diff options
Diffstat (limited to 'tests/shell/testcases/transactions/dumps')
41 files changed, 6253 insertions, 41 deletions
diff --git a/tests/shell/testcases/transactions/dumps/0001table_0.json-nft b/tests/shell/testcases/transactions/dumps/0001table_0.json-nft index d5340905..ea75b43f 100644 --- a/tests/shell/testcases/transactions/dumps/0001table_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0001table_0.json-nft @@ -1 +1,25 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"table": {"family": "ip", "name": "y", "handle": 0}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "table": { + "family": "ip", + "name": "y", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0002table_0.json-nft b/tests/shell/testcases/transactions/dumps/0002table_0.json-nft index 3184e72d..b1fefc31 100644 --- a/tests/shell/testcases/transactions/dumps/0002table_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0002table_0.json-nft @@ -1 +1,31 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0, "flags": "dormant"}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 0, "type": "nat", "hook": "prerouting", "prio": 0, "policy": "accept"}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0, + "flags": "dormant" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0, + "type": "nat", + "hook": "prerouting", + "prio": 0, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0003table_0.json-nft b/tests/shell/testcases/transactions/dumps/0003table_0.json-nft index d5340905..ea75b43f 100644 --- a/tests/shell/testcases/transactions/dumps/0003table_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0003table_0.json-nft @@ -1 +1,25 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"table": {"family": "ip", "name": "y", "handle": 0}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "table": { + "family": "ip", + "name": "y", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0010chain_0.json-nft b/tests/shell/testcases/transactions/dumps/0010chain_0.json-nft index 6095ac01..85947674 100644 --- a/tests/shell/testcases/transactions/dumps/0010chain_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0010chain_0.json-nft @@ -1 +1,26 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "w", "handle": 0}}, {"chain": {"family": "ip", "table": "w", "name": "y", "handle": 0}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "w", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "w", + "name": "y", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0011chain_0.json-nft b/tests/shell/testcases/transactions/dumps/0011chain_0.json-nft index d8e414fb..12cf0bbf 100644 --- a/tests/shell/testcases/transactions/dumps/0011chain_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0011chain_0.json-nft @@ -1 +1,30 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 0, "type": "filter", "hook": "input", "prio": 0, "policy": "drop"}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "drop" + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0012chain_0.json-nft b/tests/shell/testcases/transactions/dumps/0012chain_0.json-nft index dbd66d21..dc5eaa61 100644 --- a/tests/shell/testcases/transactions/dumps/0012chain_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0012chain_0.json-nft @@ -1 +1,30 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "w", "handle": 0}}, {"chain": {"family": "ip", "table": "w", "name": "y", "handle": 0, "type": "filter", "hook": "output", "prio": 0, "policy": "accept"}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "w", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "w", + "name": "y", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 0, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0013chain_0.json-nft b/tests/shell/testcases/transactions/dumps/0013chain_0.json-nft index dbd66d21..dc5eaa61 100644 --- a/tests/shell/testcases/transactions/dumps/0013chain_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0013chain_0.json-nft @@ -1 +1,30 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "w", "handle": 0}}, {"chain": {"family": "ip", "table": "w", "name": "y", "handle": 0, "type": "filter", "hook": "output", "prio": 0, "policy": "accept"}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "w", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "w", + "name": "y", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 0, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0014chain_1.json-nft b/tests/shell/testcases/transactions/dumps/0014chain_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/0014chain_1.json-nft +++ b/tests/shell/testcases/transactions/dumps/0014chain_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0015chain_0.json-nft b/tests/shell/testcases/transactions/dumps/0015chain_0.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/0015chain_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0015chain_0.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0020rule_0.json-nft b/tests/shell/testcases/transactions/dumps/0020rule_0.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/0020rule_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0020rule_0.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0021rule_0.json-nft b/tests/shell/testcases/transactions/dumps/0021rule_0.json-nft index ca6c43d5..4c5500cc 100644 --- a/tests/shell/testcases/transactions/dumps/0021rule_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0021rule_0.json-nft @@ -1 +1,54 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 0}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "2.2.2.2"}}, {"counter": {"packets": 0, "bytes": 0}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "2.2.2.2" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0022rule_1.json-nft b/tests/shell/testcases/transactions/dumps/0022rule_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/0022rule_1.json-nft +++ b/tests/shell/testcases/transactions/dumps/0022rule_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0023rule_1.json-nft b/tests/shell/testcases/transactions/dumps/0023rule_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/0023rule_1.json-nft +++ b/tests/shell/testcases/transactions/dumps/0023rule_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0024rule_0.json-nft b/tests/shell/testcases/transactions/dumps/0024rule_0.json-nft index b8513006..1e37f7d9 100644 --- a/tests/shell/testcases/transactions/dumps/0024rule_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0024rule_0.json-nft @@ -1 +1,82 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 0}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "comment": "rule1", "expr": [{"accept": null}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "comment": "rule2", "expr": [{"accept": null}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "comment": "rule3", "expr": [{"accept": null}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "comment": "rule4", "expr": [{"accept": null}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "comment": "rule1", + "expr": [ + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "comment": "rule2", + "expr": [ + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "comment": "rule3", + "expr": [ + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "comment": "rule4", + "expr": [ + { + "accept": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0025rule_0.json-nft b/tests/shell/testcases/transactions/dumps/0025rule_0.json-nft index 84de2abe..623d9765 100644 --- a/tests/shell/testcases/transactions/dumps/0025rule_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0025rule_0.json-nft @@ -1 +1,52 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 0}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "expr": [{"log": null}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "expr": [{"drop": null}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "log": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "drop": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0030set_0.json-nft b/tests/shell/testcases/transactions/dumps/0030set_0.json-nft index 0de45a8a..15ec0aac 100644 --- a/tests/shell/testcases/transactions/dumps/0030set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0030set_0.json-nft @@ -1 +1,18 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0031set_0.json-nft b/tests/shell/testcases/transactions/dumps/0031set_0.json-nft index c965d03e..c1b7639d 100644 --- a/tests/shell/testcases/transactions/dumps/0031set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0031set_0.json-nft @@ -1 +1,27 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 0}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "y", + "table": "x", + "type": "ipv4_addr", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0032set_0.json-nft b/tests/shell/testcases/transactions/dumps/0032set_0.json-nft index 71d7f4ca..66bbf0eb 100644 --- a/tests/shell/testcases/transactions/dumps/0032set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0032set_0.json-nft @@ -1 +1,27 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "w", "handle": 0}}, {"set": {"family": "ip", "name": "y", "table": "w", "type": "ipv4_addr", "handle": 0}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "w", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "y", + "table": "w", + "type": "ipv4_addr", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0033set_0.json-nft b/tests/shell/testcases/transactions/dumps/0033set_0.json-nft index 0de45a8a..15ec0aac 100644 --- a/tests/shell/testcases/transactions/dumps/0033set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0033set_0.json-nft @@ -1 +1,18 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0034set_0.json-nft b/tests/shell/testcases/transactions/dumps/0034set_0.json-nft index c965d03e..c1b7639d 100644 --- a/tests/shell/testcases/transactions/dumps/0034set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0034set_0.json-nft @@ -1 +1,27 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 0}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "y", + "table": "x", + "type": "ipv4_addr", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0035set_0.json-nft b/tests/shell/testcases/transactions/dumps/0035set_0.json-nft index f5475f39..6b8f671c 100644 --- a/tests/shell/testcases/transactions/dumps/0035set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0035set_0.json-nft @@ -1 +1,30 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 0, "elem": ["3.3.3.3"]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "y", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + "3.3.3.3" + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0036set_1.json-nft b/tests/shell/testcases/transactions/dumps/0036set_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/0036set_1.json-nft +++ b/tests/shell/testcases/transactions/dumps/0036set_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0037set_0.json-nft b/tests/shell/testcases/transactions/dumps/0037set_0.json-nft index ad0b9f9f..e4c77147 100644 --- a/tests/shell/testcases/transactions/dumps/0037set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0037set_0.json-nft @@ -1 +1,30 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 0, "flags": ["interval"]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "y", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "flags": [ + "interval" + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0038set_0.json-nft b/tests/shell/testcases/transactions/dumps/0038set_0.json-nft index 9d4d3dad..0a36f4a8 100644 --- a/tests/shell/testcases/transactions/dumps/0038set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0038set_0.json-nft @@ -1 +1,38 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 0, "flags": ["interval"], "elem": [{"prefix": {"addr": "192.168.4.0", "len": 24}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "y", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "flags": [ + "interval" + ], + "elem": [ + { + "prefix": { + "addr": "192.168.4.0", + "len": 24 + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0039set_0.json-nft b/tests/shell/testcases/transactions/dumps/0039set_0.json-nft index 9d4d3dad..0a36f4a8 100644 --- a/tests/shell/testcases/transactions/dumps/0039set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0039set_0.json-nft @@ -1 +1,38 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 0, "flags": ["interval"], "elem": [{"prefix": {"addr": "192.168.4.0", "len": 24}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "y", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "flags": [ + "interval" + ], + "elem": [ + { + "prefix": { + "addr": "192.168.4.0", + "len": 24 + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0040set_0.json-nft b/tests/shell/testcases/transactions/dumps/0040set_0.json-nft index 44e08785..f8130d95 100644 --- a/tests/shell/testcases/transactions/dumps/0040set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0040set_0.json-nft @@ -1 +1,84 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 0}}, {"map": {"family": "ip", "name": "client_to_any", "table": "filter", "type": "ipv4_addr", "handle": 0, "map": "verdict"}}, {"chain": {"family": "ip", "table": "filter", "name": "FORWARD", "handle": 0, "type": "filter", "hook": "forward", "prio": 0, "policy": "accept"}}, {"chain": {"family": "ip", "table": "filter", "name": "client_to_any", "handle": 0}}, {"rule": {"family": "ip", "table": "filter", "chain": "FORWARD", "handle": 0, "expr": [{"goto": {"target": "client_to_any"}}]}}, {"rule": {"family": "ip", "table": "filter", "chain": "client_to_any", "handle": 0, "expr": [{"vmap": {"key": {"payload": {"protocol": "ip", "field": "saddr"}}, "data": "@client_to_any"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + }, + { + "map": { + "family": "ip", + "name": "client_to_any", + "table": "filter", + "type": "ipv4_addr", + "handle": 0, + "map": "verdict" + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "FORWARD", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "client_to_any", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "FORWARD", + "handle": 0, + "expr": [ + { + "goto": { + "target": "client_to_any" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "client_to_any", + "handle": 0, + "expr": [ + { + "vmap": { + "key": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "data": "@client_to_any" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0041nat_restore_0.json-nft b/tests/shell/testcases/transactions/dumps/0041nat_restore_0.json-nft index c6a51849..32fce943 100644 --- a/tests/shell/testcases/transactions/dumps/0041nat_restore_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0041nat_restore_0.json-nft @@ -1 +1,30 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 0}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 0, "type": "nat", "hook": "postrouting", "prio": 0, "policy": "accept"}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c", + "handle": 0, + "type": "nat", + "hook": "postrouting", + "prio": 0, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0042_stateful_expr_0.json-nft b/tests/shell/testcases/transactions/dumps/0042_stateful_expr_0.json-nft index 044ecb68..ea3b5d3c 100644 --- a/tests/shell/testcases/transactions/dumps/0042_stateful_expr_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0042_stateful_expr_0.json-nft @@ -1 +1,28 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 0}}, {"map": {"family": "ip", "name": "m1", "table": "filter", "type": "ipv4_addr", "handle": 0, "map": "counter"}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + }, + { + "map": { + "family": "ip", + "name": "m1", + "table": "filter", + "type": "ipv4_addr", + "handle": 0, + "map": "counter" + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0043set_1.json-nft b/tests/shell/testcases/transactions/dumps/0043set_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/0043set_1.json-nft +++ b/tests/shell/testcases/transactions/dumps/0043set_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0044rule_0.json-nft b/tests/shell/testcases/transactions/dumps/0044rule_0.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/0044rule_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0044rule_0.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0045anon-unbind_0.json-nft b/tests/shell/testcases/transactions/dumps/0045anon-unbind_0.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/0045anon-unbind_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0045anon-unbind_0.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0046set_0.json-nft b/tests/shell/testcases/transactions/dumps/0046set_0.json-nft index 2cc270ec..f9b488e7 100644 --- a/tests/shell/testcases/transactions/dumps/0046set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0046set_0.json-nft @@ -1 +1,18 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 0}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0047set_0.json-nft b/tests/shell/testcases/transactions/dumps/0047set_0.json-nft index d192d830..a7e677b2 100644 --- a/tests/shell/testcases/transactions/dumps/0047set_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0047set_0.json-nft @@ -1 +1,73 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 0}}, {"map": {"family": "ip", "name": "group_10060", "table": "filter", "type": "ipv4_addr", "handle": 0, "map": "classid", "flags": ["interval"], "elem": [["10.1.26.2", "1:bbf8"], ["10.1.26.3", "1:c1ad"], ["10.1.26.4", "1:b2d7"], ["10.1.26.5", "1:f705"], ["10.1.26.6", "1:b895"], ["10.1.26.7", "1:ec4c"], ["10.1.26.8", "1:de78"], ["10.1.26.9", "1:b4f3"], ["10.1.26.10", "1:dec6"], ["10.1.26.11", "1:b4c0"]]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + }, + { + "map": { + "family": "ip", + "name": "group_10060", + "table": "filter", + "type": "ipv4_addr", + "handle": 0, + "map": "classid", + "flags": [ + "interval" + ], + "elem": [ + [ + "10.1.26.2", + "1:bbf8" + ], + [ + "10.1.26.3", + "1:c1ad" + ], + [ + "10.1.26.4", + "1:b2d7" + ], + [ + "10.1.26.5", + "1:f705" + ], + [ + "10.1.26.6", + "1:b895" + ], + [ + "10.1.26.7", + "1:ec4c" + ], + [ + "10.1.26.8", + "1:de78" + ], + [ + "10.1.26.9", + "1:b4f3" + ], + [ + "10.1.26.10", + "1:dec6" + ], + [ + "10.1.26.11", + "1:b4c0" + ] + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0048helpers_0.json-nft b/tests/shell/testcases/transactions/dumps/0048helpers_0.json-nft index 2cc270ec..f9b488e7 100644 --- a/tests/shell/testcases/transactions/dumps/0048helpers_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0048helpers_0.json-nft @@ -1 +1,18 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 0}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0049huge_0.json-nft b/tests/shell/testcases/transactions/dumps/0049huge_0.json-nft index 4626cea3..456ada94 100644 --- a/tests/shell/testcases/transactions/dumps/0049huge_0.json-nft +++ b/tests/shell/testcases/transactions/dumps/0049huge_0.json-nft @@ -1 +1,5121 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "firewalld", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PREROUTING", "handle": 