source-git / nftables

Clone
Source Code
GIT

Blame tests/shell/testcases/rule_management/0001addinsertposition_0

c8 c8s master
  1.   a5243a5a9b3c703ebbe40a5cc1fdd49335463bb6
  2.   tests
  3.   shell
  4.   testcases
  5.   rule_management
  6.   0001addinsertposition_0
Blob History Raw
Packit c5a612 
#!/bin/bash
Packit c5a612
Packit c5a612 
# tests for Netfilter bug #965 and the related fix
Packit c5a612 
# (regarding rule management with a given position/handle spec)
Packit c5a612
Packit c5a612 
set -e
Packit c5a612
Packit c5a612 
RULESET="flush ruleset
Packit c5a612 
table ip t {
Packit c5a612 
	chain c {
Packit c5a612 
		accept
Packit c5a612 
		accept
Packit c5a612 
	}
Packit c5a612 
}"
Packit c5a612
Packit c5a612 
EXPECTED="table ip t {
Packit c5a612 
	chain c {
Packit c5a612 
		accept
Packit c5a612 
		drop
Packit c5a612 
		accept
Packit c5a612 
	}
Packit c5a612 
}"
Packit c5a612
Packit c5a612 
for arg in "position 2" "handle 2" "index 0"; do
Packit c5a612 
	$NFT -f - <<< "$RULESET"
Packit c5a612 
	$NFT add rule t c $arg drop || {
Packit c5a612 
		$NFT list ruleset
Packit c5a612 
		exit 1
Packit c5a612 
	}
Packit c5a612
Packit c5a612 
	GET="$($NFT list ruleset)"
Packit c5a612 
	if [ "$EXPECTED" != "$GET" ] ; then
Packit a5243a 
		$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
Packit c5a612 
		exit 1
Packit c5a612 
	fi
Packit c5a612 
done
Packit c5a612
Packit c5a612 
for arg in "position 3" "handle 3" "index 1"; do
Packit c5a612 
	$NFT -f - <<< "$RULESET"
Packit c5a612 
	$NFT insert rule t c $arg drop
Packit c5a612
Packit c5a612 
	GET="$($NFT list ruleset)"
Packit c5a612 
	if [ "$EXPECTED" != "$GET" ] ; then
Packit a5243a 
		$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
Packit c5a612 
		exit 1
Packit c5a612 
	fi
Packit c5a612 
done
Packit c5a612
Packit c5a612 
EXPECTED="table ip t {
Packit c5a612 
	chain c {
Packit c5a612 
		accept
Packit c5a612 
		accept
Packit c5a612 
		drop
Packit c5a612 
	}
Packit c5a612 
}"
Packit c5a612
Packit c5a612 
for arg in "position 3" "handle 3" "index 1"; do
Packit c5a612 
	$NFT -f - <<< "$RULESET"
Packit c5a612 
	$NFT add rule t c $arg drop
Packit c5a612
Packit c5a612 
	GET="$($NFT list ruleset)"
Packit c5a612 
	if [ "$EXPECTED" != "$GET" ] ; then
Packit a5243a 
		$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
Packit c5a612 
		exit 1
Packit c5a612 
	fi
Packit c5a612 
done
Packit c5a612
Packit c5a612 
EXPECTED="table ip t {
Packit c5a612 
	chain c {
Packit c5a612 
		drop
Packit c5a612 
		accept
Packit c5a612 
		accept
Packit c5a612 
	}
Packit c5a612 
}"
Packit c5a612
Packit c5a612 
for arg in "position 2" "handle 2" "index 0"; do
Packit c5a612 
	$NFT -f - <<< "$RULESET"
Packit c5a612 
	$NFT insert rule t c $arg drop
Packit c5a612
Packit c5a612 
	GET="$($NFT list ruleset)"
Packit c5a612 
	if [ "$EXPECTED" != "$GET" ] ; then
Packit a5243a 
		$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
Packit c5a612 
		exit 1
Packit c5a612 
	fi
Packit c5a612 
done

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation