diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-04 03:10:06 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-14 19:24:44 +0200 |
commit | 95d348d55a9e0c8f77bf34578258c79cc4f5b96c (patch) | |
tree | fc0930df9690f9fb5c1d398f2280c08c64a0b14b /tests/shell | |
parent | cdde55e438fe6dad739c6e81f317779cc37479fa (diff) |
tests: shell: extend connlimit test
Extend existing test to add a ct count expression in the set definition.
This test cover the upstream kernel fix ad9f151e560b ("netfilter:
nf_tables: initialize set before expression setup").
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell')
-rwxr-xr-x | tests/shell/testcases/sets/0062set_connlimit_0 | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0062set_connlimit_0 b/tests/shell/testcases/sets/0062set_connlimit_0 index 4f95f383..48d589fe 100755 --- a/tests/shell/testcases/sets/0062set_connlimit_0 +++ b/tests/shell/testcases/sets/0062set_connlimit_0 @@ -12,3 +12,15 @@ RULESET="table ip x { }" $NFT -f - <<< $RULESET + +RULESET="table ip x { + set new-connlimit { + type ipv4_addr + size 65535 + flags dynamic + ct count over 20 + elements = { 84.245.120.167 } + } +}" + +$NFT -f - <<< $RULESET |