diff options
-rw-r--r-- | src/libnftables.c | 3 | ||||
-rwxr-xr-x | tests/shell/testcases/include/0020include_chain_0 | 7 | ||||
-rw-r--r-- | tests/shell/testcases/include/dumps/0020include_chain_0.nft | 5 | ||||
-rwxr-xr-x | tests/shell/testcases/sets/0049set_define_0 | 12 | ||||
-rw-r--r-- | tests/shell/testcases/sets/dumps/0049set_define_0.nft | 7 |
5 files changed, 33 insertions, 1 deletions
diff --git a/src/libnftables.c b/src/libnftables.c index ec902009..0dee1bac 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -532,7 +532,8 @@ static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs, collapsed = true; list_for_each_entry(cmd, cmds, list) { - if (cmd->op != CMD_ADD) + if (cmd->op != CMD_ADD && + cmd->op != CMD_CREATE) continue; nft_cmd_expand(cmd); diff --git a/tests/shell/testcases/include/0020include_chain_0 b/tests/shell/testcases/include/0020include_chain_0 index 8f78e8c6..49b6f76c 100755 --- a/tests/shell/testcases/include/0020include_chain_0 +++ b/tests/shell/testcases/include/0020include_chain_0 @@ -20,4 +20,11 @@ RULESET2="chain inet filter input2 { echo "$RULESET2" > $tmpfile1 +RULESET3="create chain inet filter output2 { + type filter hook output priority filter; policy accept; + ip daddr 1.2.3.4 tcp dport { 22, 443, 123 } drop +}" + +echo "$RULESET3" >> $tmpfile1 + $NFT -o -f - <<< $RULESET diff --git a/tests/shell/testcases/include/dumps/0020include_chain_0.nft b/tests/shell/testcases/include/dumps/0020include_chain_0.nft index 3ad6db14..bf596ffb 100644 --- a/tests/shell/testcases/include/dumps/0020include_chain_0.nft +++ b/tests/shell/testcases/include/dumps/0020include_chain_0.nft @@ -3,4 +3,9 @@ table inet filter { type filter hook input priority filter; policy accept; ip saddr 1.2.3.4 tcp dport { 22, 123, 443 } drop } + + chain output2 { + type filter hook output priority filter; policy accept; + ip daddr 1.2.3.4 tcp dport { 22, 123, 443 } drop + } } diff --git a/tests/shell/testcases/sets/0049set_define_0 b/tests/shell/testcases/sets/0049set_define_0 index 1d512f7b..756afdc1 100755 --- a/tests/shell/testcases/sets/0049set_define_0 +++ b/tests/shell/testcases/sets/0049set_define_0 @@ -14,3 +14,15 @@ table inet filter { " $NFT -f - <<< "$EXPECTED" + +EXPECTED="define ip-block-4 = { 1.1.1.1 } + + create set inet filter ip-block-4-test { + type ipv4_addr + flags interval + auto-merge + elements = \$ip-block-4 + } +" + +$NFT -f - <<< "$EXPECTED" diff --git a/tests/shell/testcases/sets/dumps/0049set_define_0.nft b/tests/shell/testcases/sets/dumps/0049set_define_0.nft index 998b387a..d654420c 100644 --- a/tests/shell/testcases/sets/dumps/0049set_define_0.nft +++ b/tests/shell/testcases/sets/dumps/0049set_define_0.nft @@ -1,4 +1,11 @@ table inet filter { + set ip-block-4-test { + type ipv4_addr + flags interval + auto-merge + elements = { 1.1.1.1 } + } + chain input { type filter hook input priority filter; policy drop; tcp dport { 22, 80, 443 } ct state new counter packets 0 bytes 0 accept |