diff options
author | Thomas Haller <thaller@redhat.com> | 2023-11-14 17:08:28 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-11-15 13:12:06 +0100 |
commit | 3d24b16b9ac132d26869953f54ef7c69f1c1d58f (patch) | |
tree | c9432f7716f192c913b1aefc353bd7f220340376 /tests/shell/testcases/transactions/dumps | |
parent | c9caa99c52752907509584b7165ad6180764d87d (diff) |
tests/shell: add JSON dump files
Generate and add ".json-nft" files. These files contain the output of
`nft -j list ruleset` after the test. Also, "test-wrapper.sh" will
compare the current ruleset against the ".json-nft" files and test them
with "nft -j --check -f $FILE`. These are useful extra tests, that we
almost get for free.
Note that for some JSON dumps, `nft -f --check` fails (or prints
something). For those tests no *.json-nft file is added. The bugs needs
to be fixed first.
An example of such an issue is:
$ DUMPGEN=all ./tests/shell/run-tests.sh tests/shell/testcases/maps/nat_addr_port
which gives a file "rc-failed-chkdump" with
Command `./tests/shell/../../src/nft -j --check -f "tests/shell/testcases/maps/dumps/nat_addr_port.json-nft"` failed
>>>>
internal:0:0-0: Error: Invalid map type 'ipv4_addr . inet_service'.
internal:0:0-0: Error: Parsing command array at index 3 failed.
internal:0:0-0: Error: unqualified type integer specified in map definition. Try "typeof expression" instead of "type datatype".
<<<<
Tests like "tests/shell/testcases/nft-f/0012different_defines_0" and
"tests/shell/testcases/nft-f/0024priority_0" also don't get a .json-nft
dump yet, because their output is not stable. That needs fixing too.
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/transactions/dumps')
40 files changed, 40 insertions, 0 deletions
diff --git a/tests/shell/testcases/transactions/dumps/0001table_0.json-nft b/tests/shell/testcases/transactions/dumps/0001table_0.json-nft new file mode 100644 index 00000000..3448375e --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0001table_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 2}}, {"table": {"family": "ip", "name": "y", "handle": 3}}]} diff --git a/tests/shell/testcases/transactions/dumps/0002table_0.json-nft b/tests/shell/testcases/transactions/dumps/0002table_0.json-nft new file mode 100644 index 00000000..0d948d44 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0002table_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 2, "flags": "dormant"}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 1, "type": "nat", "hook": "prerouting", "prio": 0, "policy": "accept"}}]} diff --git a/tests/shell/testcases/transactions/dumps/0003table_0.json-nft b/tests/shell/testcases/transactions/dumps/0003table_0.json-nft new file mode 100644 index 00000000..c3892612 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0003table_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 3}}, {"table": {"family": "ip", "name": "y", "handle": 4}}]} diff --git a/tests/shell/testcases/transactions/dumps/0010chain_0.json-nft b/tests/shell/testcases/transactions/dumps/0010chain_0.json-nft new file mode 100644 index 00000000..940dd763 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0010chain_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "w", "handle": 2}}, {"chain": {"family": "ip", "table": "w", "name": "y", "handle": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0011chain_0.json-nft b/tests/shell/testcases/transactions/dumps/0011chain_0.json-nft new file mode 100644 index 00000000..27866552 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0011chain_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 2, "type": "filter", "hook": "input", "prio": 0, "policy": "drop"}}]} diff --git a/tests/shell/testcases/transactions/dumps/0012chain_0.json-nft b/tests/shell/testcases/transactions/dumps/0012chain_0.json-nft new file mode 100644 index 00000000..ac2c9730 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0012chain_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "w", "handle": 3}}, {"chain": {"family": "ip", "table": "w", "name": "y", "handle": 1, "type": "filter", "hook": "output", "prio": 0, "policy": "accept"}}]} diff --git a/tests/shell/testcases/transactions/dumps/0013chain_0.json-nft b/tests/shell/testcases/transactions/dumps/0013chain_0.json-nft new file mode 100644 index 00000000..ac2c9730 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0013chain_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "w", "handle": 3}}, {"chain": {"family": "ip", "table": "w", "name": "y", "handle": 1, "type": "filter", "hook": "output", "prio": 0, "policy": "accept"}}]} diff --git a/tests/shell/testcases/transactions/dumps/0014chain_1.json-nft b/tests/shell/testcases/transactions/dumps/0014chain_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0014chain_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0015chain_0.json-nft b/tests/shell/testcases/transactions/dumps/0015chain_0.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0015chain_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0020rule_0.json-nft b/tests/shell/testcases/transactions/dumps/0020rule_0.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0020rule_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0021rule_0.json-nft b/tests/shell/testcases/transactions/dumps/0021rule_0.json-nft new file mode 100644 index 00000000..57cdf62a --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0021rule_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 2}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 1}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 2, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "2.2.2.2"}}, {"counter": {"packets": 0, "bytes": 0}}]}}]} diff --git a/tests/shell/testcases/transactions/dumps/0022rule_1.json-nft b/tests/shell/testcases/transactions/dumps/0022rule_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0022rule_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0023rule_1.json-nft b/tests/shell/testcases/transactions/dumps/0023rule_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0023rule_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0024rule_0.json-nft b/tests/shell/testcases/transactions/dumps/0024rule_0.json-nft new file mode 100644 index 00000000..2a0b58b7 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0024rule_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 3}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 1}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 2, "comment": "rule1", "expr": [{"accept": null}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 