diff options
author | Phil Sutter <phil@nwl.cc> | 2022-09-22 19:04:32 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2022-09-22 21:50:53 +0200 |
commit | d1aa01483b5cac8c70c9385033e60efd7a744e1f (patch) | |
tree | 3d72aad03a766da24a07d8b95e59be03fc8509ed /iptables/tests/shell/testcases | |
parent | dccccdff1f6d37a2f1fdbc4ef22f2a97bf0cf1a6 (diff) |
tests: shell: Test delinearization of native nftables expressions
Even if iptables-nft doesn't generate them anymore, it should continue
to correctly parse them. Make sure this is tested for.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/tests/shell/testcases')
-rwxr-xr-x | iptables/tests/shell/testcases/nft-only/0010-native-delinearize_0 | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/iptables/tests/shell/testcases/nft-only/0010-native-delinearize_0 b/iptables/tests/shell/testcases/nft-only/0010-native-delinearize_0 new file mode 100755 index 00000000..cca36fd8 --- /dev/null +++ b/iptables/tests/shell/testcases/nft-only/0010-native-delinearize_0 @@ -0,0 +1,26 @@ +#!/bin/bash + +[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; } +nft -v >/dev/null || exit 0 + +set -e + +nft -f - <<EOF +table ip filter { + chain FORWARD { + type filter hook forward priority filter; + limit rate 10/day counter + udp dport 42 counter + } +} +EOF + +EXPECT="*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A FORWARD -m limit --limit 10/day +-A FORWARD -p udp -m udp --dport 42 +COMMIT" + +diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables-save | grep -v '^#') |