0, "type": "filter", "hook": "prerouting", "prio": -290, "policy": "accept"}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PREROUTING_ZONES", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING", "handle": 0, "type": "filter", "hook": "prerouting", "prio": -140, "policy": "accept"}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT", "handle": 0, "type": "filter", "hook": "input", "prio": 10, "policy": "accept"}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD", "handle": 0, "type": "filter", "hook": "forward", "prio": 10, "policy": "accept"}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT", "handle": 0, "type": "filter", "hook": "output", "prio": 10, "policy": "accept"}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_ZONES", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_IN_ZONES", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_OUT_ZONES", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_public_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_trusted_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_trusted_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PRE_work_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_work_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_work_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_work_post", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work_pre", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work_log", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work_deny", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work_allow", "handle": 0}}, {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_work_post", "handle": 0}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "nfproto"}}, "right": "ipv6"}}, {"match": {"op": "==", "left": {"fib": {"result": "oif", "flags": ["saddr", "iif"]}}, "right": false}}, {"drop": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "handle": 0, "expr": [{"jump": {"target": "raw_PREROUTING_ZONES"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "raw_PRE_work"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "raw_PRE_trusted"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING_ZONES", "handle": 0, "expr": [{"goto": {"target": "raw_PRE_public"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "handle": 0, "expr": [{"jump": {"target": "mangle_PREROUTING_ZONES"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "mangle_PRE_work"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "mangle_PRE_trusted"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "handle": 0, "expr": [{"goto": {"target": "mangle_PRE_public"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 0, "expr": [{"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["established", "related"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 0, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "status"}}, "right": "dnat"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "lo"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 0, "expr": [{"jump": {"target": "filter_INPUT_ZONES"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 0, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "invalid"}}, {"drop": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "handle": 0, "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 0, "expr": [{"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["established", "related"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 0, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "status"}}, "right": "dnat"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "lo"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "right": {"set": [{"prefix": {"addr": "::", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002::", "len": 24}}, {"prefix": {"addr": "2002:a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 0, "expr": [{"jump": {"target": "filter_FORWARD_IN_ZONES"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 0, "expr": [{"jump": {"target": "filter_FORWARD_OUT_ZONES"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 0, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "invalid"}}, {"drop": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "handle": 0, "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "lo"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "right": {"set": [{"prefix": {"addr": "::", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002::", "len": 24}}, {"prefix": {"addr": "2002:a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "filter_IN_work"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "filter_IN_trusted"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "handle": 0, "expr": [{"goto": {"target": "filter_IN_public"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "filter_FWDI_work"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "filter_FWDI_trusted"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "handle": 0, "expr": [{"goto": {"target": "filter_FWDI_public"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "filter_FWDO_work"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "filter_FWDO_trusted"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "handle": 0, "expr": [{"goto": {"target": "filter_FWDO_public"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_public", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_public_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_public", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_public_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_public", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_public_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_public", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_public_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_public", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_public_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 0, "expr": [{"jump": {"target": "filter_IN_public_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 0, "expr": [{"jump": {"target": "filter_IN_public_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 0, "expr": [{"jump": {"target": "filter_IN_public_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 0, "expr": [{"jump": {"target": "filter_IN_public_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 0, "expr": [{"jump": {"target": "filter_IN_public_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": {"set": ["icmp", "ipv6-icmp"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "dport"}}, "right": 546}}, {"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_public_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_public_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_public_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_public_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_public_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": {"set": ["icmp", "ipv6-icmp"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_public_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_public_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_public_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_public_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_public_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_public_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_public_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_public_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_public_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_public_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_trusted_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_trusted_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_trusted_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_trusted_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_trusted_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_trusted_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_trusted_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_trusted_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_trusted_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_trusted_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_IN_trusted_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_IN_trusted_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_IN_trusted_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_IN_trusted_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_IN_trusted_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_trusted", "handle": 0, "expr": [{"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_trusted_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_trusted_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_trusted_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_trusted_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_trusted_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "handle": 0, "expr": [{"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_trusted_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_trusted_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_trusted_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_trusted_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_trusted_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "handle": 