diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-06-22 13:18:56 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-06-22 19:07:43 +0200 |
commit | 1b25bfa4b2f6b14dbee569ff467ea4d495abcc81 (patch) | |
tree | 58f38c440a527bb84a1a5d5b26c2be3d17e5b390 /tests/shell/testcases/transactions/0036set_1 | |
parent | 24c9e993eeff0ed41875aa7efef5dd69db4eb537 (diff) |
tests: shell: cover transactions via nft -f using flat syntax
This patch covers transactions using the flat syntax representation, eg.
add table x
add chain x y { type filter hook forward priority 0; }
add chain x y { policy drop; }
This also covers things like:
add element x whitelist { 1.1.1.1 }
delete element x whitelist { 1.1.1.1 }
The one above may look silly from a human behaviour point of view, but
silly robots may very well behave like this.
These tests require several kernel patches though in order to pass
successfully.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Diffstat (limited to 'tests/shell/testcases/transactions/0036set_1')
-rwxr-xr-x | tests/shell/testcases/transactions/0036set_1 | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/tests/shell/testcases/transactions/0036set_1 b/tests/shell/testcases/transactions/0036set_1 new file mode 100755 index 00000000..46f94573 --- /dev/null +++ b/tests/shell/testcases/transactions/0036set_1 @@ -0,0 +1,22 @@ +#!/bin/bash + +set -e + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile" EXIT # cleanup if aborted + +RULESET="add table x +add set x y { type ipv4_addr; } +add element x y { 1.1.1.1, 2.2.2.2 } +delete element x y { 1.1.1.1 } +delete element x y { 1.1.1.1 }" + +echo "$RULESET" > $tmpfile +$NFT -f $tmpfile 2> /dev/null +# Kernel must return ENOENT +echo "E: allowing double-removal of element" |