diff options
| author | Máté Eckl <ecklm94@gmail.com> | 2018-08-24 17:47:15 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-30 12:11:45 +0200 |
| commit | 34ce4e4a7bb61dbf8ce7b3d018a36ab08fb6faf3 (patch) | |
| tree | 60eb5d6fcc8de9ca8c59759a8138f8b3df72a392 | |
| parent | a187d26259c63df995f41e5920d5961c93e28bff (diff) | |
test: shell: Test cases for standard chain prios
Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rwxr-xr-x | tests/shell/testcases/chains/0021prio_0 | 97 | ||||
| -rwxr-xr-x | tests/shell/testcases/chains/0022prio_dummy_1 | 7 | ||||
| -rwxr-xr-x | tests/shell/testcases/chains/0023prio_inet_srcnat_1 | 16 | ||||
| -rwxr-xr-x | tests/shell/testcases/chains/0024prio_inet_dstnat_1 | 16 | ||||
| -rwxr-xr-x | tests/shell/testcases/chains/0025prio_arp_1 | 17 | ||||
| -rwxr-xr-x | tests/shell/testcases/chains/0026prio_netdev_1 | 15 | ||||
| -rwxr-xr-x | tests/shell/testcases/chains/0027prio_bridge_dstnat_1 | 15 | ||||
| -rwxr-xr-x | tests/shell/testcases/chains/0028prio_bridge_out_1 | 15 | ||||
| -rwxr-xr-x | tests/shell/testcases/chains/0029prio_bridge_srcnat_1 | 15 | ||||
| -rw-r--r-- | tests/shell/testcases/chains/dumps/0021prio_0.nft | 1546 |
10 files changed, 1759 insertions, 0 deletions
diff --git a/tests/shell/testcases/chains/0021prio_0 b/tests/shell/testcases/chains/0021prio_0 new file mode 100755 index 00000000..ada1d92a --- /dev/null +++ b/tests/shell/testcases/chains/0021prio_0 @@ -0,0 +1,97 @@ +#!/bin/bash + +set -e + +format_offset () { + i=$1 + if ((i == 0)) + then + echo "" + elif ((i > 0)) + then + echo "+$i" + else + echo "$i" + fi +} + +chainname () { + hook=$1 + prioname=$2 + priooffset=$3 + + echo "${hook}${prioname}${priooffset}" | tr "\-+" "mp" +} + +gen_chains () { + family=$1 + hook=$2 + prioname=$3 + + for i in -11 -10 0 10 11 + do + offset=`format_offset $i` + $NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook priority $prioname $offset; }" + done +} + +for family in ip ip6 inet +do + $NFT add table $family x + for hook in prerouting input forward output postrouting + do + for prioname in raw mangle filter security + do + gen_chains $family $hook $prioname + done + done + + hook=prerouting + prioname=dstnat + gen_chains $family $hook $prioname + + hook=postrouting + prioname=srcnat + gen_chains $family $hook $prioname +done + + +family=arp + $NFT add table $family x + for hook in input output + do + prioname=filter + gen_chains $family $hook $prioname + done + + +family=netdev + $NFT add table $family x + hook=ingress + prioname=filter + for i in -11 -10 0 10 11 + do + offset=`format_offset $i` + $NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook device lo priority $prioname $offset; }" + done + +family=bridge + $NFT add table $family x + for hook in prerouting input forward output postrouting + do + prioname=filter + gen_chains $family $hook $prioname + done + + hook=prerouting + prioname=dstnat + gen_chains $family $hook $prioname + + hook=output + prioname=out + gen_chains $family $hook $prioname + + hook=postrouting + prioname=srcnat + gen_chains $family $hook $prioname + diff --git a/tests/shell/testcases/chains/0022prio_dummy_1 b/tests/shell/testcases/chains/0022prio_dummy_1 new file mode 100755 index 00000000..ecdd9456 --- /dev/null +++ b/tests/shell/testcases/chains/0022prio_dummy_1 @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e + +$NFT add table ip x +$NFT add chain ip x y "{ type filter hook input priority dummy+1; }" &> /dev/null +echo "E: dummy should not be a valid priority." >&2 diff --git a/tests/shell/testcases/chains/0023prio_inet_srcnat_1 b/tests/shell/testcases/chains/0023prio_inet_srcnat_1 new file mode 100755 index 00000000..fa53f7a7 --- /dev/null +++ b/tests/shell/testcases/chains/0023prio_inet_srcnat_1 @@ -0,0 +1,16 @@ +#!/bin/bash + +for family in ip ip6 inet +do + for hook in prerouting input forward output + do + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority srcnat; }" &> /dev/null + if (($? == 0)) + then + echo "E: srcnat should not be a valid priority name in $family $hook chains." >&2 + exit 0 + fi + done +done +exit 1 diff --git a/tests/shell/testcases/chains/0024prio_inet_dstnat_1 b/tests/shell/testcases/chains/0024prio_inet_dstnat_1 new file mode 100755 index 00000000..a9a7264a --- /dev/null +++ b/tests/shell/testcases/chains/0024prio_inet_dstnat_1 @@ -0,0 +1,16 @@ +#!/bin/bash + +for family in ip ip6 inet +do + for hook in input forward output postrouting + do + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority dstnat; }" &> /dev/null + if (($? == 0)) + then + echo "E: dstnat should not be a valid priority name in $family $hook chains." >&2 + exit 0 + fi + done +done +exit 1 diff --git a/tests/shell/testcases/chains/0025prio_arp_1 b/tests/shell/testcases/chains/0025prio_arp_1 new file mode 100755 index 00000000..8c671d55 --- /dev/null +++ b/tests/shell/testcases/chains/0025prio_arp_1 @@ -0,0 +1,17 @@ +#!/bin/bash + +family=arp + for hook in input output + do + for prioname in raw mangle dstnat security srcnat + do + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null + if (($? == 0)) + then + echo "E: $prioname should not be a valid priority name for arp family chains." >&2 + exit 0 + fi + done + done +exit 1 diff --git a/tests/shell/testcases/chains/0026prio_netdev_1 b/tests/shell/testcases/chains/0026prio_netdev_1 new file mode 100755 index 00000000..ae022830 --- /dev/null +++ b/tests/shell/testcases/chains/0026prio_netdev_1 @@ -0,0 +1,15 @@ +#!