0, "expr": [{"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_work", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_work_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_work", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_work_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_work", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_work_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_work", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_work_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_work", "handle": 0, "expr": [{"jump": {"target": "raw_PRE_work_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 0, "expr": [{"jump": {"target": "filter_IN_work_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 0, "expr": [{"jump": {"target": "filter_IN_work_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 0, "expr": [{"jump": {"target": "filter_IN_work_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 0, "expr": [{"jump": {"target": "filter_IN_work_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 0, "expr": [{"jump": {"target": "filter_IN_work_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": {"set": ["icmp", "ipv6-icmp"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work_allow", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work_allow", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "dport"}}, "right": 546}}, {"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_work", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_work_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_work", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_work_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_work", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_work_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_work", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_work_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_work", "handle": 0, "expr": [{"jump": {"target": "mangle_PRE_work_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_work_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_work_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_work_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_work_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 0, "expr": [{"jump": {"target": "filter_FWDI_work_post"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_work", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": {"set": ["icmp", "ipv6-icmp"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_work", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_work_pre"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_work", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_work_log"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_work", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_work_deny"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_work", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_work_allow"}}]}}, {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_work", "handle": 0, "expr": [{"jump": {"target": "filter_FWDO_work_post"}}]}}, {"table": {"family": "ip", "name": "firewalld", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING", "handle": 0, "type": "nat", "hook": "prerouting", "prio": -90, "policy": "accept"}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_ZONES", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING", "handle": 0, "type": "nat", "hook": "postrouting", "prio": 110, "policy": "accept"}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_ZONES", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_pre", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_log", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_deny", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_allow", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_post", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_pre", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_log", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_deny", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_allow", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_post", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted_pre", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted_log", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted_deny", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted_allow", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted_post", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted_pre", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted_log", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted_deny", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted_allow", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_trusted_post", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work_pre", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work_log", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work_deny", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work_allow", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_work_post", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work_pre", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work_log", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work_deny", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work_allow", "handle": 0}}, {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_work_post", "handle": 0}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "handle": 0, "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "nat_PRE_work"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "nat_PRE_trusted"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 0, "expr": [{"goto": {"target": "nat_PRE_public"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "handle": 0, "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "nat_POST_work"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "nat_POST_trusted"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 0, "expr": [{"goto": {"target": "nat_POST_public"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "handle": 0, "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "handle": 0, "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "handle": 0, "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "handle": 0, "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "handle": 0, "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_trusted_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_trusted_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_trusted_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_trusted_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_trusted_post"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_POST_trusted_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_POST_trusted_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_POST_trusted_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_POST_trusted_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_POST_trusted_post"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_work", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_work_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_work", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_work_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_work", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_work_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_work", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_work_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_work", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_work_post"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_work", "handle": 0, "expr": [{"jump": {"target": "nat_POST_work_pre"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_work", "handle": 0, "expr": [{"jump": {"target": "nat_POST_work_log"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_work", "handle": 0, "expr": [{"jump": {"target": "nat_POST_work_deny"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_work", "handle": 0, "expr": [{"jump": {"target": "nat_POST_work_allow"}}]}}, {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_work", "handle": 0, "expr": [{"jump": {"target": "nat_POST_work_post"}}]}}, {"table": {"family": "ip6", "name": "firewalld", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING", "handle": 0, "type": "nat", "hook": "prerouting", "prio": -90, "policy": "accept"}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_ZONES", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING", "handle": 0, "type": "nat", "hook": "postrouting", "prio": 110, "policy": "accept"}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_ZONES", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_pre", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_log", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_deny", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_allow", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_post", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_pre", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_log", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_deny", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_allow", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_post", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted_pre", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted_log", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted_deny", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted_allow", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted_post", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted_pre", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted_log", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted_deny", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted_allow", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted_post", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work_pre", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work_log", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work_deny", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work_allow", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_work_post", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work_pre", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work_log", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work_deny", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work_allow", "handle": 