From dba4a9b4b5fe2c4b6929be799fdb9332fc653e1b Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Fri, 2 Aug 2019 12:12:10 +0200
Subject: src: allow variable in chain policy

This patch allows you to use variables in chain policy definition, e.g.

define default_policy = "accept"

add table ip foo
add chain ip foo bar {type filter hook input priority filter; policy $default_policy}

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/nft-f/0026policy_variable_0 | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 tests/shell/testcases/nft-f/0026policy_variable_0

(limited to 'tests/shell/testcases/nft-f/0026policy_variable_0')

diff --git a/tests/shell/testcases/nft-f/0026policy_variable_0 b/tests/shell/testcases/nft-f/0026policy_variable_0
new file mode 100644
index 00000000..d4d98ede
--- /dev/null
+++ b/tests/shell/testcases/nft-f/0026policy_variable_0
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Tests use of variables in chain policy
+
+set -e
+
+RULESET="
+define default_policy = \"drop\"
+
+table inet global {
+    chain prerouting {
+        type filter hook prerouting priority filter
+        policy \$default_policy
+    }
+}"
+
+$NFT -f - <<< "$RULESET"
-- 
cgit v1.2.3