github.com/google/netstack@v0.0.0-20191123085552-55fcc16cd0eb/tcpip/iptables/iptables.go (about) 1 // Copyright 2019 The gVisor authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package iptables supports packet filtering and manipulation via the iptables 16 // tool. 17 package iptables 18 19 const ( 20 tablenameNat = "nat" 21 tablenameMangle = "mangle" 22 ) 23 24 // Chain names as defined by net/ipv4/netfilter/ip_tables.c. 25 const ( 26 chainNamePrerouting = "PREROUTING" 27 chainNameInput = "INPUT" 28 chainNameForward = "FORWARD" 29 chainNameOutput = "OUTPUT" 30 chainNamePostrouting = "POSTROUTING" 31 ) 32 33 // DefaultTables returns a default set of tables. Each chain is set to accept 34 // all packets. 35 func DefaultTables() IPTables { 36 return IPTables{ 37 Tables: map[string]Table{ 38 tablenameNat: Table{ 39 BuiltinChains: map[Hook]Chain{ 40 Prerouting: unconditionalAcceptChain(chainNamePrerouting), 41 Input: unconditionalAcceptChain(chainNameInput), 42 Output: unconditionalAcceptChain(chainNameOutput), 43 Postrouting: unconditionalAcceptChain(chainNamePostrouting), 44 }, 45 DefaultTargets: map[Hook]Target{ 46 Prerouting: UnconditionalAcceptTarget{}, 47 Input: UnconditionalAcceptTarget{}, 48 Output: UnconditionalAcceptTarget{}, 49 Postrouting: UnconditionalAcceptTarget{}, 50 }, 51 UserChains: map[string]Chain{}, 52 }, 53 tablenameMangle: Table{ 54 BuiltinChains: map[Hook]Chain{ 55 Prerouting: unconditionalAcceptChain(chainNamePrerouting), 56 Output: unconditionalAcceptChain(chainNameOutput), 57 }, 58 DefaultTargets: map[Hook]Target{ 59 Prerouting: UnconditionalAcceptTarget{}, 60 Output: UnconditionalAcceptTarget{}, 61 }, 62 UserChains: map[string]Chain{}, 63 }, 64 }, 65 Priorities: map[Hook][]string{ 66 Prerouting: []string{tablenameMangle, tablenameNat}, 67 Output: []string{tablenameMangle, tablenameNat}, 68 }, 69 } 70 } 71 72 func unconditionalAcceptChain(name string) Chain { 73 return Chain{ 74 Name: name, 75 Rules: []Rule{ 76 Rule{ 77 Target: UnconditionalAcceptTarget{}, 78 }, 79 }, 80 } 81 }