blob: 4b541bb55c309bdef806e0ff0be43bd4c4e91a71 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
#!/bin/bash
# no table x, caused segfault in earlier nft releases
$NFT insert rule inet x y handle 107 'goto { log prefix "MOO! "; }'
if [ $? -ne 1 ]; then
exit 1
fi
set -e
EXPECTED="table inet x {
chain y {
type filter hook input priority 0;
meta l4proto { tcp, udp } th dport 53 jump {
ip saddr { 127.0.0.0/8, 172.23.0.0/16, 192.168.13.0/24 } counter accept
ip6 saddr ::1/128 counter accept
}
}
}"
$NFT -f - <<< $EXPECTED
$NFT add rule inet x y meta l4proto icmpv6 jump { counter accept\; }
$NFT add rule inet x y meta l4proto sctp jump { drop\; }
$NFT delete rule inet x y handle 13
|