0}}, {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_work_post", "handle": 0}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "handle": 0, "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "nat_PRE_work"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "nat_PRE_trusted"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "handle": 0, "expr": [{"goto": {"target": "nat_PRE_public"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "handle": 0, "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy"}}, {"goto": {"target": "nat_POST_work"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 0, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "perm_dummy2"}}, {"goto": {"target": "nat_POST_trusted"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "handle": 0, "expr": [{"goto": {"target": "nat_POST_public"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "handle": 0, "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "handle": 0, "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "handle": 0, "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "handle": 0, "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "handle": 0, "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_trusted_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_trusted_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_trusted_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_trusted_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_trusted_post"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_POST_trusted_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_POST_trusted_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_POST_trusted_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_POST_trusted_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted", "handle": 0, "expr": [{"jump": {"target": "nat_POST_trusted_post"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_work", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_work_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_work", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_work_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_work", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_work_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_work", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_work_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_work", "handle": 0, "expr": [{"jump": {"target": "nat_PRE_work_post"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_work", "handle": 0, "expr": [{"jump": {"target": "nat_POST_work_pre"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_work", "handle": 0, "expr": [{"jump": {"target": "nat_POST_work_log"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_work", "handle": 0, "expr": [{"jump": {"target": "nat_POST_work_deny"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_work", "handle": 0, "expr": [{"jump": {"target": "nat_POST_work_allow"}}]}}, {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_work", "handle": 0, "expr": [{"jump": {"target": "nat_POST_work_post"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "firewalld", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PREROUTING", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PREROUTING_ZONES", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PREROUTING", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PREROUTING_ZONES", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_INPUT", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FORWARD", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_OUTPUT", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_INPUT_ZONES", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FORWARD_IN_ZONES", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FORWARD_OUT_ZONES", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_public", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_public_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_public_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_public_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_public_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_public_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_public", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_public_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_public_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_public_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_public_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_public_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_public", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_public_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_public_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_public_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_public_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_public_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_public", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_public_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_public_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_public_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_public_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_public_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_public", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_public_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_public_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_public_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_public_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_public_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_trusted", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_trusted_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_trusted_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_trusted_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_trusted_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_trusted_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_trusted", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_trusted_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_trusted_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_trusted_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_trusted_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_trusted_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_trusted", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_trusted_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_trusted_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_trusted_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_trusted_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_trusted_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_trusted", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_trusted_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_trusted_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_trusted_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_trusted_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_trusted_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_trusted", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_trusted_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_trusted_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_trusted_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_trusted_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_trusted_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_work", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_work_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_work_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_work_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_work_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "raw_PRE_work_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_work", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_work_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_work_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_work_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_work_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_IN_work_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_work", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_work_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_work_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_work_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_work_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "mangle_PRE_work_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_work", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_work_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_work_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_work_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_work_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDI_work_post", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_work", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_work_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_work_log", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_work_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_work_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "firewalld", + "name": "filter_FWDO_work_post", + "handle": 