diff options
| author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2019-08-02 12:12:10 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-08-08 12:43:10 +0200 |
| commit | dba4a9b4b5fe2c4b6929be799fdb9332fc653e1b (patch) | |
| tree | 800a99b457f9a37fd7790a8308c0d4ec33809510 /tests | |
| parent | 627c451b2351310da9ad82dbdb64747b1fada8e5 (diff) | |
src: allow variable in chain policy
This patch allows you to use variables in chain policy definition, e.g.
define default_policy = "accept"
add table ip foo
add chain ip foo bar {type filter hook input priority filter; policy $default_policy}
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
6 files changed, 80 insertions, 0 deletions
diff --git a/tests/shell/testcases/nft-f/0025policy_variable_0 b/tests/shell/testcases/nft-f/0025policy_variable_0 new file mode 100644 index 00000000..b88e9680 --- /dev/null +++ b/tests/shell/testcases/nft-f/0025policy_variable_0 @@ -0,0 +1,17 @@ +#!/bin/bash + +# Tests use of variables in chain policy + +set -e + +RULESET=" +define default_policy = \"accept\" + +table inet global { + chain prerouting { + type filter hook prerouting priority filter + policy \$default_policy + } +}" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/nft-f/0026policy_variable_0 b/tests/shell/testcases/nft-f/0026policy_variable_0 new file mode 100644 index 00000000..d4d98ede --- /dev/null +++ b/tests/shell/testcases/nft-f/0026policy_variable_0 @@ -0,0 +1,17 @@ +#!/bin/bash + +# Tests use of variables in chain policy + +set -e + +RULESET=" +define default_policy = \"drop\" + +table inet global { + chain prerouting { + type filter hook prerouting priority filter + policy \$default_policy + } +}" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/nft-f/0027policy_variable_1 b/tests/shell/testcases/nft-f/0027policy_variable_1 new file mode 100644 index 00000000..ae35516c --- /dev/null +++ b/tests/shell/testcases/nft-f/0027policy_variable_1 @@ -0,0 +1,18 @@ +#!/bin/bash + +# Tests use of variables in chain policy + +set -e + +RULESET=" +define default_policy = { 127.0.0.1 } + +table inet global { + chain prerouting { + type filter hook prerouting priority filter + policy \$default_policy + } +}" + +$NFT -f - <<< "$RULESET" && exit 1 +exit 0 diff --git a/tests/shell/testcases/nft-f/0028policy_variable_1 b/tests/shell/testcases/nft-f/0028policy_variable_1 new file mode 100644 index 00000000..027eb015 --- /dev/null +++ b/tests/shell/testcases/nft-f/0028policy_variable_1 @@ -0,0 +1,18 @@ +#!/bin/bash + +# Tests use of variables in priority specification + +set -e + +RULESET=" +define default_policy = * + +table inet global { + chain prerouting { + type filter hook prerouting priority filter + policy \$default_policy + } +}" + +$NFT -f - <<< "$RULESET" && exit 1 +exit 0 diff --git a/tests/shell/testcases/nft-f/dumps/0025policy_variable_0.nft b/tests/shell/testcases/nft-f/dumps/0025policy_variable_0.nft new file mode 100644 index 00000000..f4093097 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0025policy_variable_0.nft @@ -0,0 +1,5 @@ +table inet global { + chain prerouting { + type filter hook prerouting priority filter; policy accept; + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0026policy_variable_0.nft b/tests/shell/testcases/nft-f/dumps/0026policy_variable_0.nft new file mode 100644 index 00000000..d729e1ea --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0026policy_variable_0.nft @@ -0,0 +1,5 @@ +table inet global { + chain prerouting { + type filter hook prerouting priority filter; policy drop; + } +} |