| commit | 9b791aebc891c35970b944b723f30fdb163ecee2 | [log] [tgz] |
|---|---|---|
| author | David Song <wintermelons@google.com> | Fri Sep 13 19:23:17 2024 +0000 |
| committer | CQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com> | Fri Sep 13 19:23:17 2024 +0000 |
| tree | b8b57cdd1b2bd51359a3c284d408dcb07536023a | |
| parent | b90c3482afde39efef03aa00c51300997cb3f73d [diff] |
[starnix][iptables] Support TCP and UDP match extensions Iptables specifies the rule protocol in `ipt_ip`, but specifies port ranges in match extensions. Add support for TCP and UDP match extensions, which are only valid if the rule also specifies the corresponding protocol. Tested: - From Starnix console, add a rule that specifies a protocol and port: $ iptables -t nat -A INPUT -p tcp --sport 1000:2000 --dport 8000:9000 -j ACCEPT - From Ffx, check that the new rule is installed on Netstack: $ ffx net filter list - From Starnix console, add a rule with inversed port: $ iptables -t nat -A INPUT -p udp ! --sport 3000:4000 -j ACCEPT Bug: 307908515 Change-Id: I44ae5909e229295d94d4d67aa6a054e7f9ef5cbb Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1109833 Commit-Queue: David Song <wintermelons@google.com> Reviewed-by: Peter Johnston <peterjohnston@google.com>
Fuchsia is an open source, general purpose operating system supporting modern 64-bit Intel and ARM processors.
We expect everyone interacting with our project to respect our code of conduct.
Read more about Fuchsia's principles.
See Getting Started.
See fuchsia.dev.