path: root/tests/options-most.rules
diff options
authorJan Engelhardt <>2011-06-07 22:20:13 +0200
committerJan Engelhardt <>2011-06-07 22:33:13 +0200
commit780607f8b040a47cd2d4775376e2d30f567dc049 (patch)
tree1dc9372b7556774c0164241929b4c4edfbf163f1 /tests/options-most.rules
parent6a74dc80fcdf48e2b149e92aee08f3445055ea3b (diff)
option: fix ignored negation before implicit extension loading
`iptables -A INPUT -p tcp ! --syn` forgot the negation, i.e. it was not present in a subsequent `iptables -S`. Commit v1.4.11~77^2~9 missed the fact that after autoloading a proto extension, cs.invert must not be touched until the next getopt call. This is now fixed by having command_default return a value to indicate whether to jump or not. Signed-off-by: Jan Engelhardt <>
Diffstat (limited to 'tests/options-most.rules')
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/options-most.rules b/tests/options-most.rules
index 4cd3a87d..6c4a8313 100644
--- a/tests/options-most.rules
+++ b/tests/options-most.rules
@@ -38,6 +38,8 @@
-A INPUT -p tcp -m recent --rcheck --name DEFAULT --rsource
-A INPUT -p tcp -m socket --transparent
-A INPUT -p tcp -m string --string "foobar" --algo kmp --from 1 --to 2 --icase
+-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN
-A INPUT -p tcp -m tos --tos 0xff/0x01
-A INPUT -p tcp -m u32 --u32 "0x0=0x0" -m u32 --u32 "0x0=0x0"
-A INPUT -p tcp -m hbh -m hbh -m hl --hl-eq 1 -m ipv6header --header hop-by-hop --soft