diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-01-15 18:40:11 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-01-15 18:44:24 +0100 |
| commit | 8b043938e77b1f421beccff595117d6e4ff8eecc (patch) | |
| tree | 39f0caa782cea92ebb3377abeda93a4baf86479f /tests/py/ip/ct.t | |
| parent | 5946b3930b4e568b61065ac4e3cda6f9006e3833 (diff) | |
evaluate: disallow ct original {s,d}ddr from maps
test.nft:6:55-71: Error: specify either ip or ip6 for address matching
add rule ip mangle manout ct direction reply mark set ct original daddr map { $ext1_ip : 0x11, $ext2_ip : 0x12 }
^^^^^^^^^^^^^^^^^
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1489
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip/ct.t')
| -rw-r--r-- | tests/py/ip/ct.t | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/tests/py/ip/ct.t b/tests/py/ip/ct.t index d3247f79..c5ce1274 100644 --- a/tests/py/ip/ct.t +++ b/tests/py/ip/ct.t @@ -21,3 +21,6 @@ ct original protocol 17 ct reply proto-src 53;ok;ct protocol 17 ct reply proto-s # wrong address family ct reply ip daddr dead::beef;fail + +meta mark set ct original daddr map { 1.1.1.1 : 0x00000011 };fail +meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 };ok |