From d793677cd424fef10ac0b080871d181db0bcdec0 Mon Sep 17 00:00:00 2001 From: Kevin Krakauer Date: Fri, 10 Jan 2020 18:07:15 -0800 Subject: I think INPUT works with protocol --- pkg/tcpip/network/ipv4/ipv4.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'pkg/tcpip/network') diff --git a/pkg/tcpip/network/ipv4/ipv4.go b/pkg/tcpip/network/ipv4/ipv4.go index f856081e6..5388d2549 100644 --- a/pkg/tcpip/network/ipv4/ipv4.go +++ b/pkg/tcpip/network/ipv4/ipv4.go @@ -353,7 +353,8 @@ func (e *endpoint) HandlePacket(r *stack.Route, pkt tcpip.PacketBuffer) { } pkt.NetworkHeader = headerView[:h.HeaderLength()] - // iptables filtering. + // iptables filtering. All packets that reach here are intended for + // this machine and will not be forwarded. ipt := e.stack.IPTables() if ok := ipt.Check(iptables.Input, pkt); !ok { // iptables is telling us to drop the packet. -- cgit v1.2.3