/bin/bash + +family=netdev + hook=ingress + for prioname in raw mangle dstnat security srcnat + do + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook device lo priority $prioname; }" &> /dev/null + if (($? == 0)) + then + echo "E: $prioname should not be a valid priority name for netdev family chains." >&2 + exit 0 + fi + done +exit 1 diff --git a/tests/shell/testcases/chains/0027prio_bridge_dstnat_1 b/tests/shell/testcases/chains/0027prio_bridge_dstnat_1 new file mode 100755 index 00000000..df0b6950 --- /dev/null +++ b/tests/shell/testcases/chains/0027prio_bridge_dstnat_1 @@ -0,0 +1,15 @@ +#!/bin/bash + +family=bridge + for hook in input forward output postrouting + do + prioname=dstnat + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null + if (($? == 0)) + then + echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2 + exit 0 + fi + done +exit 1 diff --git a/tests/shell/testcases/chains/0028prio_bridge_out_1 b/tests/shell/testcases/chains/0028prio_bridge_out_1 new file mode 100755 index 00000000..06fdbebb --- /dev/null +++ b/tests/shell/testcases/chains/0028prio_bridge_out_1 @@ -0,0 +1,15 @@ +#!/bin/bash + +family=bridge + for hook in prerouting input forward postrouting + do + prioname=out + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null + if (($? == 0)) + then + echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2 + exit 0 + fi + done +exit 1 diff --git a/tests/shell/testcases/chains/0029prio_bridge_srcnat_1 b/tests/shell/testcases/chains/0029prio_bridge_srcnat_1 new file mode 100755 index 00000000..8896a7cf --- /dev/null +++ b/tests/shell/testcases/chains/0029prio_bridge_srcnat_1 @@ -0,0 +1,15 @@ +#!/bin/bash + +family=bridge + for hook in prerouting input forward output + do + prioname=srcnat + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null + if (($? == 0)) + then + echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2 + exit 0 + fi + done +exit 1 diff --git a/tests/shell/testcases/chains/dumps/0021prio_0.nft b/tests/shell/testcases/chains/dumps/0021prio_0.nft new file mode 100644 index 00000000..20125ba0 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0021prio_0.nft @@ -0,0 +1,1546 @@ +table ip x { + chain preroutingrawm11 { + type filter hook prerouting priority -311; policy accept; + } + + chain preroutingrawm10 { + type filter hook prerouting priority raw - 10; policy accept; + } + + chain preroutingraw { + type filter hook prerouting priority raw; policy accept; + } + + chain preroutingrawp10 { + type filter hook prerouting priority raw + 10; policy accept; + } + + chain preroutingrawp11 { + type filter hook prerouting priority -289; policy accept; + } + + chain preroutingmanglem11 { + type filter hook prerouting priority -161; policy accept; + } + + chain preroutingmanglem10 { + type filter hook prerouting priority mangle - 10; policy accept; + } + + chain preroutingmangle { + type filter hook prerouting priority mangle; policy accept; + } + + chain preroutingmanglep10 { + type filter hook prerouting priority mangle + 10; policy accept; + } + + chain preroutingmanglep11 { + type filter hook prerouting priority -139; policy accept; + } + + chain preroutingfilterm11 { + type filter hook prerouting priority -11; policy accept; + } + + chain preroutingfilterm10 { + type filter hook prerouting priority filter - 10; policy accept; + } + + chain preroutingfilter { + type filter hook prerouting priority filter; policy accept; + } + + chain preroutingfilterp10 { + type filter hook prerouting priority filter + 10; policy accept; + } + + chain preroutingfilterp11 { + type filter hook prerouting priority 11; policy accept; + } + + chain preroutingsecuritym11 { + type filter hook prerouting priority 39; policy accept; + } + + chain preroutingsecuritym10 { + type filter hook prerouting priority security - 10; policy accept; + } + + chain preroutingsecurity { + type filter hook prerouting priority security; policy accept; + } + + chain preroutingsecurityp10 { + type filter hook prerouting priority security + 10; policy accept; + } + + chain preroutingsecurityp11 { + type filter hook prerouting priority 61; policy accept; + } + + chain inputrawm11 { + type filter hook input priority -311; policy accept; + } + + chain inputrawm10 { + type filter hook input priority raw - 10; policy accept; + } + + chain inputraw { + type filter hook input priority raw; policy accept; + } + + chain inputrawp10 { + type filter hook input priority raw + 10; policy accept; + } + + chain inputrawp11 { + type filter hook input priority -289; policy accept; + } + + chain inputmanglem11 { + type filter hook input priority -161; policy accept; + } + + chain inputmanglem10 { + type filter hook input priority mangle - 10; policy accept; + } + + chain inputmangle { + type filter hook input priority mangle; policy accept; + } + + chain inputmanglep10 { + type filter hook input priority mangle + 10; policy accept; + } + + chain inputmanglep11 { + type filter hook input priority -139; policy accept; + } + + chain inputfilterm11 { + type filter hook input priority -11; policy accept; + } + + chain inputfilterm10 { + type filter hook input priority filter - 10; policy accept; + } + + chain inputfilter { + type filter hook input priority filter; policy accept; + } + + chain inputfilterp10 { + type filter hook input priority filter + 10; policy accept; + } + + chain inputfilterp11 { + type filter hook input priority 11; policy accept; + } + + chain inputsecuritym11 { + type filter hook input