summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/iptables
AgeCommit message (Collapse)Author
2020-01-27Merge release-20200115.0-107-g90ec596 (automated)gVisor bot
2020-01-27Fix licenses.Adin Scannell
The preferred Copyright holder is "The gVisor Authors". PiperOrigin-RevId: 291786657
2020-01-27Standardize on tools directory.Adin Scannell
PiperOrigin-RevId: 291745021
2020-01-23Merge release-20200115.0-93-g3d10edc (automated)gVisor bot
2020-01-22Address GitHub comments.Kevin Krakauer
2020-01-21Fixing stuffKevin Krakauer
2020-01-21Merge branch 'master' into iptables-write-filter-protoKevin Krakauer
2020-01-21Merge release-20200115.0-48-g5f82f09 (automated)gVisor bot
2020-01-14Address Nic's comments.Kevin Krakauer
2020-01-13Protocol filtering works.Kevin Krakauer
2020-01-13Merge branch 'iptables-write-input-drop' into iptables-write-filter-protoKevin Krakauer
2020-01-13Merge branch 'master' into iptables-write-input-dropKevin Krakauer
2020-01-13Merge release-20191213.0-111-gb30cfb1 (automated)gVisor bot
2020-01-13Merge pull request #1528 from kevinGC:iptables-writegVisor bot
PiperOrigin-RevId: 289479774
2020-01-10I think INPUT works with protocolKevin Krakauer
2020-01-10Cleaned up logs.Kevin Krakauer
2020-01-09Confirmed that it works if I hardcode 17 in for pkt.Protocol. Need to ↵Kevin Krakauer
address parsing the packet early :(
2020-01-09Added a test that we don't pass yetKevin Krakauer
2020-01-08Working on filtering by protocol.Kevin Krakauer
2020-01-08Merge branch 'iptables-write' into iptables-write-input-dropKevin Krakauer
2020-01-08More GH comments.Kevin Krakauer
2020-01-08Getting a panic when running tests. For some reason the filter table isKevin Krakauer
ending up with the wrong chains and is indexing -1 into rules.
2020-01-08Built dead-simple traversal, but now getting depedency cycle error :'(Kevin Krakauer
2020-01-08Comment cleanup.Kevin Krakauer
2020-01-08Minor fixes to comments and loggingKevin Krakauer
2020-01-08Write simple ACCEPT rules to the filter table.Kevin Krakauer
This gets us closer to passing the iptables tests and opens up iptables so it can be worked on by multiple people. A few restrictions are enforced for security (i.e. we don't want to let users write a bunch of iptables rules and then just not enforce them): - Only the filter table is writable. - Only ACCEPT rules with no matching criteria can be added.
2019-10-14Reorder BUILD license and load functions in netstack.Kevin Krakauer
PiperOrigin-RevId: 274672346
2019-08-02Merge 960a5e55 (automated)gVisor bot
2019-08-02Plumbing for iptables sockopts.Kevin Krakauer
PiperOrigin-RevId: 261413396
2019-07-02Merge pull request #279 from kevinGC:iptables-1-pkggVisor bot
PiperOrigin-RevId: 256231055
2019-06-10Address more comments.Kevin Krakauer
Change-Id: I83ae1079f3dcba6b018f59ab7898decab5c211d2
2019-06-07Address Ian's comments.Kevin Krakauer
Change-Id: I7445033b1970cbba3f2ed0682fe520dce02d8fad
2019-05-31Add basic iptables structures to netstack.Kevin Krakauer
Change-Id: Ib589906175a59dae315405a28f2d7f525ff8877f