summaryrefslogtreecommitdiffstats
path: root/tests/xmlfiles/39-rule-real.xml
blob: f69ef625761a4cbab5b41d4044be58ad3a43254a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

<rule>
	<family>ip6</family>
	<table>filter</table>
	<chain>test</chain>
	<handle>31</handle>
	<flags>0</flags>
	<expr type="meta">
		<dreg>1</dreg>
		<key>iifname</key>
	</expr>
	<expr type="cmp">
		<sreg>1</sreg>
		<op>eq</op>
		<cmpdata>
			<data_reg type="value">
				<len>16</len>
				<data0>0x00000000</data0>
				<data1>0x00000000</data1>
				<data2>0x6f620000</data2>
				<data3>0x0030646e</data3>
			</data_reg>
		</cmpdata>
	</expr>
	<expr type="meta">
		<dreg>1</dreg>
		<key>oifname</key>
	</expr>
	<expr type="cmp">
		<sreg>1</sreg>
		<op>eq</op>
		<cmpdata>
			<data_reg type="value">
				<len>16</len>
				<data0>0x00000000</data0>
				<data1>0x62000000</data1>
				<data2>0x31646e6f</data2>
				<data3>0x0037322e</data3>
			</data_reg>
		</cmpdata>
	</expr>
	<expr type="payload">
		<dreg>1</dreg>
		<offset>8</offset>
		<len>16</len>
		<base>network</base>
	</expr>
	<expr type="cmp">
		<sreg>1</sreg>
		<op>eq</op>
		<cmpdata>
			<data_reg type="value">
				<len>16</len>
				<data0>0xc09a002a</data0>
				<data1>0x2700cac1</data1>
				<data2>0x00000000</data2>
				<data3>0x50010000</data3>
			</data_reg>
		</cmpdata>
	</expr>
	<expr type="payload">
		<dreg>1</dreg>
		<offset>6</offset>
		<len>1</len>
		<base>network</base>
	</expr>
	<expr type="cmp">
		<sreg>1</sreg>
		<op>eq</op>
		<cmpdata>
			<data_reg type="value">
				<len>1</len>
				<data0>0x00000011</data0>
			</data_reg>
		</cmpdata>
	</expr>
	<expr type="payload">
		<dreg>1</dreg>
		<offset>2</offset>
		<len>2</len>
		<base>transport</base>
	</expr>
	<expr type="cmp">
		<sreg>1</sreg>
		<op>eq</op>
		<cmpdata>
			<data_reg type="value">
				<len>2</len>
				<data0>0x00003500</data0>
			</data_reg>
		</cmpdata>
	</expr>
	<expr type="ct">
		<dreg>1</dreg>
		<key>status</key>
		<dir>0</dir>
	</expr>
	<expr type="cmp">
		<sreg>1</sreg>
		<op>eq</op>
		<cmpdata>
			<data_reg type="value">
				<len>4</len>
				<data0>0x00000001</data0>
			</data_reg>
		</cmpdata>
	</expr>
	<expr type="counter">
		<pkts>0</pkts>
		<bytes>0</bytes>
	</expr>
	<expr type="log">
		<prefix>dns_drop</prefix>
		<group>2</group>
		<snaplen>0</snaplen>
		<qthreshold>0</qthreshold>
	</expr>
	<expr type="immediate">
		<dreg>0</dreg>
		<immediatedata>
			<data_reg type="verdict">
				<verdict>drop</verdict>
			</data_reg>
		</immediatedata>
	</expr>
</rule>
<!-- nft add rule ip6 filter test meta iifname "bond0" meta oifname "bond1.27" ip6 saddr 2a00:9ac0:c1ca:27::150 udp dport 53 ct status expected counter log prefix dns_drop group 2 drop -->