4, "comment": "rule2", "expr": [{"accept": null}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 5, "comment": "rule3", "expr": [{"accept": null}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 3, "comment": "rule4", "expr": [{"accept": null}]}}]} diff --git a/tests/shell/testcases/transactions/dumps/0025rule_0.json-nft b/tests/shell/testcases/transactions/dumps/0025rule_0.json-nft new file mode 100644 index 00000000..de2fe02f --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0025rule_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 1}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 2, "expr": [{"log": null}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 4, "expr": [{"drop": null}]}}]} diff --git a/tests/shell/testcases/transactions/dumps/0030set_0.json-nft b/tests/shell/testcases/transactions/dumps/0030set_0.json-nft new file mode 100644 index 00000000..3e9b11d7 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0030set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 2}}]} diff --git a/tests/shell/testcases/transactions/dumps/0031set_0.json-nft b/tests/shell/testcases/transactions/dumps/0031set_0.json-nft new file mode 100644 index 00000000..aa4c7a63 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0031set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 2}}]} diff --git a/tests/shell/testcases/transactions/dumps/0032set_0.json-nft b/tests/shell/testcases/transactions/dumps/0032set_0.json-nft new file mode 100644 index 00000000..dad1b3cf --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0032set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "w", "handle": 2}}, {"set": {"family": "ip", "name": "y", "table": "w", "type": "ipv4_addr", "handle": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0033set_0.json-nft b/tests/shell/testcases/transactions/dumps/0033set_0.json-nft new file mode 100644 index 00000000..170a5783 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0033set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0034set_0.json-nft b/tests/shell/testcases/transactions/dumps/0034set_0.json-nft new file mode 100644 index 00000000..80b7d376 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0034set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0035set_0.json-nft b/tests/shell/testcases/transactions/dumps/0035set_0.json-nft new file mode 100644 index 00000000..3a3cd748 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0035set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 1, "elem": ["3.3.3.3"]}}]} diff --git a/tests/shell/testcases/transactions/dumps/0036set_1.json-nft b/tests/shell/testcases/transactions/dumps/0036set_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0036set_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0037set_0.json-nft b/tests/shell/testcases/transactions/dumps/0037set_0.json-nft new file mode 100644 index 00000000..a89f177c --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0037set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 1, "flags": ["interval"]}}]} diff --git a/tests/shell/testcases/transactions/dumps/0038set_0.json-nft b/tests/shell/testcases/transactions/dumps/0038set_0.json-nft new file mode 100644 index 00000000..ed04764c --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0038set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 1, "flags": ["interval"], "elem": [{"prefix": {"addr": "192.168.4.0", "len": 24}}]}}]} diff --git a/tests/shell/testcases/transactions/dumps/0039set_0.json-nft b/tests/shell/testcases/transactions/dumps/0039set_0.json-nft new file mode 100644 index 00000000..ed04764c --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0039set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 1, "flags": ["interval"], "elem": [{"prefix": {"addr": "192.168.4.0", "len": 24}}]}}]} diff --git a/tests/shell/testcases/transactions/dumps/0040set_0.json-nft b/tests/shell/testcases/transactions/dumps/0040set_0.json-nft new file mode 100644 index 00000000..b7fa740d --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0040set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 1}}, {"map": {"family": "ip", "name": "client_to_any", "table": "filter", "type": "ipv4_addr", "handle": 4, "map": "verdict"}}, {"chain": {"family": "ip", "table": "filter", "name": "FORWARD", "handle": 1, "type": "filter", "hook": "forward", "prio": 0, "policy": "accept"}}, {"chain": {"family": "ip", "table": "filter", "name": "client_to_any", "handle": 2}}, {"rule": {"family": "ip", "table": "filter", "chain": "FORWARD", "handle": 5, "expr": [{"goto": {"target": "client_to_any"}}]}}, {"rule": {"family": "ip", "table": "filter", "chain": "client_to_any", "handle": 6, "expr": [{"vmap": {"key": {"payload": {"protocol": "ip", "field": "saddr"}}, "data": "@client_to_any"}}]}}]} diff --git a/tests/shell/testcases/transactions/dumps/0041nat_restore_0.json-nft b/tests/shell/testcases/transactions/dumps/0041nat_restore_0.json-nft new file mode 100644 index 00000000..1908197b --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0041nat_restore_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 2}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 1, "type": "nat", "hook": "postrouting", "prio": 0, "policy": "accept"}}]} diff --git a/tests/shell/testcases/transactions/dumps/0042_stateful_expr_0.json-nft b/tests/shell/testcases/transactions/dumps/0042_stateful_expr_0.json-nft new file mode 100644 index 00000000..926c8006 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0042_stateful_expr_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 1}}, {"map": {"family": "ip", "name": "m1", "table": "filter", "type": "ipv4_addr", "handle": 2, "map": "counter"}}]} diff --git a/tests/shell/testcases/transactions/dumps/0043set_1.json-nft b/tests/shell/testcases/transactions/dumps/0043set_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0043set_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0044rule_0.json-nft b/tests/shell/testcases/transactions/dumps/0044rule_0.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0044rule_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0045anon-unbind_0.json-nft b/tests/shell/testcases/transactions/dumps/0045anon-unbind_0.