From 2b457d9ee9ba50da4a9208d957053fac2c77932d Mon Sep 17 00:00:00 2001
From: Ghanan Gowripalan <ghanan@google.com>
Date: Thu, 13 May 2021 18:52:06 -0700
Subject: Check filter table when forwarding IP packets

This change updates the forwarding path to perform the forwarding hook
with iptables so that the filter table is consulted before a packet is
forwarded

Updates #170.

Test: iptables_test.TestForwardingHook
PiperOrigin-RevId: 373702359
---
 pkg/tcpip/stack/iptables.go | 1 +
 1 file changed, 1 insertion(+)

(limited to 'pkg/tcpip/stack/iptables.go')

diff --git a/pkg/tcpip/stack/iptables.go b/pkg/tcpip/stack/iptables.go
index e2894c548..3670d5995 100644
--- a/pkg/tcpip/stack/iptables.go
+++ b/pkg/tcpip/stack/iptables.go
@@ -177,6 +177,7 @@ func DefaultTables() *IPTables {
 		priorities: [NumHooks][]TableID{
 			Prerouting:  {MangleID, NATID},
 			Input:       {NATID, FilterID},
+			Forward:     {FilterID},
 			Output:      {MangleID, NATID, FilterID},
 			Postrouting: {MangleID, NATID},
 		},
-- 
cgit v1.2.3