diff options
author | Phil Sutter <phil@nwl.cc> | 2019-09-17 18:28:18 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2019-11-06 13:42:02 +0100 |
commit | bd2dc3e730669cc813cedfd0876f22f5083cae9a (patch) | |
tree | f7210568e0262d5d9854dace1b6e4f92e380110a /iptables/tests/shell/testcases | |
parent | 09cb517949e69c6ebfc4e755057b270f0dc99291 (diff) |
tests: shell: Add ipt-restore/0007-flush-noflush_0
Simple test to make sure iptables-restore does not touch tables it is
not supposed to.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/tests/shell/testcases')
-rwxr-xr-x | iptables/tests/shell/testcases/ipt-restore/0007-flush-noflush_0 | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/iptables/tests/shell/testcases/ipt-restore/0007-flush-noflush_0 b/iptables/tests/shell/testcases/ipt-restore/0007-flush-noflush_0 new file mode 100755 index 00000000..029db223 --- /dev/null +++ b/iptables/tests/shell/testcases/ipt-restore/0007-flush-noflush_0 @@ -0,0 +1,42 @@ +#!/bin/bash + +# Make sure iptables-restore without --noflush does not flush tables other than +# those contained in the dump it's reading from + +set -e + +$XT_MULTI iptables-restore <<EOF +*nat +-A POSTROUTING -j ACCEPT +COMMIT +EOF + +EXPECT="*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +-A POSTROUTING -j ACCEPT +COMMIT" +diff -u -Z <(echo -e "$EXPECT" | sort) <($XT_MULTI iptables-save | grep -v '^#' | sort) + +$XT_MULTI iptables-restore <<EOF +*filter +-A FORWARD -j ACCEPT +COMMIT +EOF + +EXPECT="*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A FORWARD -j ACCEPT +COMMIT +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +-A POSTROUTING -j ACCEPT +COMMIT" +diff -u -Z <(echo -e "$EXPECT" | sort) <($XT_MULTI iptables-save | grep -v '^#' | sort) |