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0045anon-unbind_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0046set_0.json-nft b/tests/shell/testcases/transactions/dumps/0046set_0.json-nft new file mode 100644 index 00000000..2e007191 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0046set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0047set_0.json-nft b/tests/shell/testcases/transactions/dumps/0047set_0.json-nft new file mode 100644 index 00000000..ad7f753a --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0047set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 1}}, {"map": {"family": "ip", "name": "group_10060", "table": "filter", "type": "ipv4_addr", "handle": 1, "map": "classid", "flags": ["interval"], "elem": [["10.1.26.2", "1:bbf8"], ["10.1.26.3", "1:c1ad"], ["10.1.26.4", "1:b2d7"], ["10.1.26.5", "1:f705"], ["10.1.26.6", "1:b895"], ["10.1.26.7", "1:ec4c"], ["10.1.26.8", "1:de78"], ["10.1.26.9", "1:b4f3"], ["10.1.26.10", "1:dec6"], ["10.1.26.11", "1:b4c0"]]}}]} diff --git a/tests/shell/testcases/transactions/dumps/0048helpers_0.json-nft b/tests/shell/testcases/transactions/dumps/0048helpers_0.json-nft new file mode 100644 index 00000000..2e007191 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0048helpers_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/0049huge_0.json-nft b/tests/shell/testcases/transactions/dumps/0049huge_0.json-nft new file mode 100644 index 00000000..7d622f5f --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0049huge_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "firewalld", "handle": 3}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PREROUTING", "handle": 1, "type": "filter", "hook": "prerouting", "prio": -290, "policy": "accept"}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PREROUTING_ZONES", "handle": 2}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING", "handle": 4, "type": "filter", "hook": "prerouting", "prio": -140, "policy": "accept"}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES", "handle": 5}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT", "handle": 7, "type": "filter", "hook": "input", "prio": 10, "policy": "accept"}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD", "handle": 8, "type": "filter", "hook": "forward", "prio": 10, "policy": "accept"}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT", "handle": 9, "type": "filter", "hook": "output", "prio": 10, "policy": "accept"}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_ZONES", "handle": 10}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_IN_ZONES", "handle": 18}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_OUT_ZONES", "handle": 19}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public", "handle": 36}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public_pre", "handle": 37}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public_log", "handle": 38}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public_deny", "handle": 39}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public_allow", "handle": 40}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public_post", "handle": 41}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public", "handle": 47}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_pre", "handle": 48}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_log", "handle": 49}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_deny", "handle": 50}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_allow", "handle": 51}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_post", "handle": 52}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public", "handle": 62}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_pre", "handle": 63}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_log", "handle": 64}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_deny", "handle": 65}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_allow", "handle": 66}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_post", "handle": 67}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public", "handle": 78}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_pre", "handle": 79}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_log", "handle": 80}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_deny", "handle": 81}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_allow", "handle": 82}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_post", "handle": 83}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public", "handle": 92}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_pre", "handle": 93}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_log", "handle": 94}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_deny", "handle": 95}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_allow", "handle": 96}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_post", "handle": 97}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted", "handle": 104}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted_pre", "handle": 105}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted_log", "handle": 106}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted_deny", "handle": 107}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted_allow", "handle": 108}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted_post", "handle": 109}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted", "handle": 116}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted_pre", "handle": 117}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted_log", "handle": 118}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted_deny", "handle": 119}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted_allow", "handle": 120}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted_post", "handle": 121}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted", "handle": 128}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted_pre", "handle": 129}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted_log", "handle": 130}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted_deny", "handle": 131}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted_allow", "handle": 132}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted_post", "handle": 133}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted", "handle": 141}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted_pre", "handle": 142}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted_log", "handle": 143}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted_deny", "handle": 144}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted_allow", "handle": 145}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted_post", "handle": 146}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted", "handle": 154}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted_pre", "handle": 155}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted_log", "handle": 156}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted_deny", "handle": 157}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted_allow", "handle": 158}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted_post", "handle": 159}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work", "handle": 167}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work_pre", "handle": 168}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work_log", "handle": 169}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work_deny", "handle": 170}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work_allow", "handle": 171}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work_post", "handle": 172}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work", "handle": 178}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work_pre", "handle": 179}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work_log", "handle": 180}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work_deny", "handle": 181}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work_allow", "handle": 182}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work_post", "handle": 183}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work", "handle": 194}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work_pre", "handle": 195}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work_log", "handle": 196}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work_deny", "handle": 197}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work_allow", "handle": 198}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work_post", "handle": 199}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work", "handle": 207}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work_pre", "handle": 208}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work_log", "handle": 209}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work_deny", "handle": 210}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work_allow", "handle": 211}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work_post", "handle": 212}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work", "handle": 219}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work_pre", "handle": 220}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work_log", "handle": 221}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work_deny", "handle": 222}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work_allow", "handle": 223}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work_post", "handle": 224}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "handle": 31, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "handle": 29, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "nfproto"}}, "right": "ipv6"}}, {"match": {"op": "==", "left": {"fib": {"result": "oif", "flags": ["saddr", "iif"]}}, "right": false}}, {"drop": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "handle": 3, "expr": [{"jump": {"target": "raw_PREROUTING_ZONES"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING_ZONES", "handle": 193, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "raw_PRE_work"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING_ZONES", "handle": 115, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "raw_PRE_trusted"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING_ZONES", "handle": 77, "expr": [{"goto": {"target": "raw_PRE_public"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "handle": 6, "expr": [{"jump": {"target": "mangle_PREROUTING_ZONES"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "handle": 205, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "mangle_PRE_work"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "handle": 127, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "mangle_PRE_trusted"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "handle": 89, "expr": [{"goto": {"target": "mangle_PRE_public"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 12, "expr": [{"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["established", "related"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 13, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "status"}}, "right": "dnat"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 14, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "lo"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 15, "expr": [{"jump": {"target": "filter_INPUT_ZONES"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 16, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "invalid"}}, {"drop": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 17, "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 21, "expr": [{"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["established", "related"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 22, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "status"}}, "right": "dnat"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 23, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "lo"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 35, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "right": {"set": [{"prefix": {"addr": "::", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002::", "len": 24}}, {"prefix": {"addr": "2002:a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 24, "expr": [{"jump": {"target": "filter_FORWARD_IN_ZONES"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 25, "expr": [{"jump": {"target": "filter_FORWARD_OUT_ZONES"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 26, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "invalid"}}, {"drop": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 27, "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "handle": 28, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "lo"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "handle": 33, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "right": {"set": [{"prefix": {"addr": "::", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002::", "len": 24}}, {"prefix": {"addr": "2002:a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "handle": 206, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "filter_IN_work"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "handle": 140, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "filter_IN_trusted"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "handle": 90, "expr": [{"goto": {"target": "filter_IN_public"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "handle": 218, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "filter_FWDI_work"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "handle": 153, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "filter_FWDI_trusted"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "handle": 91, "expr": [{"goto": {"target": "filter_FWDI_public"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "handle": 230, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "filter_FWDO_work"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "handle": 166, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "filter_FWDO_trusted"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "handle": 103, "expr": [{"goto": {"target": "filter_FWDO_public"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_public", "handle": 42, "expr": [{"jump": {"target": "raw_PRE_public_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_public", "handle": 43, "expr": [{"jump": {"target": "raw_PRE_public_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_public", "handle": 44, "expr": [{"jump": {"target": "raw_PRE_public_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_public", "handle": 45, "expr": [{"jump": {"target": "raw_PRE_public_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_public", "handle": 46, "expr": [{"jump": {"target": "raw_PRE_public_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 53, "expr": [{"jump": {"target": "filter_IN_public_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 54, "expr": [{"jump": {"target": "filter_IN_public_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 55, "expr": [{"jump": {"target": "filter_IN_public_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 56, "expr": [{"jump": {"target": "filter_IN_public_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 57, "expr": [{"jump": {"target": "filter_IN_public_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 74, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": {"set": ["icmp", "ipv6-icmp"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "handle": 59, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "handle": 61, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "dport"}}, "right": 546}}, {"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 68, "expr": [{"jump": {"target": "filter_FWDI_public_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 69, "expr": [{"jump": {"target": "filter_FWDI_public_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 70, "expr": [{"jump": {"target": "filter_FWDI_public_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 71, "expr": [{"jump": {"target": "filter_FWDI_public_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 72, "expr": [{"jump": {"target": "filter_FWDI_public_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 76, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": {"set": ["icmp", "ipv6-icmp"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "handle": 84, "expr": [{"jump": {"target": "mangle_PRE_public_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "handle": 85, "expr": [{"jump": {"target": "mangle_PRE_public_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "handle": 86, "expr": [{"jump": {"target": "mangle_PRE_public_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "handle": 87, "expr": [{"jump": {"target": "mangle_PRE_public_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "handle": 88, "expr": [{"jump": {"target": "mangle_PRE_public_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "handle": 98, "expr": [{"jump": {"target": "filter_FWDO_public_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "handle": 99, "expr": [{"jump": {"target": "filter_FWDO_public_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "handle": 100, "expr": [{"jump": {"target": "filter_FWDO_public_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "handle": 101, "expr": [{"jump": {"target": "filter_FWDO_public_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "handle": 102, "expr": [{"jump": {"target": "filter_FWDO_public_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted", "handle": 110, "expr": [{"jump": {"target": "raw_PRE_trusted_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted", "handle": 111, "expr": [{"jump": {"target": "raw_PRE_trusted_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted", "handle": 112, "expr": [{"jump": {"target": "raw_PRE_trusted_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted", "handle": 113, "expr": [{"jump": {"target": "raw_PRE_trusted_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted", "handle": 114, "expr": [{"jump": {"target": "raw_PRE_trusted_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_trusted", "handle": 122, "expr": [{"jump": {"target": "mangle_PRE_trusted_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_trusted", "handle": 123, "expr": [{"jump": {"target": "mangle_PRE_trusted_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_trusted", "handle": 124, "expr": [{"jump": {"target": "mangle_PRE_trusted_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_trusted", "handle": 125, "expr": [{"jump": {"target": "mangle_PRE_trusted_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_trusted", "handle": 126, "expr": [{"jump": {"target": "mangle_PRE_trusted_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 134, "expr": [{"jump": {"target": "filter_IN_trusted_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 135, "expr": [{"jump": {"target": "filter_IN_trusted_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 136, "expr": [{"jump": {"target": "filter_IN_trusted_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 137, "expr": [{"jump": {"target": "filter_IN_trusted_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 138, "expr": [{"jump": {"target": "filter_IN_trusted_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 139, "expr": [{"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 147, "expr": [{"jump": {"target": "filter_FWDI_trusted_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 148, "expr": [{"jump": {"target": "filter_FWDI_trusted_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 149, "expr": [{"jump": {"target": "filter_FWDI_trusted_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 