blob: 6062913b52729a16581fce98fdd39d75d3fe3b2d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
#!/bin/bash
# This tests the selectiveness of flush command on structures that use the
# generic set infrastructure (sets, maps and meters).
RULESET="
add table t
add chain t c
add set t s {type ipv4_addr;}
add map t m {type ipv4_addr : inet_service;}
add rule t c tcp dport 80 meter f size 1024 {ip saddr limit rate 10/second}
"
$NFT -f - <<< "$RULESET"
# Commands that should be invalid
declare -a cmds=(
"flush set t m" "flush set t f"
"flush map t s" "flush map t f"
"flush meter t s" "flush meter t m"
)
for i in "${cmds[@]}"
do
$NFT "$i" &>/dev/null
ret=$?
if [ $ret -eq 0 ]; then
exit 1
fi
done
|