit the changes for the comments. | |||
2020-02-18 | Add nat table support for iptables. | Nayana Bidari | |
Add nat table support for Prerouting hook with Redirect option. Add tests to check redirect of ports. | |||
2020-02-13 | We can now create and jump in iptables. For example: | Kevin Krakauer | |
$ iptables -N foochain $ iptables -A INPUT -j foochain | |||
2020-02-12 | iptables: User chains | Kevin Krakauer | |
- Adds creation of user chains via `-N <chainname>` - Adds `-j RETURN` support for built-in chains, which triggers the chain's underflow rule (usually the default policy). - Adds tests for chain creation, default policies, and `-j RETURN' from built-in chains. | |||
2020-02-04 | Merge pull request #1683 from kevinGC:ipt-udp-matchers | gVisor bot | |
PiperOrigin-RevId: 293243342 | |||
2020-01-27 | Fix licenses. | Adin Scannell | |
The preferred Copyright holder is "The gVisor Authors". PiperOrigin-RevId: 291786657 | |||
2020-01-21 | Add UDP matchers. | Kevin Krakauer | |
2020-01-21 | Merge branch 'master' into iptables-write-filter-proto | Kevin Krakauer | |
2020-01-14 | Address Nic's comments. | Kevin Krakauer | |
2020-01-13 | Protocol filtering works. | Kevin Krakauer | |
2020-01-13 | Merge branch 'iptables-write-input-drop' into iptables-write-filter-proto | Kevin Krakauer | |
2020-01-13 | Merge branch 'master' into iptables-write-input-drop | Kevin Krakauer | |
2020-01-13 | Merge pull request #1528 from kevinGC:iptables-write | gVisor bot | |
PiperOrigin-RevId: 289479774 | |||
2020-01-10 | I think INPUT works with protocol | Kevin Krakauer | |
2020-01-10 | Cleaned up logs. | Kevin Krakauer | |
2020-01-09 | Confirmed that it works if I hardcode 17 in for pkt.Protocol. Need to ↵ | Kevin Krakauer | |
address parsing the packet early :( | |||
2020-01-09 | Added a test that we don't pass yet | Kevin Krakauer | |
2020-01-08 | Merge branch 'iptables-write' into iptables-write-input-drop | Kevin Krakauer | |
2020-01-08 | More GH comments. | Kevin Krakauer | |
2020-01-08 | Getting a panic when running tests. For some reason the filter table is | Kevin Krakauer | |
ending up with the wrong chains and is indexing -1 into rules. | |||
2020-01-08 | Built dead-simple traversal, but now getting depedency cycle error :'( | Kevin Krakauer | |
2020-01-08 | Write simple ACCEPT rules to the filter table. | Kevin Krakauer | |
This gets us closer to passing the iptables tests and opens up iptables so it can be worked on by multiple people. A few restrictions are enforced for security (i.e. we don't want to let users write a bunch of iptables rules and then just not enforce them): - Only the filter table is writable. - Only ACCEPT rules with no matching criteria can be added. | |||
2019-08-02 | Plumbing for iptables sockopts. | Kevin Krakauer | |
PiperOrigin-RevId: 261413396 | |||
2019-06-10 | Address more comments. | Kevin Krakauer | |
Change-Id: I83ae1079f3dcba6b018f59ab7898decab5c211d2 | |||
2019-06-07 | Address Ian's comments. | Kevin Krakauer | |
Change-Id: I7445033b1970cbba3f2ed0682fe520dce02d8fad | |||
2019-05-31 | Add basic iptables structures to netstack. | Kevin Krakauer | |
Change-Id: Ib589906175a59dae315405a28f2d7f525ff8877f |