diff options
| author | Phil Sutter <phil@nwl.cc> | 2024-07-12 20:30:10 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2024-07-27 14:32:39 +0200 |
| commit | 73ac92c769c5f27ac59266ad94031ab6d54af80b (patch) | |
| tree | c303218d713736096d06d8c8f5236a1e2f720bed /iptables/tests | |
| parent | 5aa4935bc88fd8acf90cce4535e58fc3be85f055 (diff) | |
xtables-monitor: Print commands instead of -4/-6/-0 flags
The '-4' and '-6' flags are a rarely used feature of iptables-restore.
The '-0' flag is purely artificial and not recognized anywhere (at least
not as an arptables rule prefix in this sense). Finally, there is no
such flag for ebtables in the first place. Go with a more intuitively
clear approach and instead print the typical command which added the
rule being printed.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/tests')
| -rwxr-xr-x | iptables/tests/shell/testcases/nft-only/0012-xtables-monitor_0 | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/iptables/tests/shell/testcases/nft-only/0012-xtables-monitor_0 b/iptables/tests/shell/testcases/nft-only/0012-xtables-monitor_0 index ef1ec3c9..c49b7ccd 100755 --- a/iptables/tests/shell/testcases/nft-only/0012-xtables-monitor_0 +++ b/iptables/tests/shell/testcases/nft-only/0012-xtables-monitor_0 @@ -42,13 +42,13 @@ monitorcheck() { # (cmd ...) EXP="\ EVENT: nft: NEW table: table filter ip flags 0 use 1 handle 0 EVENT: nft: NEW chain: ip filter FORWARD use 1 type filter hook forward prio 0 policy accept packets 0 bytes 0 flags 1 - EVENT: -4 -t filter -A FORWARD -j ACCEPT" + EVENT: iptables -t filter -A FORWARD -j ACCEPT" monitorcheck iptables -A FORWARD -j ACCEPT EXP="\ EVENT: nft: NEW table: table filter ip6 flags 0 use 1 handle 0 EVENT: nft: NEW chain: ip6 filter FORWARD use 1 type filter hook forward prio 0 policy accept packets 0 bytes 0 flags 1 - EVENT: -6 -t filter -A FORWARD -j ACCEPT" + EVENT: ip6tables -t filter -A FORWARD -j ACCEPT" monitorcheck ip6tables -A FORWARD -j ACCEPT EXP="\ @@ -60,68 +60,68 @@ monitorcheck ebtables -A FORWARD -j ACCEPT EXP="\ EVENT: nft: NEW table: table filter arp flags 0 use 1 handle 0 EVENT: nft: NEW chain: arp filter INPUT use 1 type filter hook input prio 0 policy accept packets 0 bytes 0 flags 1 - EVENT: -0 -t filter -A INPUT -j ACCEPT" + EVENT: arptables -t filter -A INPUT -j ACCEPT" monitorcheck arptables -A INPUT -j ACCEPT -EXP=" EVENT: -4 -t filter -N foo" +EXP=" EVENT: iptables -t filter -N foo" monitorcheck iptables -N foo -EXP=" EVENT: -6 -t filter -N foo" +EXP=" EVENT: ip6tables -t filter -N foo" monitorcheck ip6tables -N foo -EXP=" EVENT: nft: NEW chain: bridge filter foo use 1" +EXP=" EVENT: ebtables -t filter -N foo" monitorcheck ebtables -N foo -EXP=" EVENT: -0 -t filter -N foo" +EXP=" EVENT: arptables -t filter -N foo" monitorcheck arptables -N foo # meta l4proto matches require proper nft_handle:family value -EXP=" EVENT: -4 -t filter -A FORWARD -i eth1 -o eth2 -p tcp -m tcp --dport 22 -j ACCEPT" +EXP=" EVENT: iptables -t filter -A FORWARD -i eth1 -o eth2 -p tcp -m tcp --dport 22 -j ACCEPT" monitorcheck iptables -A FORWARD -i eth1 -o eth2 -p tcp --dport 22 -j ACCEPT -EXP=" EVENT: -6 -t filter -A FORWARD -i eth1 -o eth2 -p udp -m udp --sport 1337 -j ACCEPT" +EXP=" EVENT: ip6tables -t filter -A FORWARD -i eth1 -o eth2 -p udp -m udp --sport 1337 -j ACCEPT" monitorcheck ip6tables -A FORWARD -i eth1 -o eth2 -p udp --sport 1337 -j ACCEPT EXP=" EVENT: ebtables -t filter -A FORWARD -p IPv4 -i eth1 -o eth2 --ip-proto udp --ip-sport 1337 -j ACCEPT" monitorcheck ebtables -A FORWARD -i eth1 -o eth2 -p ip --ip-protocol udp --ip-source-port 1337 -j ACCEPT -EXP=" EVENT: -0 -t filter -A INPUT -j ACCEPT -i eth1 -s 1.2.3.4 --src-mac 01:02:03:04:05:06" +EXP=" EVENT: arptables -t filter -A INPUT -j ACCEPT -i eth1 -s 1.2.3.4 --src-mac 01:02:03:04:05:06" monitorcheck arptables -A INPUT -i eth1 -s 1.2.3.4 --src-mac 01:02:03:04:05:06 -j ACCEPT -EXP=" EVENT: -4 -t filter -D FORWARD -i eth1 -o eth2 -p tcp -m tcp --dport 22 -j ACCEPT" +EXP=" EVENT: iptables -t filter -D FORWARD -i eth1 -o eth2 -p tcp -m tcp --dport 22 -j ACCEPT" monitorcheck iptables -D FORWARD -i eth1 -o eth2 -p tcp --dport 22 -j ACCEPT -EXP=" EVENT: -6 -t filter -D FORWARD -i eth1 -o eth2 -p udp -m udp --sport 1337 -j ACCEPT" +EXP=" EVENT: ip6tables -t filter -D FORWARD -i eth1 -o eth2 -p udp -m udp --sport 1337 -j ACCEPT" monitorcheck ip6tables -D FORWARD -i eth1 -o eth2 -p udp --sport 1337 -j ACCEPT EXP=" EVENT: ebtables -t filter -D FORWARD -p IPv4 -i eth1 -o eth2 --ip-proto udp --ip-sport 1337 -j ACCEPT" monitorcheck ebtables -D FORWARD -i eth1 -o eth2 -p ip --ip-protocol udp --ip-source-port 1337 -j ACCEPT -EXP=" EVENT: -0 -t filter -D INPUT -j ACCEPT -i eth1 -s 1.2.3.4 --src-mac 01:02:03:04:05:06" +EXP=" EVENT: arptables -t filter -D INPUT -j ACCEPT -i eth1 -s 1.2.3.4 --src-mac 01:02:03:04:05:06" monitorcheck arptables -D INPUT -i eth1 -s 1.2.3.4 --src-mac 01:02:03:04:05:06 -j ACCEPT -EXP=" EVENT: -4 -t filter -X foo" +EXP=" EVENT: iptables -t filter -X foo" monitorcheck iptables -X foo -EXP=" EVENT: -6 -t filter -X foo" +EXP=" EVENT: ip6tables -t filter -X foo" monitorcheck ip6tables -X foo -EXP=" EVENT: nft: DEL chain: bridge filter foo use 0" +EXP=" EVENT: ebtables -t filter -X foo" monitorcheck ebtables -X foo -EXP=" EVENT: -0 -t filter -X foo" +EXP=" EVENT: arptables -t filter -X foo" monitorcheck arptables -X foo -EXP=" EVENT: -4 -t filter -D FORWARD -j ACCEPT" +EXP=" EVENT: iptables -t filter -D FORWARD -j ACCEPT" monitorcheck iptables -F FORWARD -EXP=" EVENT: -6 -t filter -D FORWARD -j ACCEPT" +EXP=" EVENT: ip6tables -t filter -D FORWARD -j ACCEPT" monitorcheck ip6tables -F FORWARD EXP=" EVENT: ebtables -t filter -D FORWARD -j ACCEPT" monitorcheck ebtables -F FORWARD -EXP=" EVENT: -0 -t filter -D INPUT -j ACCEPT" +EXP=" EVENT: arptables -t filter -D INPUT -j ACCEPT" monitorcheck arptables -F INPUT EXP=" EVENT: nft: DEL chain: ip filter FORWARD use 0 type filter hook forward prio 0 policy accept packets 0 bytes 0 flags 1" |