summaryrefslogtreecommitdiffstats
path: root/tests/shell/testcases/packetpath/policy
diff options
context:
space:
mode:
Diffstat (limited to 'tests/shell/testcases/packetpath/policy')
-rwxr-xr-xtests/shell/testcases/packetpath/policy42
1 files changed, 42 insertions, 0 deletions
diff --git a/tests/shell/testcases/packetpath/policy b/tests/shell/testcases/packetpath/policy
new file mode 100755
index 00000000..0bb42a54
--- /dev/null
+++ b/tests/shell/testcases/packetpath/policy
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+ip link set lo up
+
+$NFT -f - <<EOF
+table inet filter {
+ chain underflow { }
+
+ chain input {
+ type filter hook input priority filter; policy accept;
+ icmp type echo-reply accept
+ ip saddr 127.0.0.1 ip daddr 127.0.0.2 counter accept
+ goto underflow
+ }
+}
+EOF
+[ $? -ne 0 ] && exit 1
+
+ping -q -c 1 127.0.0.2 >/dev/null || exit 2
+
+# should work, polict is accept.
+ping -q -c 1 127.0.0.1 >/dev/null || exit 1
+
+$NFT -f - <<EOF
+table inet filter {
+ chain input {
+ type filter hook input priority filter; policy drop;
+ }
+}
+EOF
+[ $? -ne 0 ] && exit 1
+
+$NFT list ruleset
+
+ping -W 1 -q -c 1 127.0.0.2
+
+ping -q -c 1 127.0.0.2 >/dev/null || exit 2
+
+# should fail, policy is set to drop
+ping -W 1 -q -c 1 127.0.0.1 >/dev/null 2>&1 && exit 1
+
+exit 0