In the test files, some lines defining tables was commented out with a
minus "-" sign, also used to mark broken rules. This commit replaces
these signs with actual comments "#" and removes the code that handled
the situation.
Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*ip;test-ip4
*ip6;test-ip6
*inet;test-inet
-# ct expresion is not supported in arp and bridge family yet.
-- *arp;test-arp
-- *bridge;test-bridge
:output;type filter hook output priority 0
*ip;test-ip4
# BUG: There is a bug with icmp protocol and inet family.
-- *inet;test-inet
+# *inet;test-inet
:input;type filter hook input priority 0
icmp type echo-reply accept;ok
*ip6;test-ip6
# BUG: There is a bug with icmpv6 and inet tables
-- *inet;test-inet
+# *inet;test-inet
:input;type filter hook input priority 0
icmpv6 type destination-unreachable accept;ok
*ip6;test-ip6
-- *inet;test-inet
:postrouting;type nat hook postrouting priority 0
tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok;tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::80-100
# Rule
rule = line.split(';') # rule[1] Ok or FAIL
if line[0] == "-": # Run omitted lines
- if line[1:].find("*") != -1:
- continue
if need_fix_option:
rule[0] = rule[0].rstrip()[1:].strip()
else:
projects / thirdparty / nftables.git / commitdiff