priority 39; policy accept; + } + + chain inputsecuritym10 { + type filter hook input priority security - 10; policy accept; + } + + chain inputsecurity { + type filter hook input priority security; policy accept; + } + + chain inputsecurityp10 { + type filter hook input priority security + 10; policy accept; + } + + chain inputsecurityp11 { + type filter hook input priority 61; policy accept; + } + + chain forwardrawm11 { + type filter hook forward priority -311; policy accept; + } + + chain forwardrawm10 { + type filter hook forward priority raw - 10; policy accept; + } + + chain forwardraw { + type filter hook forward priority raw; policy accept; + } + + chain forwardrawp10 { + type filter hook forward priority raw + 10; policy accept; + } + + chain forwardrawp11 { + type filter hook forward priority -289; policy accept; + } + + chain forwardmanglem11 { + type filter hook forward priority -161; policy accept; + } + + chain forwardmanglem10 { + type filter hook forward priority mangle - 10; policy accept; + } + + chain forwardmangle { + type filter hook forward priority mangle; policy accept; + } + + chain forwardmanglep10 { + type filter hook forward priority mangle + 10; policy accept; + } + + chain forwardmanglep11 { + type filter hook forward priority -139; policy accept; + } + + chain forwardfilterm11 { + type filter hook forward priority -11; policy accept; + } + + chain forwardfilterm10 { + type filter hook forward priority filter - 10; policy accept; + } + + chain forwardfilter { + type filter hook forward priority filter; policy accept; + } + + chain forwardfilterp10 { + type filter hook forward priority filter + 10; policy accept; + } + + chain forwardfilterp11 { + type filter hook forward priority 11; policy accept; + } + + chain forwardsecuritym11 { + type filter hook forward priority 39; policy accept; + } + + chain forwardsecuritym10 { + type filter hook forward priority security - 10; policy accept; + } + + chain forwardsecurity { + type filter hook forward priority security; policy accept; + } + + chain forwardsecurityp10 { + type filter hook forward priority security + 10; policy accept; + } + + chain forwardsecurityp11 { + type filter hook forward priority 61; policy accept; + } + + chain outputrawm11 { + type filter hook output priority -311; policy accept; + } + + chain outputrawm10 { + type filter hook output priority raw - 10; policy accept; + } + + chain outputraw { + type filter hook output priority raw; policy accept; + } + + chain outputrawp10 { + type filter hook output priority raw + 10; policy accept; + } + + chain outputrawp11 { + type filter hook output priority -289; policy accept; + } + + chain outputmanglem11 { + type filter hook output priority -161; policy accept; + } + + chain outputmanglem10 { + type filter hook output priority mangle - 10; policy accept; + } + + chain outputmangle { + type filter hook output priority mangle; policy accept; + } + + chain outputmanglep10 { + type filter hook output priority mangle + 10; policy accept; + } + + chain outputmanglep11 { + type filter hook output priority -139; policy accept; + } + + chain outputfilterm11 { + type filter hook output priority -11; policy accept; + } + + chain outputfilterm10 { + type filter hook output priority filter - 10; policy accept; + } + + chain outputfilter { + type filter hook output priority filter; policy accept; + } + + chain outputfilterp10 { + type filter hook output priority filter + 10; policy accept; + } + + chain outputfilterp11 { + type filter hook output priority 11; policy accept; + } + + chain outputsecuritym11 { + type filter hook output priority 39; policy accept; + } + + chain outputsecuritym10 { + type filter hook output priority security - 10; policy accept; + } + + chain outputsecurity { + type filter hook output priority security; policy accept; + } + + chain outputsecurityp10 { + type filter hook output priority security + 10; policy accept; + } + + chain outputsecurityp11 { + type filter hook output priority 61; policy accept; + } + + chain postroutingrawm11 { + type filter hook postrouting priority -311; policy accept; + } + + chain postroutingrawm10 { + type filter hook postrouting priority raw - 10; policy accept; + } + + chain postroutingraw { + type filter hook postrouting priority raw; policy accept; + } + + chain postroutingrawp10 { + type filter hook postrouting priority raw + 10; policy accept; + } + + chain postroutingrawp11 { + type filter hook postrouting priority -289; policy accept; + } + + chain postroutingmanglem11 { + type filter hook postrouting priority -161; policy accept; + } + + chain postroutingmanglem10 { + type filter hook postrouting priority mangle - 10; policy accept; + } + + chain postroutingmangle { + type filter hook postrouting priority mangle; policy accept; + } + + chain postroutingmanglep10 { + type filter hook postrouting priority mangle + 10; policy accept; + } + + chain postroutingmanglep11 { + type filter hook postrouting priority -139; policy accept; + } + + chain postroutingfilterm11 { + type filter hook postrouting priority -11; policy accept; + } + + chain postroutingfilterm10 { + type filter hook postrouting priority filter - 10; policy accept; + } + + chain postroutingfilter { + type filter hook postrouting priority filter; policy accept; + } + + chain postroutingfilterp10 { + type filter hook postrouting priority filter + 10; policy accept; + } + + chain postroutingfilterp11 { + type filter hook postrouting priority 