0 + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PREROUTING", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmpv6", + "field": "type" + } + }, + "right": { + "set": [ + "nd-router-advert", + "nd-neighbor-solicit" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PREROUTING", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "nfproto" + } + }, + "right": "ipv6" + } + }, + { + "match": { + "op": "==", + "left": { + "fib": { + "result": "oif", + "flags": [ + "saddr", + "iif" + ] + } + }, + "right": false + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PREROUTING", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PREROUTING_ZONES" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy" + } + }, + { + "goto": { + "target": "raw_PRE_work" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy2" + } + }, + { + "goto": { + "target": "raw_PRE_trusted" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "goto": { + "target": "raw_PRE_public" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PREROUTING", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PREROUTING_ZONES" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy" + } + }, + { + "goto": { + "target": "mangle_PRE_work" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy2" + } + }, + { + "goto": { + "target": "mangle_PRE_trusted" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "goto": { + "target": "mangle_PRE_public" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_INPUT", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "ct": { + "key": "state" + } + }, + "right": { + "set": [ + "established", + "related" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_INPUT", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "status" + } + }, + "right": "dnat" + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_INPUT", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "lo" + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_INPUT", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_INPUT_ZONES" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_INPUT", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": "invalid" + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_INPUT", + "handle": 0, + "expr": [ + { + "reject": { + "type": "icmpx", + "expr": "admin-prohibited" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "ct": { + "key": "state" + } + }, + "right": { + "set": [ + "established", + "related" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "status" + } + }, + "right": "dnat" + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "lo" + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip6", + "field": "daddr" + } + }, + "right": { + "set": [ + { + "prefix": { + "addr": "::", + "len": 96 + } + }, + { + "prefix": { + "addr": "::ffff:0.0.0.0", + "len": 96 + } + }, + { + "prefix": { + "addr": "2002::", + "len": 24 + } + }, + { + "prefix": { + "addr": "2002:a00::", + "len": 24 + } + }, + { + "prefix": { + "addr": "2002:7f00::", + "len": 24 + } + }, + { + "prefix": { + "addr": "2002:a9fe::", + "len": 32 + } + }, + { + "prefix": { + "addr": "2002:ac10::", + "len": 28 + } + }, + { + "prefix": { + "addr": "2002:c0a8::", + "len": 32 + } + }, + { + "prefix": { + "addr": "2002:e000::", + "len": 19 + } + } + ] + } + } + }, + { + "reject": { + "type": "icmpv6", + "expr": "addr-unreachable" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FORWARD_IN_ZONES" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FORWARD_OUT_ZONES" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": "invalid" + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD", + "handle": 0, + "expr": [ + { + "reject": { + "type": "icmpx", + "expr": "admin-prohibited" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_OUTPUT", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "lo" + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_OUTPUT", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip6", + "field": "daddr" + } + }, + "right": { + "set": [ + { + "prefix": { + "addr": "::", + "len": 96 + } + }, + { + "prefix": { + "addr": "::ffff:0.0.0.0", + "len": 96 + } + }, + { + "prefix": { + "addr": "2002::", + "len": 24 + } + }, + { + "prefix": { + "addr": "2002:a00::", + "len": 24 + } + }, + { + "prefix": { + "addr": "2002:7f00::", + "len": 24 + } + }, + { + "prefix": { + "addr": "2002:a9fe::", + "len": 32 + } + }, + { + "prefix": { + "addr": "2002:ac10::", + "len": 28 + } + }, + { + "prefix": { + "addr": "2002:c0a8::", + "len": 32 + } + }, + { + "prefix": { + "addr": "2002:e000::", + "len": 19 + } + } + ] + } + } + }, + { + "reject": { + "type": "icmpv6", + "expr": "addr-unreachable" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_INPUT_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy" + } + }, + { + "goto": { + "target": "filter_IN_work" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_INPUT_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy2" + } + }, + { + "goto": { + "target": "filter_IN_trusted" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_INPUT_ZONES", + "handle": 0, + "expr": [ + { + "goto": { + "target": "filter_IN_public" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD_IN_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy" + } + }, + { + "goto": { + "target": "filter_FWDI_work" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD_IN_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy2" + } + }, + { + "goto": { + "target": "filter_FWDI_trusted" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD_IN_ZONES", + "handle": 0, + "expr": [ + { + "goto": { + "target": "filter_FWDI_public" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD_OUT_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "perm_dummy" + } + }, + { + "goto": { + "target": "filter_FWDO_work" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD_OUT_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "perm_dummy2" + } + }, + { + "goto": { + "target": "filter_FWDO_trusted" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FORWARD_OUT_ZONES", + "handle": 0, + "expr": [ + { + "goto": { + "target": "filter_FWDO_public" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_public_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_public_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_public_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_public_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_public_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_public_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_public_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_public_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_public_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_public_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_public", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": { + "set": [ + "icmp", + "ipv6-icmp" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_public_allow", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 22 + } + }, + { + "match": { + "op": "==", + "left": { + "ct": { + "key": "state" + } + }, + "right": { + "set": [ + "new", + "untracked" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_public_allow", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip6", + "field": "daddr" + } + }, + "right": { + "prefix": { + "addr": "fe80::", + "len": 64 + } + } + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "udp", + "field": "dport" + } + }, + "right": 546 + } + }, + { + "match": { + "op": "==", + "left": { + "ct": { + "key": "state" + } + }, + "right": { + "set": [ + "new", + "untracked" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_public_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_public_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_public_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_public_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_public_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_public", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": { + "set": [ + "icmp", + "ipv6-icmp" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_public_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_public_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_public_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_public_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_public_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_public_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_public_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_public_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_public_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_public_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_trusted_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_trusted_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_trusted_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_trusted_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_trusted_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_trusted_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_trusted_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_trusted_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_trusted_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_trusted_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_trusted_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_trusted_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_trusted_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_trusted_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_trusted_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_trusted", + "handle": 0, + "expr": [ + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_trusted_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_trusted_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_trusted_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_trusted_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_trusted_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_trusted", + "handle": 0, + "expr": [ + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_trusted_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_trusted_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_trusted_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_trusted_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_trusted_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_trusted", + "handle": 0, + "expr": [ + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_work_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_work_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_work_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_work_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "raw_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "raw_PRE_work_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_work_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_work_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_work_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_work_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_IN_work_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_work", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": { + "set": [ + "icmp", + "ipv6-icmp" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_work_allow", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 22 + } + }, + { + "match": { + "op": "==", + "left": { + "ct": { + "key": "state" + } + }, + "right": { + "set": [ + "new", + "untracked" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_IN_work_allow", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip6", + "field": "daddr" + } + }, + "right": { + "prefix": { + "addr": "fe80::", + "len": 64 + } + } + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "udp", + "field": "dport" + } + }, + "right": 546 + } + }, + { + "match": { + "op": "==", + "left": { + "ct": { + "key": "state" + } + }, + "right": { + "set": [ + "new", + "untracked" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_work_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_work_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_work_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_work_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "mangle_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "mangle_PRE_work_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_work_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_work_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_work_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_work_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDI_work_post" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDI_work", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": { + "set": [ + "icmp", + "ipv6-icmp" + ] + } + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_work_pre" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_work_log" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_work_deny" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_work_allow" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "firewalld", + "chain": "filter_FWDO_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "filter_FWDO_work_post" + } + } + ] + } + }, + { + "table": { + "family": "ip", + "name": "firewalld", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PREROUTING", + "handle": 0, + "type": "nat", + "hook": "prerouting", + "prio": -90, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PREROUTING_ZONES", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POSTROUTING", + "handle": 0, + "type": "nat", + "hook": "postrouting", + "prio": 110, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POSTROUTING_ZONES", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_public", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_public_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_public_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_public_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_public_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_public_post", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_public", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_public_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_public_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_public_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_public_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_public_post", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_trusted", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_trusted_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_trusted_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_trusted_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_trusted_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_trusted_post", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_trusted", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_trusted_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_trusted_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_trusted_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_trusted_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_trusted_post", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_work", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_work_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_work_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_work_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_work_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_PRE_work_post", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_work", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_work_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_work_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_work_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_work_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "firewalld", + "name": "nat_POST_work_post", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PREROUTING", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PREROUTING_ZONES" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy" + } + }, + { + "goto": { + "target": "nat_PRE_work" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy2" + } + }, + { + "goto": { + "target": "nat_PRE_trusted" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "goto": { + "target": "nat_PRE_public" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POSTROUTING", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POSTROUTING_ZONES" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POSTROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "perm_dummy" + } + }, + { + "goto": { + "target": "nat_POST_work" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POSTROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "perm_dummy2" + } + }, + { + "goto": { + "target": "nat_POST_trusted" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POSTROUTING_ZONES", + "handle": 0, + "expr": [ + { + "goto": { + "target": "nat_POST_public" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_public_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_public_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_public_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_public_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_public_post" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_public_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_public_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_public_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_public_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_public_post" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_trusted_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_trusted_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_trusted_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_trusted_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_trusted_post" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_trusted_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_trusted_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_trusted_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_trusted_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_trusted_post" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_work_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_work_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_work_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_work_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_work_post" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_work_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_work_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_work_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_work_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "firewalld", + "chain": "nat_POST_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_work_post" + } + } + ] + } + }, + { + "table": { + "family": "ip6", + "name": "firewalld", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PREROUTING", + "handle": 