diff options
author | Michael Braun <michael-dev@fami-braun.de> | 2020-05-06 11:46:24 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-05-28 00:04:44 +0200 |
commit | 8615ed93f6e4c4b105525f033b927b510469b987 (patch) | |
tree | 064dd3adc997e0a3c3d494b97d9dfa1146250856 /tests/py/bridge/reject.t | |
parent | 2a20b5bdbde8a1b510f75b1522772b07e51a77d7 (diff) |
evaluate: enable reject with 802.1q
This enables the use nft bridge reject with bridge vlan filtering.
It depends on a kernel patch to make the kernel preserve the
vlan id in nft bridge reject generation.
[ pablo: update tests/py ]
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/bridge/reject.t')
-rw-r--r-- | tests/py/bridge/reject.t | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/tests/py/bridge/reject.t b/tests/py/bridge/reject.t index ee7e93c8..f5ed2038 100644 --- a/tests/py/bridge/reject.t +++ b/tests/py/bridge/reject.t @@ -30,15 +30,13 @@ reject with icmpx type port-unreachable;ok;reject ether type ipv6 reject with icmp type host-unreachable;fail ether type ip6 reject with icmp type host-unreachable;fail ether type ip reject with icmpv6 type no-route;fail -ether type vlan reject;fail +ether type vlan reject;ok ether type arp reject;fail -ether type vlan reject;fail -ether type arp reject;fail -ether type vlan reject with tcp reset;fail +ether type vlan reject with tcp reset;ok ether type arp reject with tcp reset;fail ip protocol udp reject with tcp reset;fail ether type ip reject with icmpx type admin-prohibited;ok ether type ip6 reject with icmpx type admin-prohibited;ok -ether type vlan reject with icmpx type admin-prohibited;fail +ether type vlan reject with icmpx type admin-prohibited;ok ether type arp reject with icmpx type admin-prohibited;fail |