11; policy accept; + } + + chain postroutingsecuritym11 { + type filter hook postrouting priority 39; policy accept; + } + + chain postroutingsecuritym10 { + type filter hook postrouting priority security - 10; policy accept; + } + + chain postroutingsecurity { + type filter hook postrouting priority security; policy accept; + } + + chain postroutingsecurityp10 { + type filter hook postrouting priority security + 10; policy accept; + } + + chain postroutingsecurityp11 { + type filter hook postrouting priority 61; policy accept; + } + + chain preroutingdstnatm11 { + type filter hook prerouting priority -111; policy accept; + } + + chain preroutingdstnatm10 { + type filter hook prerouting priority dstnat - 10; policy accept; + } + + chain preroutingdstnat { + type filter hook prerouting priority dstnat; policy accept; + } + + chain preroutingdstnatp10 { + type filter hook prerouting priority dstnat + 10; policy accept; + } + + chain preroutingdstnatp11 { + type filter hook prerouting priority -89; policy accept; + } + + chain postroutingsrcnatm11 { + type filter hook postrouting priority 89; policy accept; + } + + chain postroutingsrcnatm10 { + type filter hook postrouting priority srcnat - 10; policy accept; + } + + chain postroutingsrcnat { + type filter hook postrouting priority srcnat; policy accept; + } + + chain postroutingsrcnatp10 { + type filter hook postrouting priority srcnat + 10; policy accept; + } + + chain postroutingsrcnatp11 { + type filter hook postrouting priority 111; policy accept; + } +} +table ip6 x { + chain preroutingrawm11 { + type filter hook prerouting priority -311; policy accept; + } + + chain preroutingrawm10 { + type filter hook prerouting priority raw - 10; policy accept; + } + + chain preroutingraw { + type filter hook prerouting priority raw; policy accept; + } + + chain preroutingrawp10 { + type filter hook prerouting priority raw + 10; policy accept; + } + + chain preroutingrawp11 { + type filter hook prerouting priority -289; policy accept; + } + + chain preroutingmanglem11 { + type filter hook prerouting priority -161; policy accept; + } + + chain preroutingmanglem10 { + type filter hook prerouting priority mangle - 10; policy accept; + } + + chain preroutingmangle { + type filter hook prerouting priority mangle; policy accept; + } + + chain preroutingmanglep10 { + type filter hook prerouting priority mangle + 10; policy accept; + } + + chain preroutingmanglep11 { + type filter hook prerouting priority -139; policy accept; + } + + chain preroutingfilterm11 { + type filter hook prerouting priority -11; policy accept; + } + + chain preroutingfilterm10 { + type filter hook prerouting priority filter - 10; policy accept; + } + + chain preroutingfilter { + type filter hook prerouting priority filter; policy accept; + } + + chain preroutingfilterp10 { + type filter hook prerouting priority filter + 10; policy accept; + } + + chain preroutingfilterp11 { + type filter hook prerouting priority 11; policy accept; + } + + chain preroutingsecuritym11 { + type filter hook prerouting priority 39; policy accept; + } + + chain preroutingsecuritym10 { + type filter hook prerouting priority security - 10; policy accept; + } + + chain preroutingsecurity { + type filter hook prerouting priority security; policy accept; + } + + chain preroutingsecurityp10 { + type filter hook prerouting priority security + 10; policy accept; + } + + chain preroutingsecurityp11 { + type filter hook prerouting priority 61; policy accept; + } + + chain inputrawm11 { + type filter hook input priority -311; policy accept; + } + + chain inputrawm10 { + type filter hook input priority raw - 10; policy accept; + } + + chain inputraw { + type filter hook input priority raw; policy accept; + } + + chain inputrawp10 { + type filter hook input priority raw + 10; policy accept; + } + + chain inputrawp11 { + type filter hook input priority -289; policy accept; + } + + chain inputmanglem11 { + type filter hook input priority -161; policy accept; + } + + chain inputmanglem10 { + type filter hook input priority mangle - 10; policy accept; + } + + chain inputmangle { + type filter hook input priority mangle; policy accept; + } + + chain inputmanglep10 { + type filter hook input priority mangle + 10; policy accept; + } + + chain inputmanglep11 { + type filter hook input priority -139; policy accept; + } + + chain inputfilterm11 { + type filter hook input priority -11; policy accept; + } + + chain inputfilterm10 { + type filter hook input priority filter - 10; policy accept; + } + + chain inputfilter { + type filter hook input priority filter; policy accept; + } + + chain inputfilterp10 { + type filter hook input priority filter + 10; policy accept; + } + + chain inputfilterp11 { + type filter hook input priority 11; policy accept; + } + + chain inputsecuritym11 { + type filter hook input priority 39; policy accept; + } + + chain inputsecuritym10 { + type filter hook input priority security - 10; policy accept; + } + + chain inputsecurity { + type filter hook input priority security; policy accept; + } + + chain inputsecurityp10 { + type filter hook input priority security + 10; policy accept; + } + + chain inputsecurityp11 { + type filter hook input priority 61; policy accept; + } + + chain forwardrawm11 { + type filter hook forward priority -311; policy accept; + } + + chain forwardrawm10 { + type filter hook forward priority raw - 10; policy accept; + } + + chain forwardraw { + type filter hook forward priority