]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
tests/shell: add testcase for 'nft -f' load with actions
authorArturo Borrero <arturo.borrero.glez@gmail.com>
Wed, 11 May 2016 11:30:08 +0000 (13:30 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 13 May 2016 09:34:49 +0000 (11:34 +0200)
Let's tests loading a ruleset with actions.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
tests/shell/testcases/nft-f/0006action_object_0 [new file with mode: 0755]

diff --git a/tests/shell/testcases/nft-f/0006action_object_0 b/tests/shell/testcases/nft-f/0006action_object_0
new file mode 100755 (executable)
index 0000000..f4ec41d
--- /dev/null
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# test loading a ruleset with the 'action object' pattern
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+       echo "Failed to create tmp file" >&2
+       exit 0
+fi
+
+trap "rm -f $tmpfile" EXIT # cleanup if aborted
+
+set -e
+
+FAMILIES="ip ip6 inet arp bridge"
+
+generate1()
+{
+       local family=$1
+       echo "
+       add table $family t
+       add chain $family t c
+       add rule $family t c accept
+       add set $family t s {type inet_service;}
+       add element $family t s {8080}
+       insert rule $family t c meta l4proto tcp tcp dport @s accept
+       replace rule $family t c handle 2 meta l4proto tcp tcp dport {9090}
+       add map $family t m {type inet_service:verdict;}
+       add element $family t m {10080:drop}
+       insert rule $family t c meta l4proto tcp tcp dport vmap @m
+       add rule $family t c meta l4proto udp udp sport vmap {1111:accept}
+       " >> $tmpfile
+}
+
+generate2()
+{
+       local family=$1
+       echo "
+       flush chain $family t c
+       delete element $family t m {10080:drop}
+       delete element $family t s {8080}
+       delete chain $family t c
+       delete table $family t
+       " >> $tmpfile
+}
+
+for family in $FAMILIES ; do
+       generate1 $family
+done
+
+$NFT -f $tmpfile
+if [ $? -ne 0 ] ; then
+       echo "E: unable to load ruleset 1" >&2
+       exit 1
+fi
+
+echo "" > $tmpfile
+for family in $FAMILIES ; do
+       generate2 $family
+done
+
+$NFT -f $tmpfile
+if [ $? -ne 0 ] ; then
+       echo "E: unable to load ruleset 2" >&2
+       exit 1
+fi
+
+exit 0