2 files changed, 16 insertions, 3 deletions

diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t
new file mode 100644
index 00000000..59ca337a
--- /dev/null
+++ b/extensions/libebt_standard.t
@@ -0,0 +1,6 @@
+:INPUT,FORWARD,OUTPUT
+-s 0:0:0:0:0:0;=;OK
+-d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK
+-s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK
+-d de:ad:be:ef:0:0;=;OK
+-d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;-d de:ad:be:ef:0:0/ff:ff:ff:ff:0:0 -j DROP;OK
diff --git a/iptables-test.py b/iptables-test.py
index 331fe59d..c199d509 100755
--- a/iptables-test.py
+++ b/iptables-test.py
@@ -17,11 +17,11 @@ import argparse
 
 IPTABLES = "iptables"
 IP6TABLES = "ip6tables"
-#IPTABLES = "xtables -4"
-#IP6TABLES = "xtables -6"
+EBTABLES = "ebtables"
 
 IPTABLES_SAVE = "iptables-save"
 IP6TABLES_SAVE = "ip6tables-save"
+EBTABLES_SAVE = "ebtables-save"
 #IPTABLES_SAVE = ['xtables-save','-4']
 #IP6TABLES_SAVE = ['xtables-save','-6']
 
@@ -111,6 +111,8 @@ def run_test(iptables, rule, rule_save, res, filename, lineno, netns):
             command = IPTABLES_SAVE
         elif splitted[0] == IP6TABLES:
             command = IP6TABLES_SAVE
+        elif splitted[0] == EBTABLES:
+            command = EBTABLES_SAVE
 
     path = os.path.abspath(os.path.curdir) + "/iptables/" + EXECUTEABLE
     command = path + " " + command
@@ -157,7 +159,7 @@ def execute_cmd(cmd, filename, lineno):
     :param lineno: line number being tested (used for print_error purposes)
     '''
     global log_file
-    if cmd.startswith('iptables ') or cmd.startswith('ip6tables '):
+    if cmd.startswith('iptables ') or cmd.startswith('ip6tables ') or cmd.startswith('ebtables '):
         cmd = os.path.abspath(os.path.curdir) + "/iptables/" + EXECUTEABLE + " " + cmd
 
     print >> log_file, "command: %s" % cmd
@@ -190,6 +192,11 @@ def run_test_file(filename, netns):
         iptables = IP6TABLES
     elif "libxt_"  in filename:
         iptables = IPTABLES
+    elif "libebt_" in filename:
+        # only supported with nf_tables backend
+        if EXECUTEABLE != "xtables-nft-multi":
+           return 0, 0
+        iptables = EBTABLES
     else:
         # default to iptables if not known prefix
         iptables = IPTABLES