raw; policy accept; + } + + chain forwardrawp10 { + type filter hook forward priority raw + 10; policy accept; + } + + chain forwardrawp11 { + type filter hook forward priority -289; policy accept; + } + + chain forwardmanglem11 { + type filter hook forward priority -161; policy accept; + } + + chain forwardmanglem10 { + type filter hook forward priority mangle - 10; policy accept; + } + + chain forwardmangle { + type filter hook forward priority mangle; policy accept; + } + + chain forwardmanglep10 { + type filter hook forward priority mangle + 10; policy accept; + } + + chain forwardmanglep11 { + type filter hook forward priority -139; policy accept; + } + + chain forwardfilterm11 { + type filter hook forward priority -11; policy accept; + } + + chain forwardfilterm10 { + type filter hook forward priority filter - 10; policy accept; + } + + chain forwardfilter { + type filter hook forward priority filter; policy accept; + } + + chain forwardfilterp10 { + type filter hook forward priority filter + 10; policy accept; + } + + chain forwardfilterp11 { + type filter hook forward priority 11; policy accept; + } + + chain forwardsecuritym11 { + type filter hook forward priority 39; policy accept; + } + + chain forwardsecuritym10 { + type filter hook forward priority security - 10; policy accept; + } + + chain forwardsecurity { + type filter hook forward priority security; policy accept; + } + + chain forwardsecurityp10 { + type filter hook forward priority security + 10; policy accept; + } + + chain forwardsecurityp11 { + type filter hook forward priority 61; policy accept; + } + + chain outputrawm11 { + type filter hook output priority -311; policy accept; + } + + chain outputrawm10 { + type filter hook output priority raw - 10; policy accept; + } + + chain outputraw { + type filter hook output priority raw; policy accept; + } + + chain outputrawp10 { + type filter hook output priority raw + 10; policy accept; + } + + chain outputrawp11 { + type filter hook output priority -289; policy accept; + } + + chain outputmanglem11 { + type filter hook output priority -161; policy accept; + } + + chain outputmanglem10 { + type filter hook output priority mangle - 10; policy accept; + } + + chain outputmangle { + type filter hook output priority mangle; policy accept; + } + + chain outputmanglep10 { + type filter hook output priority mangle + 10; policy accept; + } + + chain outputmanglep11 { + type filter hook output priority -139; policy accept; + } + + chain outputfilterm11 { + type filter hook output priority -11; policy accept; + } + + chain outputfilterm10 { + type filter hook output priority filter - 10; policy accept; + } + + chain outputfilter { + type filter hook output priority filter; policy accept; + } + + chain outputfilterp10 { + type filter hook output priority filter + 10; policy accept; + } + + chain outputfilterp11 { + type filter hook output priority 11; policy accept; + } + + chain outputsecuritym11 { + type filter hook output priority 39; policy accept; + } + + chain outputsecuritym10 { + type filter hook output priority security - 10; policy accept; + } + + chain outputsecurity { + type filter hook output priority security; policy accept; + } + + chain outputsecurityp10 { + type filter hook output priority security + 10; policy accept; + } + + chain outputsecurityp11 { + type filter hook output priority 61; policy accept; + } + + chain postroutingrawm11 { + type filter hook postrouting priority -311; policy accept; + } + + chain postroutingrawm10 { + type filter hook postrouting priority raw - 10; policy accept; + } + + chain postroutingraw { + type filter hook postrouting priority raw; policy accept; + } + + chain postroutingrawp10 { + type filter hook postrouting priority raw + 10; policy accept; + } + + chain postroutingrawp11 { + type filter hook postrouting priority -289; policy accept; + } + + chain postroutingmanglem11 { + type filter hook postrouting priority -161; policy accept; + } + + chain postroutingmanglem10 { + type filter hook postrouting priority mangle - 10; policy accept; + } + + chain postroutingmangle { + type filter hook postrouting priority mangle; policy accept; + } + + chain postroutingmanglep10 { + type filter hook postrouting priority mangle + 10; policy accept; + } + + chain postroutingmanglep11 { + type filter hook postrouting priority -139; policy accept; + } + + chain postroutingfilterm11 { + type filter hook postrouting priority -11; policy accept; + } + + chain postroutingfilterm10 { + type filter hook postrouting priority filter - 10; policy accept; + } + + chain postroutingfilter { + type filter hook postrouting priority filter; policy accept; + } + + chain postroutingfilterp10 { + type filter hook postrouting priority filter + 10; policy accept; + } + + chain postroutingfilterp11 { + type filter hook postrouting priority 11; policy accept; + } + + chain postroutingsecuritym11 { + type filter hook postrouting priority 39; policy accept; + } + + chain postroutingsecuritym10 { + type filter hook postrouting priority security - 10; policy accept; + } + + chain postroutingsecurity { + type filter hook postrouting priority security; policy accept; + } + + chain postroutingsecurityp10 { + type filter hook postrouting priority security + 10; policy accept; + } + + chain postroutingsecurityp11 { + type filter hook postrouting priority 61; policy accept; + } + + chain preroutingdstnatm11 { + type filter hook prerouting priority -111; policy accept; + } + + chain