source-git / nftables

Clone
Source Code
GIT

Files

  1.   6f013848af0b0c0a1ca704e0ed914e93fb1e8fd9
  2.   tests
  3.   py
  4.   inet
  5.   reject.t.payload.inet
Blob Blame History Raw 
# reject with icmp type host-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 1 ]

# reject with icmp type net-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 0 ]

# reject with icmp type prot-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 2 ]

# reject with icmp type port-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 3 ]

# reject with icmp type net-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 9 ]

# reject with icmp type host-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 10 ]

# reject with icmp type admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 13 ]

# reject with icmpv6 type no-route
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 0 ]

# reject with icmpv6 type admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 1 ]

# reject with icmpv6 type addr-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 3 ]

# reject with icmpv6 type port-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 4 ]

# mark 12345 reject with tcp reset
inet test-inet input
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ meta load mark => reg 1 ]
  [ cmp eq reg 1 0x00003039 ]
  [ reject type 1 code 0 ]

# reject
inet test-inet input
  [ reject type 2 code 1 ]

# meta nfproto ipv4 reject
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 3 ]

# meta nfproto ipv6 reject
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 4 ]

# reject with icmpx type host-unreachable
inet test-inet input
  [ reject type 2 code 2 ]

# reject with icmpx type no-route
inet test-inet input
  [ reject type 2 code 0 ]

# reject with icmpx type admin-prohibited
inet test-inet input
  [ reject type 2 code 3 ]

# reject with icmpx type port-unreachable
inet test-inet input
  [ reject type 2 code 1 ]

# meta nfproto ipv4 reject with icmp type host-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 1 ]

# meta nfproto ipv6 reject with icmpv6 type no-route
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 0 ]

# reject with icmp type prot-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 2 ]

# reject with icmp type port-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 3 ]

# reject with icmp type net-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 9 ]

# reject with icmp type host-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 10 ]

# reject with icmp type admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 13 ]

# reject with icmpv6 type no-route
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 0 ]

# reject with icmpv6 type admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 1 ]

# reject with icmpv6 type addr-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 3 ]

# reject with icmpv6 type port-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 4 ]

# reject with tcp reset
inet test-inet input
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ reject type 1 code 0 ]

# reject
inet test-inet input
  [ reject type 2 code 1 ]

# meta nfproto ipv4 reject
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 3 ]

# meta nfproto ipv6 reject
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 4 ]

# reject with icmpx type host-unreachable
inet test-inet input
  [ reject type 2 code 2 ]

# reject with icmpx type no-route
inet test-inet input
  [ reject type 2 code 0 ]

# reject with icmpx type admin-prohibited
inet test-inet input
  [ reject type 2 code 3 ]

# reject with icmpx type port-unreachable
inet test-inet input
  [ reject type 2 code 1 ]

# meta nfproto ipv4 reject with icmp type host-unreachable
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 0 code 1 ]

# meta nfproto ipv6 reject with icmpv6 type no-route
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 0 code 0 ]

# meta nfproto ipv4 reject with icmpx type admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]
  [ reject type 2 code 3 ]

# meta nfproto ipv6 reject with icmpx type admin-prohibited
inet test-inet input
  [ meta load nfproto => reg 1 ]
  [ cmp eq reg 1 0x0000000a ]
  [ reject type 2 code 3 ]

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation