diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-07-03 17:24:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-07-07 20:53:11 +0200 |
commit | b0f6a45b25dd1b8e4ab0e3b2dd2a00d918ae29c0 (patch) | |
tree | d2d457d0b8384aee1f7a6d176c21ec9cf8814db6 /tests/shell | |
parent | 1dc9be8445265498a2db534ae254260b6e7dd75b (diff) |
src: add --literal option
Default not to print the service name as we discussed during the NFWS.
# nft list ruleset
table ip x {
chain y {
tcp dport 22
ip saddr 1.1.1.1
}
}
# nft -l list ruleset
table ip x {
chain y {
tcp dport ssh
ip saddr 1.1.1.1
}
}
# nft -ll list ruleset
table ip x {
chain y {
tcp dport 22
ip saddr 1dot1dot1dot1.cloudflare-dns.com
}
}
Then, -ll displays FQDN. just like the (now deprecated) --ip2name (-N)
option.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell')
10 files changed, 11 insertions, 11 deletions
diff --git a/tests/shell/testcases/nft-f/0008split_tables_0 b/tests/shell/testcases/nft-f/0008split_tables_0 index c4ca717f..2631aed4 100755 --- a/tests/shell/testcases/nft-f/0008split_tables_0 +++ b/tests/shell/testcases/nft-f/0008split_tables_0 @@ -5,7 +5,7 @@ set -e RULESET="table inet filter { chain ssh { type filter hook input priority 0; policy accept; - tcp dport ssh accept; + tcp dport 22 accept; } } diff --git a/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft index 1211411f..1ab6e864 100644 --- a/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft +++ b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft @@ -1,7 +1,7 @@ table inet filter { chain ssh { type filter hook input priority 0; policy accept; - tcp dport ssh accept + tcp dport 22 accept } chain input { diff --git a/tests/shell/testcases/nft-f/dumps/0009variable_0.nft b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft index a793751b..7f59a273 100644 --- a/tests/shell/testcases/nft-f/dumps/0009variable_0.nft +++ b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft @@ -1,7 +1,7 @@ table inet forward { set concat-set-variable { type ipv4_addr . inet_service - elements = { 10.10.10.10 . smtp, - 10.10.10.10 . imap2 } + elements = { 10.10.10.10 . 25, + 10.10.10.10 . 143 } } } diff --git a/tests/shell/testcases/optionals/dumps/comments_0.nft b/tests/shell/testcases/optionals/dumps/comments_0.nft index 416a07e0..f47e0d51 100644 --- a/tests/shell/testcases/optionals/dumps/comments_0.nft +++ b/tests/shell/testcases/optionals/dumps/comments_0.nft @@ -1,5 +1,5 @@ table ip test { chain test { - tcp dport ssh counter packets 0 bytes 0 accept comment "test_comment" + tcp dport 22 counter packets 0 bytes 0 accept comment "test_comment" } } diff --git a/tests/shell/testcases/optionals/dumps/comments_handles_0.nft b/tests/shell/testcases/optionals/dumps/comments_handles_0.nft index 416a07e0..f47e0d51 100644 --- a/tests/shell/testcases/optionals/dumps/comments_handles_0.nft +++ b/tests/shell/testcases/optionals/dumps/comments_handles_0.nft @@ -1,5 +1,5 @@ table ip test { chain test { - tcp dport ssh counter packets 0 bytes 0 accept comment "test_comment" + tcp dport 22 counter packets 0 bytes 0 accept comment "test_comment" } } diff --git a/tests/shell/testcases/optionals/dumps/handles_0.nft b/tests/shell/testcases/optionals/dumps/handles_0.nft index eb0af811..085c6cf1 100644 --- a/tests/shell/testcases/optionals/dumps/handles_0.nft +++ b/tests/shell/testcases/optionals/dumps/handles_0.nft @@ -1,5 +1,5 @@ table ip test { chain test { - tcp dport ssh counter packets 0 bytes 0 accept + tcp dport 22 counter packets 0 bytes 0 accept } } diff --git a/tests/shell/testcases/sets/dumps/0020comments_0.nft b/tests/shell/testcases/sets/dumps/0020comments_0.nft index d5330848..8b7d60aa 100644 --- a/tests/shell/testcases/sets/dumps/0020comments_0.nft +++ b/tests/shell/testcases/sets/dumps/0020comments_0.nft @@ -1,6 +1,6 @@ table inet t { set s { type inet_service - elements = { ssh comment "test" } + elements = { 22 comment "test" } } } diff --git a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft index 58c213ff..e518906c 100644 --- a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft +++ b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft @@ -8,6 +8,6 @@ table ip t { } chain c { - tcp dport http meter f size 1024 { ip saddr limit rate 10/second} + tcp dport 80 meter f size 1024 { ip saddr limit rate 10/second} } } diff --git a/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft index c823ae9d..78b7dec5 100644 --- a/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft +++ b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft @@ -2,6 +2,6 @@ table ip t { chain c { type filter hook output priority 0; policy accept; ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 } - tcp dport { ssh, telnet } counter packets 0 bytes 0 + tcp dport { 22, 23 } counter packets 0 bytes 0 } } diff --git a/tests/shell/testcases/sets/dumps/0026named_limit_0.nft b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft index 0d1f1254..5d63ab20 100644 --- a/tests/shell/testcases/sets/dumps/0026named_limit_0.nft +++ b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft @@ -5,6 +5,6 @@ table ip filter { chain input { type filter hook input priority 0; policy accept; - limit name tcp dport map { http : "http-traffic", https : "http-traffic" } + limit name tcp dport map { 80 : "http-traffic", 443 : "http-traffic" } } } |