preroutingdstnatm10 { + type filter hook prerouting priority dstnat - 10; policy accept; + } + + chain preroutingdstnat { + type filter hook prerouting priority dstnat; policy accept; + } + + chain preroutingdstnatp10 { + type filter hook prerouting priority dstnat + 10; policy accept; + } + + chain preroutingdstnatp11 { + type filter hook prerouting priority -89; policy accept; + } + + chain postroutingsrcnatm11 { + type filter hook postrouting priority 89; policy accept; + } + + chain postroutingsrcnatm10 { + type filter hook postrouting priority srcnat - 10; policy accept; + } + + chain postroutingsrcnat { + type filter hook postrouting priority srcnat; policy accept; + } + + chain postroutingsrcnatp10 { + type filter hook postrouting priority srcnat + 10; policy accept; + } + + chain postroutingsrcnatp11 { + type filter hook postrouting priority 111; policy accept; + } +} +table inet x { + chain preroutingrawm11 { + type filter hook prerouting priority -311; policy accept; + } + + chain preroutingrawm10 { + type filter hook prerouting priority raw - 10; policy accept; + } + + chain preroutingraw { + type filter hook prerouting priority raw; policy accept; + } + + chain preroutingrawp10 { + type filter hook prerouting priority raw + 10; policy accept; + } + + chain preroutingrawp11 { + type filter hook prerouting priority -289; policy accept; + } + + chain preroutingmanglem11 { + type filter hook prerouting priority -161; policy accept; + } + + chain preroutingmanglem10 { + type filter hook prerouting priority mangle - 10; policy accept; + } + + chain preroutingmangle { + type filter hook prerouting priority mangle; policy accept; + } + + chain preroutingmanglep10 { + type filter hook prerouting priority mangle + 10; policy accept; + } + + chain preroutingmanglep11 { + type filter hook prerouting priority -139; policy accept; + } + + chain preroutingfilterm11 { + type filter hook prerouting priority -11; policy accept; + } + + chain preroutingfilterm10 { + type filter hook prerouting priority filter - 10; policy accept; + } + + chain preroutingfilter { + type filter hook prerouting priority filter; policy accept; + } + + chain preroutingfilterp10 { + type filter hook prerouting priority filter + 10; policy accept; + } + + chain preroutingfilterp11 { + type filter hook prerouting priority 11; policy accept; + } + + chain preroutingsecuritym11 { + type filter hook prerouting priority 39; policy accept; + } + + chain preroutingsecuritym10 { + type filter hook prerouting priority security - 10; policy accept; + } + + chain preroutingsecurity { + type filter hook prerouting priority security; policy accept; + } + + chain preroutingsecurityp10 { + type filter hook prerouting priority security + 10; policy accept; + } + + chain preroutingsecurityp11 { + type filter hook prerouting priority 61; policy accept; + } + + chain inputrawm11 { + type filter hook input priority -311; policy accept; + } + + chain inputrawm10 { + type filter hook input priority raw - 10; policy accept; + } + + chain inputraw { + type filter hook input priority raw; policy accept; + } + + chain inputrawp10 { + type filter hook input priority raw + 10; policy accept; + } + + chain inputrawp11 { + type filter hook input priority -289; policy accept; + } + + chain inputmanglem11 { + type filter hook input priority -161; policy accept; + } + + chain inputmanglem10 { + type filter hook input priority mangle - 10; policy accept; + } + + chain inputmangle { + type filter hook input priority mangle; policy accept; + } + + chain inputmanglep10 { + type filter hook input priority mangle + 10; policy accept; + } + + chain inputmanglep11 { + type filter hook input priority -139; policy accept; + } + + chain inputfilterm11 { + type filter hook input priority -11; policy accept; + } + + chain inputfilterm10 { + type filter hook input priority filter - 10; policy accept; + } + + chain inputfilter { + type filter hook input priority filter; policy accept; + } + + chain inputfilterp10 { + type filter hook input priority filter + 10; policy accept; + } + + chain inputfilterp11 { + type filter hook input priority 11; policy accept; + } + + chain inputsecuritym11 { + type filter hook input priority 39; policy accept; + } + + chain inputsecuritym10 { + type filter hook input priority security - 10; policy accept; + } + + chain inputsecurity { + type filter hook input priority security; policy accept; + } + + chain inputsecurityp10 { + type filter hook input priority security + 10; policy accept; + } + + chain inputsecurityp11 { + type filter hook input priority 61; policy accept; + } + + chain forwardrawm11 { + type filter hook forward priority -311; policy accept; + } + + chain forwardrawm10 { + type filter hook forward priority raw - 10; policy accept; + } + + chain forwardraw { + type filter hook forward priority raw; policy accept; + } + + chain forwardrawp10 { + type filter hook forward priority raw + 10; policy accept; + } + + chain forwardrawp11 { + type filter hook forward priority -289; policy accept; + } + + chain forwardmanglem11 { + type filter hook forward priority -161; policy accept; + } + + chain forwardmanglem10 { + type filter hook forward priority mangle - 10; policy accept; + } + + chain forwardmangle { + type filter hook forward priority mangle; policy accept; + } + + chain forwardmanglep10 { + type filter hook forward priority mangle + 10; policy accept; + } + + chain forwardmanglep11 { + type filter hook forward