diff options
Diffstat (limited to 'tests/shell/testcases/nft-f/dumps')
8 files changed, 103 insertions, 0 deletions
diff --git a/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft new file mode 100644 index 00000000..1211411f --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft @@ -0,0 +1,10 @@ +table inet filter { + chain ssh { + type filter hook input priority 0; policy accept; + tcp dport ssh accept + } + + chain input { + type filter hook input priority 1; policy accept; + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0009variable_0.nft b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft new file mode 100644 index 00000000..a793751b --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft @@ -0,0 +1,7 @@ +table inet forward { + set concat-set-variable { + type ipv4_addr . inet_service + elements = { 10.10.10.10 . smtp, + 10.10.10.10 . imap2 } + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0010variable_0.nft b/tests/shell/testcases/nft-f/dumps/0010variable_0.nft new file mode 100644 index 00000000..1f3d05e8 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0010variable_0.nft @@ -0,0 +1,6 @@ +table inet filter { + set whitelist_v4 { + type ipv4_addr + elements = { 1.1.1.1 } + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft new file mode 100644 index 00000000..e9eef4b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft @@ -0,0 +1,16 @@ +table inet t { + chain c { + iifname "whatever" oifname "whatever" iif "lo" oif "lo" + iifname { "whatever" } iif { "lo" } mark 0x0000007b + ct state established,related,new + ct state != established | related | new + ip saddr 10.0.0.0 ip saddr 10.0.0.0 ip daddr 10.0.0.2 + ip6 daddr fe0::1 ip6 saddr fe0::2 + ip saddr vmap { 10.0.0.0 : drop, 10.0.0.2 : accept } + ip6 daddr vmap { fe0::1 : drop, fe0::2 : accept } + ip6 saddr . ip6 nexthdr { fe0::1 . udp, fe0::2 . tcp } + ip daddr . iif vmap { 10.0.0.0 . "lo" : accept } + tcp dport 100-222 + udp dport vmap { 100-222 : accept } + } +} |