Blame tests/shell/testcases/sets/0001named_interval_0
|
Packit |
c5a612 |
#!/bin/bash
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
# This is the most basic testscase:
|
|
Packit |
c5a612 |
# * creating a valid interval set
|
|
Packit |
c5a612 |
# * referencing it from a valid rule
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
RULESET="
|
|
Packit |
c5a612 |
table inet t {
|
|
Packit |
c5a612 |
set s1 {
|
|
Packit |
c5a612 |
type ipv4_addr
|
|
Packit |
c5a612 |
flags interval
|
|
Packit |
c5a612 |
elements = { 10.0.0.0-11.0.0.0, 172.16.0.0/16 }
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
set s2 {
|
|
Packit |
c5a612 |
type ipv6_addr
|
|
Packit |
c5a612 |
flags interval
|
|
Packit |
c5a612 |
elements = { fe00::/64, fe11::-fe22::}
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
set s3 {
|
|
Packit |
c5a612 |
type inet_proto
|
|
Packit |
c5a612 |
flags interval
|
|
Packit |
c5a612 |
elements = { 10-20, 50-60}
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
set s4 {
|
|
Packit |
c5a612 |
type inet_service
|
|
Packit |
c5a612 |
flags interval
|
|
Packit |
c5a612 |
elements = {8080-8082, 0-1024, 10000-40000}
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
chain c {
|
|
Packit |
c5a612 |
ip saddr @s1 accept
|
|
Packit |
c5a612 |
ip6 daddr @s2 accept
|
|
Packit |
c5a612 |
ip protocol @s3 accept
|
|
Packit |
c5a612 |
ip6 nexthdr @s3 accept
|
|
Packit |
c5a612 |
tcp dport @s4 accept
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
}"
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
set -e
|
|
Packit |
c5a612 |
$NFT -f - <<< "$RULESET"
|