diff options
Diffstat (limited to 'tests/shell/testcases/optimizations/dumps/merge_reject.json-nft')
-rw-r--r-- | tests/shell/testcases/optimizations/dumps/merge_reject.json-nft | 320 |
1 files changed, 320 insertions, 0 deletions
diff --git a/tests/shell/testcases/optimizations/dumps/merge_reject.json-nft b/tests/shell/testcases/optimizations/dumps/merge_reject.json-nft new file mode 100644 index 00000000..46ed0677 --- /dev/null +++ b/tests/shell/testcases/optimizations/dumps/merge_reject.json-nft @@ -0,0 +1,320 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "172.30.33.70" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 3306 + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "meta": { + "key": "l4proto" + } + }, + { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + { + "payload": { + "protocol": "tcp", + "field": "dport" + } + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "tcp", + "172.30.238.117", + 8080 + ] + }, + { + "concat": [ + "tcp", + "172.30.33.71", + 3306 + ] + }, + { + "concat": [ + "tcp", + "172.30.254.251", + 3306 + ] + } + ] + } + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "reject": { + "type": "icmp", + "expr": "port-unreachable" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "172.30.254.252" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 3306 + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "reject": { + "type": "tcp reset" + } + } + ] + } + }, + { + "table": { + "family": "ip6", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "y", + "handle": 0 + } + }, + { + "rule": { + "family": "ip6", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "meta": { + "key": "l4proto" + } + }, + { + "payload": { + "protocol": "ip6", + "field": "daddr" + } + }, + { + "payload": { + "protocol": "tcp", + "field": "dport" + } + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "tcp", + "aaaa::3", + 8080 + ] + }, + { + "concat": [ + "tcp", + "aaaa::2", + 3306 + ] + }, + { + "concat": [ + "tcp", + "aaaa::4", + 3306 + ] + } + ] + } + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "reject": { + "type": "icmpv6", + "expr": "port-unreachable" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip6", + "field": "daddr" + } + }, + "right": "aaaa::5" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 3306 + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "reject": { + "type": "tcp reset" + } + } + ] + } + } + ] +} |