From 79b81bbb0d4491a2b9f2bd8193a41026d1cc055c Mon Sep 17 00:00:00 2001
From: Gao feng <omarapazanadi@gmail.com>
Date: Thu, 21 Sep 2017 12:57:25 +0800
Subject: [PATCH] setup iptables rules passed by runv

the iptables rules stores in sharedir, the name format
is containerid-iptables.

Signed-off-by: Gao feng <omarapazanadi@gmail.com>
---
 src/portmapping.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/portmapping.c b/src/portmapping.c
index e5b688fd..c9f9a6f6 100644
--- a/src/portmapping.c
+++ b/src/portmapping.c
@@ -166,14 +166,21 @@ int hyper_setup_portmapping(struct hyper_pod *pod)
 
 int hyper_setup_container_portmapping(struct hyper_container *c, struct hyper_pod *pod)
 {
+	// only allow network request from internal white list
+	int i = 0, j = 0;
+	char rule[128] = {0};
+	char iptables_restore[512];
+
+	// restore iptables rules
+	if (sprintf(iptables_restore, "iptables-restore /tmp/hyper/shared/%s-iptables", c->id) > 0) {
+		hyper_cmd(iptables_restore);
+	}
+
 	if (pod->portmap_white_lists == NULL || (pod->portmap_white_lists->i_num == 0 &&
 			pod->portmap_white_lists->e_num == 0)) {
 		return 0;
 	}
 
-	// only allow network request from internal white list
-	int i = 0, j = 0;
-	char rule[128] = {0};
 	for (j=0; j<pod->portmap_white_lists->i_num; j++) {
 		sprintf(rule, "-s %s -j ACCEPT",
 			pod->portmap_white_lists->internal_networks[j]);