150, "expr": [{"jump": {"target": "filter_FWDI_trusted_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 151, "expr": [{"jump": {"target": "filter_FWDI_trusted_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 152, "expr": [{"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 160, "expr": [{"jump": {"target": "filter_FWDO_trusted_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 161, "expr": [{"jump": {"target": "filter_FWDO_trusted_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 162, "expr": [{"jump": {"target": "filter_FWDO_trusted_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 163, "expr": [{"jump": {"target": "filter_FWDO_trusted_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 164, "expr": [{"jump": {"target": "filter_FWDO_trusted_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 165, "expr": [{"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_work", "handle": 173, "expr": [{"jump": {"target": "raw_PRE_work_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_work", "handle": 174, "expr": [{"jump": {"target": "raw_PRE_work_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_work", "handle": 175, "expr": [{"jump": {"target": "raw_PRE_work_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_work", "handle": 176, "expr": [{"jump": {"target": "raw_PRE_work_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_work", "handle": 177, "expr": [{"jump": {"target": "raw_PRE_work_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 184, "expr": [{"jump": {"target": "filter_IN_work_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 185, "expr": [{"jump": {"target": "filter_IN_work_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 186, "expr": [{"jump": {"target": "filter_IN_work_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 187, "expr": [{"jump": {"target": "filter_IN_work_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 188, "expr": [{"jump": {"target": "filter_IN_work_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 232, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": {"set": ["icmp", "ipv6-icmp"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work_allow", "handle": 190, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work_allow", "handle": 192, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "dport"}}, "right": 546}}, {"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_work", "handle": 200, "expr": [{"jump": {"target": "mangle_PRE_work_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_work", "handle": 201, "expr": [{"jump": {"target": "mangle_PRE_work_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_work", "handle": 202, "expr": [{"jump": {"target": "mangle_PRE_work_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_work", "handle": 203, "expr": [{"jump": {"target": "mangle_PRE_work_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_work", "handle": 204, "expr": [{"jump": {"target": "mangle_PRE_work_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 213, "expr": [{"jump": {"target": "filter_FWDI_work_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 214, "expr": [{"jump": {"target": "filter_FWDI_work_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 215, "expr": [{"jump": {"target": "filter_FWDI_work_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 216, "expr": [{"jump": {"target": "filter_FWDI_work_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 217, "expr": [{"jump": {"target": "filter_FWDI_work_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 234, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": {"set": ["icmp", "ipv6-icmp"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_work", "handle": 225, "expr": [{"jump": {"target": "filter_FWDO_work_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_work", "handle": 226, "expr": [{"jump": {"target": "filter_FWDO_work_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_work", "handle": 227, "expr": [{"jump": {"target": "filter_FWDO_work_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_work", "handle": 228, "expr": [{"jump": {"target": "filter_FWDO_work_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_work", "handle": 229, "expr": [{"jump": {"target": "filter_FWDO_work_post"}}]}}, {"table": {"family": "ip", "name": "firewalld", "handle": 4}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING", "handle": 1, "type": "nat", "hook": "prerouting", "prio": -90, "policy": "accept"}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_ZONES", "handle": 2}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING", "handle": 4, "type": "nat", "hook": "postrouting", "prio": 110, "policy": "accept"}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_ZONES", "handle": 5}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public", "handle": 7}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_pre", "handle": 8}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_log", "handle": 9}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_deny", "handle": 10}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_allow", "handle": 11}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_post", "handle": 12}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public", "handle": 19}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_pre", "handle": 20}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_log", "handle": 21}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_deny", "handle": 22}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_allow", "handle": 23}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_post", "handle": 24}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted", "handle": 31}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted_pre", "handle": 32}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted_log", "handle": 33}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted_deny", "handle": 34}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted_allow", "handle": 35}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted_post", "handle": 36}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted", "handle": 43}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted_pre", "handle": 44}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted_log", "handle": 45}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted_deny", "handle": 46}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted_allow", "handle": 47}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted_post", "handle": 48}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work", "handle": 55}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work_pre", "handle": 56}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work_log", "handle": 57}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work_deny", "handle": 58}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work_allow", "handle": 59}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work_post", "handle": 60}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work", "handle": 67}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work_pre", "handle": 68}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work_log", "handle": 69}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work_deny", "handle": 70}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work_allow", "handle": 71}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work_post", "handle": 72}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "handle": 3, "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 66, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "nat_PRE_work"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 42, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "nat_PRE_trusted"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 18, "expr": [{"goto": {"target": "nat_PRE_public"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "handle": 6, "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 78, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "nat_POST_work"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 54, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "nat_POST_trusted"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 30, "expr": [{"goto": {"target": "nat_POST_public"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "handle": 13, "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "handle": 14, "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "handle": 15, "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "handle": 16, "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "handle": 17, "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "handle": 25, "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "handle": 26, "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "handle": 27, "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "handle": 28, "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "handle": 29, "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 37, "expr": [{"jump": {"target": "nat_PRE_trusted_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 38, "expr": [{"jump": {"target": "nat_PRE_trusted_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 39, "expr": [{"jump": {"target": "nat_PRE_trusted_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 40, "expr": [{"jump": {"target": "nat_PRE_trusted_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 41, "expr": [{"jump": {"target": "nat_PRE_trusted_post"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 49, "expr": [{"jump": {"target": "nat_POST_trusted_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 50, "expr": [{"jump": {"target": "nat_POST_trusted_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 51, "expr": [{"jump": {"target": "nat_POST_trusted_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 52, "expr": [{"jump": {"target": "nat_POST_trusted_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 53, "expr": [{"jump": {"target": "nat_POST_trusted_post"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_work", "handle": 61, "expr": [{"jump": {"target": "nat_PRE_work_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_work", "handle": 62, "expr": [{"jump": {"target": "nat_PRE_work_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_work", "handle": 63, "expr": [{"jump": {"target": "nat_PRE_work_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_work", "handle": 64, "expr": [{"jump": {"target": "nat_PRE_work_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_work", "handle": 65, "expr": [{"jump": {"target": "nat_PRE_work_post"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_work", "handle": 73, "expr": [{"jump": {"target": "nat_POST_work_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_work", "handle": 74, "expr": [{"jump": {"target": "nat_POST_work_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_work", "handle": 75, "expr": [{"jump": {"target": "nat_POST_work_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_work", "handle": 76, "expr": [{"jump": {"target": "nat_POST_work_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_work", "handle": 77, "expr": [{"jump": {"target": "nat_POST_work_post"}}]}}, {"table": {"family": "ip6", "name": "firewalld", "handle": 5}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING", "handle": 1, "type": "nat", "hook": "prerouting", "prio": -90, "policy": "accept"}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_ZONES", "handle": 2}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING", "handle": 4, "type": "nat", "hook": "postrouting", "prio": 110, "policy": "accept"}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_ZONES", "handle": 5}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public", "handle": 7}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_pre", "handle": 8}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_log", "handle": 9}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_deny", "handle": 10}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_allow", "handle": 11}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_post", "handle": 12}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public", "handle": 19}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_pre", "handle": 20}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_log", "handle": 21}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_deny", "handle": 22}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_allow", "handle": 23}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_post", "handle": 24}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted", "handle": 31}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted_pre", "handle": 32}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted_log", "handle": 33}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted_deny", "handle": 34}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted_allow", "handle": 35}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted_post", "handle": 