source-git / nftables

Clone
Source Code
GIT

Blame tests/shell/testcases/nft-f/0006action_object_0

c8 c8s master
  1.   6f013848af0b0c0a1ca704e0ed914e93fb1e8fd9
  2.   tests
  3.   shell
  4.   testcases
  5.   nft-f
  6.   0006action_object_0
Blob History Raw
Packit c5a612 
#!/bin/bash
Packit c5a612
Packit c5a612 
# test loading a ruleset with the 'action object' pattern
Packit c5a612
Packit c5a612 
set -e
Packit c5a612
Packit c5a612 
FAMILIES="ip ip6 inet arp bridge"
Packit c5a612
Packit c5a612 
generate1()
Packit c5a612 
{
Packit c5a612 
	local family=$1
Packit c5a612 
	echo "
Packit c5a612 
	add table $family t
Packit c5a612 
	add chain $family t c
Packit c5a612 
	add rule $family t c accept
Packit c5a612 
	add set $family t s {type inet_service;}
Packit c5a612 
	add element $family t s {8080}
Packit c5a612 
	insert rule $family t c meta l4proto tcp tcp dport @s accept
Packit c5a612 
	add rule $family t c meta l4proto tcp tcp dport {9090, 8080}
Packit c5a612 
	add map $family t m {type inet_service:verdict;}
Packit c5a612 
	add element $family t m {10080:drop}
Packit c5a612 
	insert rule $family t c meta l4proto tcp tcp dport vmap @m
Packit c5a612 
	add rule $family t c meta l4proto udp udp sport vmap {1111:accept, 2222:drop}
Packit c5a612 
	"
Packit c5a612 
}
Packit c5a612
Packit c5a612 
generate2()
Packit c5a612 
{
Packit c5a612 
	local family=$1
Packit c5a612 
	echo "
Packit c5a612 
	flush chain $family t c
Packit c5a612 
	delete element $family t m {10080:drop}
Packit c5a612 
	delete element $family t s {8080}
Packit c5a612 
	delete chain $family t c
Packit c5a612 
	delete table $family t
Packit c5a612 
	"
Packit c5a612 
}
Packit c5a612
Packit c5a612 
RULESET=$(for family in $FAMILIES ; do
Packit c5a612 
	generate1 $family
Packit c5a612 
done)
Packit c5a612
Packit c5a612 
$NFT -f - <<< "$RULESET"
Packit c5a612 
if [ $? -ne 0 ] ; then
Packit c5a612 
	echo "E: unable to load ruleset 1" >&2
Packit c5a612 
	exit 1
Packit c5a612 
fi
Packit c5a612
Packit c5a612 
RULESET=$(for family in $FAMILIES ; do
Packit c5a612 
	generate2 $family
Packit c5a612 
done)
Packit c5a612
Packit c5a612 
$NFT -f - <<< "$RULESET"
Packit c5a612 
if [ $? -ne 0 ] ; then
Packit c5a612 
	echo "E: unable to load ruleset 2" >&2
Packit c5a612 
	exit 1
Packit c5a612 
fi
Packit c5a612
Packit c5a612 
exit 0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation