From 4a2b2008fdf4df980433f99a6d8f2003f2005296 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 21 Jul 2023 19:40:30 +0200
Subject: *tables-restore: Enforce correct counters syntax if present

If '--counters' option was not given, restore parsers would ignore
anything following the policy word. Make them more strict, rejecting
anything in that spot which does not look like counter values even if
not restoring counters.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/tests/shell/testcases/ipt-restore/0008-restore-counters_0 | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'iptables/tests/shell')

diff --git a/iptables/tests/shell/testcases/ipt-restore/0008-restore-counters_0 b/iptables/tests/shell/testcases/ipt-restore/0008-restore-counters_0
index 5ac70682..854768c9 100755
--- a/iptables/tests/shell/testcases/ipt-restore/0008-restore-counters_0
+++ b/iptables/tests/shell/testcases/ipt-restore/0008-restore-counters_0
@@ -20,3 +20,10 @@ EXPECT=":foo - [0:0]
 
 $XT_MULTI iptables-restore --counters <<< "$DUMP"
 diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables-save --counters | grep foo)
+
+# if present, counters must be in proper format
+! $XT_MULTI iptables-restore <<EOF
+*filter
+:FORWARD ACCEPT bar
+COMMIT
+EOF
-- 
cgit v1.2.3