diff options
| author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2019-08-02 12:12:08 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-08-08 12:32:48 +0200 |
| commit | 627c451b2351310da9ad82dbdb64747b1fada8e5 (patch) | |
| tree | a049c393ec78296bd014d807943c573c75695e81 /tests/shell | |
| parent | 45cb29a2ada4edfc2b547fe023d923ce0299a61d (diff) | |
src: allow variables in the chain priority specification
This patch allows you to use variables in chain priority definitions,
e.g.
define prio = filter
define prionum = 10
define prioffset = "filter - 150"
add table ip foo
add chain ip foo bar { type filter hook input priority $prio; }
add chain ip foo ber { type filter hook input priority $prionum; }
add chain ip foo bor { type filter hook input priority $prioffset; }
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell')
6 files changed, 80 insertions, 0 deletions
diff --git a/tests/shell/testcases/nft-f/0021priority_variable_0 b/tests/shell/testcases/nft-f/0021priority_variable_0 new file mode 100755 index 00000000..2b143dbb --- /dev/null +++ b/tests/shell/testcases/nft-f/0021priority_variable_0 @@ -0,0 +1,17 @@ +#!/bin/bash + +# Tests use of variables in priority specification + +set -e + +RULESET=" +define pri = filter + +table inet global { + chain prerouting { + type filter hook prerouting priority \$pri + policy accept + } +}" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/nft-f/0022priority_variable_0 b/tests/shell/testcases/nft-f/0022priority_variable_0 new file mode 100755 index 00000000..51bc5eb1 --- /dev/null +++ b/tests/shell/testcases/nft-f/0022priority_variable_0 @@ -0,0 +1,17 @@ +#!/bin/bash + +# Tests use of variables in priority specification + +set -e + +RULESET=" +define pri = 10 + +table inet global { + chain prerouting { + type filter hook prerouting priority \$pri + policy accept + } +}" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/nft-f/0023priority_variable_1 b/tests/shell/testcases/nft-f/0023priority_variable_1 new file mode 100755 index 00000000..eddaf5b9 --- /dev/null +++ b/tests/shell/testcases/nft-f/0023priority_variable_1 @@ -0,0 +1,18 @@ +#!/bin/bash + +# Tests use of variables in priority specification + +set -e + +RULESET=" +define pri = * + +table inet global { + chain prerouting { + type filter hook prerouting priority \$pri + policy accept + } +}" + +$NFT -f - <<< "$RULESET" && exit 1 +exit 0 diff --git a/tests/shell/testcases/nft-f/0024priority_variable_1 b/tests/shell/testcases/nft-f/0024priority_variable_1 new file mode 100755 index 00000000..592cb56b --- /dev/null +++ b/tests/shell/testcases/nft-f/0024priority_variable_1 @@ -0,0 +1,18 @@ +#!/bin/bash + +# Tests use of variables in priority specification + +set -e + +RULESET=" +define pri = { 127.0.0.1 } + +table inet global { + chain prerouting { + type filter hook prerouting priority \$pri + policy accept + } +}" + +$NFT -f - <<< "$RULESET" && exit 1 +exit 0 diff --git a/tests/shell/testcases/nft-f/dumps/0021priority_variable_0.nft b/tests/shell/testcases/nft-f/dumps/0021priority_variable_0.nft new file mode 100644 index 00000000..f4093097 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0021priority_variable_0.nft @@ -0,0 +1,5 @@ +table inet global { + chain prerouting { + type filter hook prerouting priority filter; policy accept; + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0022priority_variable_0.nft b/tests/shell/testcases/nft-f/dumps/0022priority_variable_0.nft new file mode 100644 index 00000000..2e944599 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0022priority_variable_0.nft @@ -0,0 +1,5 @@ +table inet global { + chain prerouting { + type filter hook prerouting priority filter + 10; policy accept; + } +} |