priority -139; policy accept; + } + + chain forwardfilterm11 { + type filter hook forward priority -11; policy accept; + } + + chain forwardfilterm10 { + type filter hook forward priority filter - 10; policy accept; + } + + chain forwardfilter { + type filter hook forward priority filter; policy accept; + } + + chain forwardfilterp10 { + type filter hook forward priority filter + 10; policy accept; + } + + chain forwardfilterp11 { + type filter hook forward priority 11; policy accept; + } + + chain forwardsecuritym11 { + type filter hook forward priority 39; policy accept; + } + + chain forwardsecuritym10 { + type filter hook forward priority security - 10; policy accept; + } + + chain forwardsecurity { + type filter hook forward priority security; policy accept; + } + + chain forwardsecurityp10 { + type filter hook forward priority security + 10; policy accept; + } + + chain forwardsecurityp11 { + type filter hook forward priority 61; policy accept; + } + + chain outputrawm11 { + type filter hook output priority -311; policy accept; + } + + chain outputrawm10 { + type filter hook output priority raw - 10; policy accept; + } + + chain outputraw { + type filter hook output priority raw; policy accept; + } + + chain outputrawp10 { + type filter hook output priority raw + 10; policy accept; + } + + chain outputrawp11 { + type filter hook output priority -289; policy accept; + } + + chain outputmanglem11 { + type filter hook output priority -161; policy accept; + } + + chain outputmanglem10 { + type filter hook output priority mangle - 10; policy accept; + } + + chain outputmangle { + type filter hook output priority mangle; policy accept; + } + + chain outputmanglep10 { + type filter hook output priority mangle + 10; policy accept; + } + + chain outputmanglep11 { + type filter hook output priority -139; policy accept; + } + + chain outputfilterm11 { + type filter hook output priority -11; policy accept; + } + + chain outputfilterm10 { + type filter hook output priority filter - 10; policy accept; + } + + chain outputfilter { + type filter hook output priority filter; policy accept; + } + + chain outputfilterp10 { + type filter hook output priority filter + 10; policy accept; + } + + chain outputfilterp11 { + type filter hook output priority 11; policy accept; + } + + chain outputsecuritym11 { + type filter hook output priority 39; policy accept; + } + + chain outputsecuritym10 { + type filter hook output priority security - 10; policy accept; + } + + chain outputsecurity { + type filter hook output priority security; policy accept; + } + + chain outputsecurityp10 { + type filter hook output priority security + 10; policy accept; + } + + chain outputsecurityp11 { + type filter hook output priority 61; policy accept; + } + + chain postroutingrawm11 { + type filter hook postrouting priority -311; policy accept; + } + + chain postroutingrawm10 { + type filter hook postrouting priority raw - 10; policy accept; + } + + chain postroutingraw { + type filter hook postrouting priority raw; policy accept; + } + + chain postroutingrawp10 { + type filter hook postrouting priority raw + 10; policy accept; + } + + chain postroutingrawp11 { + type filter hook postrouting priority -289; policy accept; + } + + chain postroutingmanglem11 { + type filter hook postrouting priority -161; policy accept; + } + + chain postroutingmanglem10 { + type filter hook postrouting priority mangle - 10; policy accept; + } + + chain postroutingmangle { + type filter hook postrouting priority mangle; policy accept; + } + + chain postroutingmanglep10 { + type filter hook postrouting priority mangle + 10; policy accept; + } + + chain postroutingmanglep11 { + type filter hook postrouting priority -139; policy accept; + } + + chain postroutingfilterm11 { + type filter hook postrouting priority -11; policy accept; + } + + chain postroutingfilterm10 { + type filter hook postrouting priority filter - 10; policy accept; + } + + chain postroutingfilter { + type filter hook postrouting priority filter; policy accept; + } + + chain postroutingfilterp10 { + type filter hook postrouting priority filter + 10; policy accept; + } + + chain postroutingfilterp11 { + type filter hook postrouting priority 11; policy accept; + } + + chain postroutingsecuritym11 { + type filter hook postrouting priority 39; policy accept; + } + + chain postroutingsecuritym10 { + type filter hook postrouting priority security - 10; policy accept; + } + + chain postroutingsecurity { + type filter hook postrouting priority security; policy accept; + } + + chain postroutingsecurityp10 { + type filter hook postrouting priority security + 10; policy accept; + } + + chain postroutingsecurityp11 { + type filter hook postrouting priority 61; policy accept; + } + + chain preroutingdstnatm11 { + type filter hook prerouting priority -111; policy accept; + } + + chain preroutingdstnatm10 { + type filter hook prerouting priority dstnat - 10; policy accept; + } + + chain preroutingdstnat { + type filter hook prerouting priority dstnat; policy accept; + } + + chain preroutingdstnatp10 { + type filter hook prerouting priority dstnat + 10; policy accept; + } + + chain preroutingdstnatp11 { + type filter hook prerouting priority -89; policy accept; + } + + chain postroutingsrcnatm11 { + type filter hook postrouting priority 89; policy accept; + } + + chain postroutingsrcnatm10 { + type filter hook postrouting priority srcnat - 10; policy accept; + } + + chain postroutingsrcnat { + type