tests/shell/testcases/nft-f/0002rollback_rule_0


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

#!/bin/bash

# test a kernel rollback operation
# fail reason: rule

GOOD_RULESET="table ip t {
	set t {
		type ipv4_addr
		elements = { 1.1.1.1 }
	}

	chain c {
		ct state new
		tcp dport { 22222, 33333 }
		ip saddr @t drop
		jump other
	}

	chain other {
	}
}"

BAD_RULESET="flush ruleset
table ip t2 {
	chain c2 {
		this is an invalid rule
	}
}"

$NFT -f - <<< "$GOOD_RULESET"
if [ $? -ne 0 ] ; then
	echo "E: unable to load good ruleset" >&2
	exit 1
fi

$NFT -f - <<< "$BAD_RULESET" 2>/dev/null
if [ $? -eq 0 ]	; then
	echo "E: bogus ruleset loaded?" >&2
	exit 1
fi