summaryrefslogtreecommitdiffstats
path: root/tests/shell/testcases/nft-f/0002rollback_rule_0
blob: ddeb5423cc4c31f57d5041077e89af66bc39a9a9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/bash

# test a kernel rollback operation
# fail reason: rule

tmpfile=$(mktemp)
if [ ! -w $tmpfile ] ; then
	echo "Failed to create tmp file" >&2
	exit 0
fi

trap "rm -rf $tmpfile" EXIT # cleanup if aborted

GOOD_RULESET="table ip t {
	set t {
		type ipv4_addr
		elements = { 1.1.1.1 }
	}

	chain c {
		ct state new
		tcp dport { 22222 }
		ip saddr @t drop
		jump other
	}

	chain other {
	}
}"

BAD_RULESET="flush ruleset
table ip t2 {
	chain c2 {
		this is an invalid rule
	}
}"

echo "$GOOD_RULESET" > $tmpfile
$NFT -f $tmpfile
if [ $? -ne 0 ] ; then
	echo "E: unable to load good ruleset" >&2
	exit 1
fi

echo "$BAD_RULESET" > $tmpfile
$NFT -f $tmpfile 2>/dev/null
if [ $? -eq 0 ]	; then
	echo "E: bogus ruleset loaded?" >&2
	exit 1
fi

KERNEL_RULESET="$($NFT list ruleset -nn)"

if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
        DIFF="$(which diff)"
        [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET")
        exit 1
fi

exit 0