summaryrefslogtreecommitdiffstats
path: root/iptables/tests/shell/testcases/ebtables
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2019-09-10 23:10:59 +0200
committerFlorian Westphal <fw@strlen.de>2019-09-12 13:05:53 +0200
commite1ccd979e6849748578fad76475c688bdd16df0d (patch)
tree7095715be883c464eb23ba496ce987120bc12269 /iptables/tests/shell/testcases/ebtables
parent8934ced112e9cbe03072f50df0975fe6840f14b3 (diff)
ebtables: fix over-eager -o checks on custom chains
Arturo reports ebtables-nft reports an error when -o is used in custom chains: -A MYCHAIN -o someif makes ebtables-nft exit with an error: "Use -o only in OUTPUT, FORWARD and POSTROUTING chains." Problem is that all the "-o" checks expect <= NF_BR_POST_ROUTING to mean "builtin", so -1 mistakenly leads to the checks being active. Reported-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1347 Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/tests/shell/testcases/ebtables')
-rwxr-xr-xiptables/tests/shell/testcases/ebtables/0005-ifnamechecks_021
1 files changed, 21 insertions, 0 deletions
diff --git a/iptables/tests/shell/testcases/ebtables/0005-ifnamechecks_0 b/iptables/tests/shell/testcases/ebtables/0005-ifnamechecks_0
new file mode 100755
index 00000000..2163d364
--- /dev/null
+++ b/iptables/tests/shell/testcases/ebtables/0005-ifnamechecks_0
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+
+# there is no legacy backend to test
+[[ $XT_MULTI == */xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
+
+EXPECT='*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+:PVEFW-FORWARD ACCEPT
+:PVEFW-FWBR-OUT ACCEPT
+-A FORWARD -j PVEFW-FORWARD
+-A PVEFW-FORWARD -p IPv4 -j ACCEPT
+-A PVEFW-FORWARD -p IPv6 -j ACCEPT
+-A PVEFW-FORWARD -i fwln+ -j ACCEPT
+-A PVEFW-FORWARD -o fwln+ -j PVEFW-FWBR-OUT'
+
+$XT_MULTI ebtables-restore <<<$EXPECT
+exec diff -u <(echo -e "$EXPECT") <($XT_MULTI ebtables-save | grep -v '^#')