0, + "type": "nat", + "hook": "prerouting", + "prio": -90, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PREROUTING_ZONES", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POSTROUTING", + "handle": 0, + "type": "nat", + "hook": "postrouting", + "prio": 110, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POSTROUTING_ZONES", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_public", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_public_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_public_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_public_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_public_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_public_post", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_public", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_public_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_public_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_public_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_public_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_public_post", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_trusted", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_trusted_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_trusted_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_trusted_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_trusted_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_trusted_post", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_trusted", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_trusted_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_trusted_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_trusted_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_trusted_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_trusted_post", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_work", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_work_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_work_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_work_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_work_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_PRE_work_post", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_work", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_work_pre", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_work_log", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_work_deny", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_work_allow", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "firewalld", + "name": "nat_POST_work_post", + "handle": 0 + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PREROUTING", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PREROUTING_ZONES" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy" + } + }, + { + "goto": { + "target": "nat_PRE_work" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "perm_dummy2" + } + }, + { + "goto": { + "target": "nat_PRE_trusted" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PREROUTING_ZONES", + "handle": 0, + "expr": [ + { + "goto": { + "target": "nat_PRE_public" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POSTROUTING", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POSTROUTING_ZONES" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POSTROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "perm_dummy" + } + }, + { + "goto": { + "target": "nat_POST_work" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POSTROUTING_ZONES", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "perm_dummy2" + } + }, + { + "goto": { + "target": "nat_POST_trusted" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POSTROUTING_ZONES", + "handle": 0, + "expr": [ + { + "goto": { + "target": "nat_POST_public" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_public_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_public_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_public_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_public_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_public_post" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_public_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_public_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_public_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_public_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_public", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_public_post" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_trusted_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_trusted_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_trusted_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_trusted_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_trusted_post" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_trusted_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_trusted_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_trusted_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_trusted_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_trusted", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_trusted_post" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_work_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_work_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_work_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_work_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_PRE_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_PRE_work_post" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_work_pre" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_work_log" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_work_deny" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_work_allow" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "firewalld", + "chain": "nat_POST_work", + "handle": 0, + "expr": [ + { + "jump": { + "target": "nat_POST_work_post" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/0050rule_1.json-nft b/tests/shell/testcases/transactions/dumps/0050rule_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/0050rule_1.json-nft +++ b/tests/shell/testcases/transactions/dumps/0050rule_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/30s-stress.json-nft b/tests/shell/testcases/transactions/dumps/30s-stress.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/30s-stress.json-nft +++ b/tests/shell/testcases/transactions/dumps/30s-stress.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/anon_chain_loop.json-nft b/tests/shell/testcases/transactions/dumps/anon_chain_loop.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/anon_chain_loop.json-nft +++ b/tests/shell/testcases/transactions/dumps/anon_chain_loop.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/bad_expression.json-nft b/tests/shell/testcases/transactions/dumps/bad_expression.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/transactions/dumps/bad_expression.json-nft +++ b/tests/shell/testcases/transactions/dumps/bad_expression.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/doubled-set.json-nft b/tests/shell/testcases/transactions/dumps/doubled-set.json-nft index 00a1af0d..2dced124 100644 --- a/tests/shell/testcases/transactions/dumps/doubled-set.json-nft +++ b/tests/shell/testcases/transactions/dumps/doubled-set.json-nft @@ -1 +1,41 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 0}}, {"set": {"family": "ip", "name": "s", "table": "t", "type": ["ipv4_addr", "ifname"], "handle": 0, "flags": ["interval"], "elem": [{"concat": ["1.2.3.4", "foo"]}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "s", + "table": "t", + "type": [ + "ipv4_addr", + "ifname" + ], + "handle": 0, + "flags": [ + "interval" + ], + "elem": [ + { + "concat": [ + "1.2.3.4", + "foo" + ] + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/table_onoff.json-nft b/tests/shell/testcases/transactions/dumps/table_onoff.json-nft index 82b2f9fa..a7583e8c 100644 --- a/tests/shell/testcases/transactions/dumps/table_onoff.json-nft +++ b/tests/shell/testcases/transactions/dumps/table_onoff.json-nft @@ -1 +1,59 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 0, "flags": "dormant"}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 0, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "daddr"}}, "right": "127.0.0.42"}}, {"counter": {"packets": 0, "bytes": 0}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0, + "flags": "dormant" + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "127.0.0.42" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + } + ] + } + } + ] +} |