36}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted", "handle": 43}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted_pre", "handle": 44}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted_log", "handle": 45}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted_deny", "handle": 46}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted_allow", "handle": 47}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted_post", "handle": 48}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work", "handle": 55}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work_pre", "handle": 56}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work_log", "handle": 57}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work_deny", "handle": 58}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work_allow", "handle": 59}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work_post", "handle": 60}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work", "handle": 67}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work_pre", "handle": 68}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work_log", "handle": 69}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work_deny", "handle": 70}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work_allow", "handle": 71}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work_post", "handle": 72}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "handle": 3, "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 66, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "nat_PRE_work"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 42, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "nat_PRE_trusted"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 18, "expr": [{"goto": {"target": "nat_PRE_public"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "handle": 6, "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 78, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "nat_POST_work"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 54, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "nat_POST_trusted"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 30, "expr": [{"goto": {"target": "nat_POST_public"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "handle": 13, "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "handle": 14, "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "handle": 15, "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "handle": 16, "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "handle": 17, "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "handle": 25, "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "handle": 26, "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "handle": 27, "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "handle": 28, "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "handle": 29, "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 37, "expr": [{"jump": {"target": "nat_PRE_trusted_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 38, "expr": [{"jump": {"target": "nat_PRE_trusted_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 39, "expr": [{"jump": {"target": "nat_PRE_trusted_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 40, "expr": [{"jump": {"target": "nat_PRE_trusted_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 41, "expr": [{"jump": {"target": "nat_PRE_trusted_post"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 49, "expr": [{"jump": {"target": "nat_POST_trusted_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 50, "expr": [{"jump": {"target": "nat_POST_trusted_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 51, "expr": [{"jump": {"target": "nat_POST_trusted_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 52, "expr": [{"jump": {"target": "nat_POST_trusted_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 53, "expr": [{"jump": {"target": "nat_POST_trusted_post"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_work", "handle": 61, "expr": [{"jump": {"target": "nat_PRE_work_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_work", "handle": 62, "expr": [{"jump": {"target": "nat_PRE_work_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_work", "handle": 63, "expr": [{"jump": {"target": "nat_PRE_work_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_work", "handle": 64, "expr": [{"jump": {"target": "nat_PRE_work_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_work", "handle": 65, "expr": [{"jump": {"target": "nat_PRE_work_post"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_work", "handle": 73, "expr": [{"jump": {"target": "nat_POST_work_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_work", "handle": 74, "expr": [{"jump": {"target": "nat_POST_work_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_work", "handle": 75, "expr": [{"jump": {"target": "nat_POST_work_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_work", "handle": 76, "expr": [{"jump": {"target": "nat_POST_work_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_work", "handle": 77, "expr": [{"jump": {"target": "nat_POST_work_post"}}]}}]} diff --git a/tests/shell/testcases/transactions/dumps/0050rule_1.json-nft b/tests/shell/testcases/transactions/dumps/0050rule_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0050rule_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/30s-stress.json-nft b/tests/shell/testcases/transactions/dumps/30s-stress.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/30s-stress.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/anon_chain_loop.json-nft b/tests/shell/testcases/transactions/dumps/anon_chain_loop.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/anon_chain_loop.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/bad_expression.json-nft b/tests/shell/testcases/transactions/dumps/bad_expression.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/bad_expression.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/transactions/dumps/table_onoff.json-nft b/tests/shell/testcases/transactions/dumps/table_onoff.json-nft new file mode 100644 index 00000000..e9deddec --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/table_onoff.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 3, "flags": "dormant"}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 1, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 2, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "daddr"}}, "right": "127.0.0.42"}}, {"counter": {"packets": 0, "bytes": 0}}]}}]} |