diff options
Diffstat (limited to 'tests/shell/testcases/comments')
-rwxr-xr-x | tests/shell/testcases/comments/comments_0 | 44 | ||||
-rw-r--r-- | tests/shell/testcases/comments/dumps/comments_0.json-nft | 135 | ||||
-rw-r--r-- | tests/shell/testcases/comments/dumps/comments_0.nft | 12 |
3 files changed, 191 insertions, 0 deletions
diff --git a/tests/shell/testcases/comments/comments_0 b/tests/shell/testcases/comments/comments_0 new file mode 100755 index 00000000..a50387d6 --- /dev/null +++ b/tests/shell/testcases/comments/comments_0 @@ -0,0 +1,44 @@ +#!/bin/bash + +RULESET="table inet x { # comment + # comment 1 + # comment 2 + set y { # comment here + type ipv4_addr # comment + elements = { + # 1.1.1.1 + 2.2.2.2, # comment + # more comments + 3.3.3.3, # comment +# comment + } + # comment + } + + # comments are allowed here + chain y { + # comments are allowed here + icmpv6 type { + 1, # comments are allowed here + 2, + } accept + + icmp type { +# comment + 1, + # comments also allowed here + 2, + } accept + + tcp dport { + # normal FTP + 21, + # patched FTP + 2121 + } counter accept + } +} +" + +$NFT -f - <<< "$RULESET" + diff --git a/tests/shell/testcases/comments/dumps/comments_0.json-nft b/tests/shell/testcases/comments/dumps/comments_0.json-nft new file mode 100644 index 00000000..201abd6f --- /dev/null +++ b/tests/shell/testcases/comments/dumps/comments_0.json-nft @@ -0,0 +1,135 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "y", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "y", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + "2.2.2.2", + "3.3.3.3" + ] + } + }, + { + "rule": { + "family": "inet", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmpv6", + "field": "type" + } + }, + "right": { + "set": [ + "destination-unreachable", + "packet-too-big" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": { + "set": [ + 1, + 2 + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": { + "set": [ + 21, + 2121 + ] + } + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "accept": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/comments/dumps/comments_0.nft b/tests/shell/testcases/comments/dumps/comments_0.nft new file mode 100644 index 00000000..82ae510b --- /dev/null +++ b/tests/shell/testcases/comments/dumps/comments_0.nft @@ -0,0 +1,12 @@ +table inet x { + set y { + type ipv4_addr + elements = { 2.2.2.2, 3.3.3.3 } + } + + chain y { + icmpv6 type { destination-unreachable, packet-too-big } accept + icmp type { 1, 2 } accept + tcp dport { 21, 2121 } counter packets 0 bytes 0 accept + } +} |