diff options
author | Phil Sutter <phil@nwl.cc> | 2019-10-30 21:45:39 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2019-11-07 12:46:16 +0100 |
commit | 332325e3c3fab4c25bb5f387f9663205f63748dc (patch) | |
tree | b9e616a69a3b87829c4f6531a6677119d9af6275 /tests/shell | |
parent | 856c78d4fdc73ac746ef1473f08d78cf2ebcbc4c (diff) |
libnftables: Store top_scope in struct nft_ctx
Allow for interactive sessions to make use of defines. Since parser is
initialized for each line, top scope defines didn't persist although
they are actually useful for stuff like:
| # nft -i
| define goodports = { 22, 23, 80, 443 }
| add rule inet t c tcp dport $goodports accept
| add rule inet t c tcp sport $goodports accept
While being at it, introduce scope_alloc() and scope_free().
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell')
-rwxr-xr-x | tests/shell/testcases/nft-i/0001define_0 | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/tests/shell/testcases/nft-i/0001define_0 b/tests/shell/testcases/nft-i/0001define_0 new file mode 100755 index 00000000..62e1b6de --- /dev/null +++ b/tests/shell/testcases/nft-i/0001define_0 @@ -0,0 +1,22 @@ +#!/bin/bash + +set -e + +# test if using defines in interactive nft sessions works + +$NFT -i >/dev/null <<EOF +add table inet t +add chain inet t c +define ports = { 22, 443 } +add rule inet t c tcp dport \$ports accept +add rule inet t c udp dport \$ports accept +EOF + +$NFT -i >/dev/null <<EOF +define port = 22 +flush chain inet t c +redefine port = 443 +delete chain inet t c +undefine port +delete table inet t +EOF |