blob: 59bdbe9f0ba9dbe6ea797297f65ffeeae0b4ca64 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
#!/bin/bash
set -e
EXPECTED="table inet x {
chain y {
type filter hook input priority 0;
meta l4proto { tcp, udp } th dport 53 jump {
ip saddr { 127.0.0.0/8, 172.23.0.0/16, 192.168.13.0/24 } counter accept
ip6 saddr ::1/128 counter accept
}
}
}"
$NFT -f - <<< $EXPECTED
$NFT add rule inet x y meta l4proto icmpv6 jump { counter accept\; }
$NFT add rule inet x y meta l4proto sctp jump { drop\; }
$NFT delete rule inet x y handle 13
|