blob: 5518c0b2de46b4bbde6b941a6c14a453f22fc3ec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
#!/bin/bash
# test a kernel rollback operation
# fail reason: rule
tmpfile=$(mktemp)
if [ ! -w $tmpfile ] ; then
echo "Failed to create tmp file" >&2
exit 0
fi
trap "rm -rf $tmpfile" EXIT # cleanup if aborted
GOOD_RULESET="table ip t {
set t {
type ipv4_addr
elements = { 1.1.1.1}
}
chain c {
ct state new
tcp dport { 22222}
ip saddr @t drop
jump other
}
chain other {
}
}"
BAD_RULESET="flush ruleset
table ip t2 {
chain c2 {
this is an invalid rule
}
}"
echo "$GOOD_RULESET" > $tmpfile
$NFT -f $tmpfile
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
echo "$BAD_RULESET" > $tmpfile
$NFT -f $tmpfile 2>/dev/null
if [ $? -eq 0 ] ; then
echo "E: bogus ruleset loaded?" >&2
exit 1
fi
KERNEL_RULESET="$($NFT list ruleset -nn)"
if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
[ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET")
exit 1
fi
exit 0
|