iptables - iptables tree

	Commit message (Collapse)	Author	Age	Files	Lines
*	libxtables: Extend MAC address printing/parsing support	Phil Sutter	2020-12-03	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Adding a parser which supports common names for special MAC/mask combinations and a print routine detecting those special addresses and printing the respective name allows to consolidate all the various duplicated implementations. The side-effects of this change are manageable: * arptables now accepts "BGA" as alias for the bridge group address * "mac" match now prints MAC addresses in lower-case which is consistent with the remaining code at least Signed-off-by: Phil Sutter <phil@nwl.cc>
*	iptables-xml: Use add_param_to_argv()	Phil Sutter	2019-10-24	2	-0/+938
\| \| \| \| \| \| \| \| \|	Extend the shared argv parser by storing whether a given argument was quoted or not, then use it in iptables-xml. One remaining extra bit is extraction of chain name in -A commands, do that afterwards in a loop. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Florian Westphal <fw@strlen.de>
*	nft: don't print rule counters unless verbose	Eric Garver	2018-08-01	1	-0/+30
\| \| \| \| \| \| \| \| \| \| \|	Currently rule counters are always printed, but that's not the desired behavior. We should only print them with the verbose flag. This broke when the arguments of nft_rule_print_save() were changed to accept the format instead of a counters flag. Fixes: cdc78b1d6bd7 ("nft: convert rule into a command state structure") Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: Florian Westphal <fw@strlen.de>
*	iptables: tests: add test for iptables-save and iptables-restore	Arushi Singhal	2018-07-10	1	-0/+47
\| \| \| \| \| \| \|	Add test for testing if iptables configuration is restored and saved. Signed-off-by: Arushi Singhal <arushisinghal19971997@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	tests: add firewalld default ruleset from fedora 27	Florian Westphal	2018-06-27	3	-0/+320
\| \| \| \| \| \| \|	The ipv4 version has bogus counters so this can also check save/restore -c option. Signed-off-by: Florian Westphal <fw@strlen.de>
*	tests: add another ipv4 only ruleset	Florian Westphal	2018-06-27	2	-0/+82
\| \| \| \|	Signed-off-by: Florian Westphal <fw@strlen.de>
*	tests: add initial save/restore test cases	Florian Westphal	2018-06-27	3	-0/+129
	Add script to restore ipt-save files and compare it with save output. This should be extended to cover as many rulesets as possible, so this is only a start. The test script is changed to pass XT_MULTI instead of iptables/ip6tables. This allows ip(6)tables/ebt/arp only test scripts and avoids running all scripts multiple times for ip/ip6tables. Current expected output: I: [OK] ./iptables/tests/shell/testcases/chain/0001duplicate_1 I: [OK] ./iptables/tests/shell/testcases/chain/000newchain_0 I: [OK] ./iptables/tests/shell/testcases/chain/0005rename_1 I: [OK] ./iptables/tests/shell/testcases/ipt-save/0001load-dumps_0 I: legacy results: [OK] 10 [FAILED] 0 [TOTAL] 10 I: [OK] ./iptables/tests/shell/testcases/chain/0001duplicate_1 I: [OK] ./iptables/tests/shell/testcases/chain/0004newchain_0 I: [OK] ./iptables/tests/shell/testcases/chain/0005rename_1 I: [OK] ./iptables/tests/shell/testcases/ipt-save/0001load-dumps_0 I: nft results: [OK] 10 [FAILED] 0 [TOTAL] 10 I: combined results: [OK] 20 [FAILED] 0 [TOTAL] 20 Signed-off-by: Florian Westphal <fw@strlen.de>