filter hook postrouting priority srcnat; policy accept; + } + + chain postroutingsrcnatp10 { + type filter hook postrouting priority srcnat + 10; policy accept; + } + + chain postroutingsrcnatp11 { + type filter hook postrouting priority 111; policy accept; + } +} +table arp x { + chain inputfilterm11 { + type filter hook input priority -11; policy accept; + } + + chain inputfilterm10 { + type filter hook input priority filter - 10; policy accept; + } + + chain inputfilter { + type filter hook input priority filter; policy accept; + } + + chain inputfilterp10 { + type filter hook input priority filter + 10; policy accept; + } + + chain inputfilterp11 { + type filter hook input priority 11; policy accept; + } + + chain outputfilterm11 { + type filter hook output priority -11; policy accept; + } + + chain outputfilterm10 { + type filter hook output priority filter - 10; policy accept; + } + + chain outputfilter { + type filter hook output priority filter; policy accept; + } + + chain outputfilterp10 { + type filter hook output priority filter + 10; policy accept; + } + + chain outputfilterp11 { + type filter hook output priority 11; policy accept; + } +} +table netdev x { + chain ingressfilterm11 { + type filter hook ingress device lo priority -11; policy accept; + } + + chain ingressfilterm10 { + type filter hook ingress device lo priority filter - 10; policy accept; + } + + chain ingressfilter { + type filter hook ingress device lo priority filter; policy accept; + } + + chain ingressfilterp10 { + type filter hook ingress device lo priority filter + 10; policy accept; + } + + chain ingressfilterp11 { + type filter hook ingress device lo priority 11; policy accept; + } +} +table bridge x { + chain preroutingfilterm11 { + type filter hook prerouting priority -211; policy accept; + } + + chain preroutingfilterm10 { + type filter hook prerouting priority filter - 10; policy accept; + } + + chain preroutingfilter { + type filter hook prerouting priority filter; policy accept; + } + + chain preroutingfilterp10 { + type filter hook prerouting priority filter + 10; policy accept; + } + + chain preroutingfilterp11 { + type filter hook prerouting priority -189; policy accept; + } + + chain inputfilterm11 { + type filter hook input priority -211; policy accept; + } + + chain inputfilterm10 { + type filter hook input priority filter - 10; policy accept; + } + + chain inputfilter { + type filter hook input priority filter; policy accept; + } + + chain inputfilterp10 { + type filter hook input priority filter + 10; policy accept; + } + + chain inputfilterp11 { + type filter hook input priority -189; policy accept; + } + + chain forwardfilterm11 { + type filter hook forward priority -211; policy accept; + } + + chain forwardfilterm10 { + type filter hook forward priority filter - 10; policy accept; + } + + chain forwardfilter { + type filter hook forward priority filter; policy accept; + } + + chain forwardfilterp10 { + type filter hook forward priority filter + 10; policy accept; + } + + chain forwardfilterp11 { + type filter hook forward priority -189; policy accept; + } + + chain outputfilterm11 { + type filter hook output priority -211; policy accept; + } + + chain outputfilterm10 { + type filter hook output priority filter - 10; policy accept; + } + + chain outputfilter { + type filter hook output priority filter; policy accept; + } + + chain outputfilterp10 { + type filter hook output priority filter + 10; policy accept; + } + + chain outputfilterp11 { + type filter hook output priority -189; policy accept; + } + + chain postroutingfilterm11 { + type filter hook postrouting priority -211; policy accept; + } + + chain postroutingfilterm10 { + type filter hook postrouting priority filter - 10; policy accept; + } + + chain postroutingfilter { + type filter hook postrouting priority filter; policy accept; + } + + chain postroutingfilterp10 { + type filter hook postrouting priority filter + 10; policy accept; + } + + chain postroutingfilterp11 { + type filter hook postrouting priority -189; policy accept; + } + + chain preroutingdstnatm11 { + type filter hook prerouting priority -311; policy accept; + } + + chain preroutingdstnatm10 { + type filter hook prerouting priority dstnat - 10; policy accept; + } + + chain preroutingdstnat { + type filter hook prerouting priority dstnat; policy accept; + } + + chain preroutingdstnatp10 { + type filter hook prerouting priority dstnat + 10; policy accept; + } + + chain preroutingdstnatp11 { + type filter hook prerouting priority -289; policy accept; + } + + chain outputoutm11 { + type filter hook output priority 89; policy accept; + } + + chain outputoutm10 { + type filter hook output priority out - 10; policy accept; + } + + chain outputout { + type filter hook output priority out; policy accept; + } + + chain outputoutp10 { + type filter hook output priority out + 10; policy accept; + } + + chain outputoutp11 { + type filter hook output priority 111; policy accept; + } + + chain postroutingsrcnatm11 { + type filter hook postrouting priority 289; policy accept; + } + + chain postroutingsrcnatm10 { + type filter hook postrouting priority srcnat - 10; policy accept; + } + + chain postroutingsrcnat { + type filter hook postrouting priority srcnat; policy accept; + } + + chain postroutingsrcnatp10 { + type filter hook postrouting priority srcnat + 10; policy accept; + } + + chain postroutingsrcnatp11 { + type filter hook postrouting priority 311; policy accept; + } +} |