tests/shell/testcases/sets/dumps/0037_set_with_inet_service_0.json-nft


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

{
  "nftables": [
    {
      "metainfo": {
        "version": "VERSION",
        "release_name": "RELEASE_NAME",
        "json_schema_version": 1
      }
    },
    {
      "table": {
        "family": "inet",
        "name": "filter",
        "handle": 0
      }
    },
    {
      "chain": {
        "family": "inet",
        "table": "filter",
        "name": "forward",
        "handle": 0,
        "type": "filter",
        "hook": "forward",
        "prio": 0,
        "policy": "drop"
      }
    },
    {
      "set": {
        "family": "inet",
        "name": "myset",
        "table": "filter",
        "type": [
          "ipv4_addr",
          "inet_proto",
          "inet_service"
        ],
        "handle": 0,
        "elem": [
          {
            "concat": [
              "192.168.0.113",
              "tcp",
              22
            ]
          },
          {
            "concat": [
              "192.168.0.12",
              "tcp",
              53
            ]
          },
          {
            "concat": [
              "192.168.0.12",
              "udp",
              53
            ]
          },
          {
            "concat": [
              "192.168.0.12",
              "tcp",
              80
            ]
          },
          {
            "concat": [
              "192.168.0.13",
              "tcp",
              80
            ]
          }
        ]
      }
    },
    {
      "rule": {
        "family": "inet",
        "table": "filter",
        "chain": "forward",
        "handle": 0,
        "expr": [
          {
            "match": {
              "op": "in",
              "left": {
                "ct": {
                  "key": "state"
                }
              },
              "right": [
                "established",
                "related"
              ]
            }
          },
          {
            "accept": null
          }
        ]
      }
    },
    {
      "rule": {
        "family": "inet",
        "table": "filter",
        "chain": "forward",
        "handle": 0,
        "expr": [
          {
            "match": {
              "op": "in",
              "left": {
                "ct": {
                  "key": "state"
                }
              },
              "right": "new"
            }
          },
          {
            "match": {
              "op": "==",
              "left": {
                "concat": [
                  {
                    "payload": {
                      "protocol": "ip",
                      "field": "daddr"
                    }
                  },
                  {
                    "payload": {
                      "protocol": "ip",
                      "field": "protocol"
                    }
                  },
                  {
                    "payload": {
                      "protocol": "th",
                      "field": "dport"
                    }
                  }
                ]
              },
              "right": "@myset"
            }
          },
          {
            "accept": null
          }
        ]
      }
    }
  ]
}