1 Testing that not enabled rules are ignored. 2 3 -- Testcase -- 4 {% 5 include("./root/usr/share/firewall4/main.uc", { 6 getenv: function(varname) { 7 switch (varname) { 8 case 'ACTION': 9 return 'print'; 10 } 11 } 12 }) 13 %} 14 -- End -- 15 16 -- File uci/helpers.json -- 17 {} 18 -- End -- 19 20 -- File uci/firewall.json -- 21 { 22 "rule": [ 23 { 24 "proto": "any", 25 "name": "Implicitly enabled" 26 }, 27 { 28 "proto": "any", 29 "name": "Explicitly enabled", 30 "enabled": "1" 31 }, 32 { 33 "proto": "any", 34 "name": "Explicitly disabled", 35 "enabled": "0" 36 } 37 ] 38 } 39 -- End -- 40 41 -- Expect stderr -- 42 [!] Section @rule[2] (Explicitly disabled) is disabled, ignoring section 43 -- End -- 44 45 -- Expect stdout -- 46 table inet fw4 47 flush table inet fw4 48 49 table inet fw4 { 50 # 51 # Defines 52 # 53 54 55 # 56 # User includes 57 # 58 59 include "/etc/nftables.d/*.nft" 60 61 62 # 63 # Filter rules 64 # 65 66 chain input { 67 type filter hook input priority filter; policy drop; 68 69 iif "lo" accept comment "!fw4: Accept traffic from loopback" 70 71 ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows" 72 } 73 74 chain forward { 75 type filter hook forward priority filter; policy drop; 76 77 ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows" 78 } 79 80 chain output { 81 type filter hook output priority filter; policy drop; 82 83 oif "lo" accept comment "!fw4: Accept traffic towards loopback" 84 85 ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows" 86 counter comment "!fw4: Implicitly enabled" 87 counter comment "!fw4: Explicitly enabled" 88 } 89 90 chain prerouting { 91 type filter hook prerouting priority filter; policy accept; 92 } 93 94 chain handle_reject { 95 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic" 96 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic" 97 } 98 99 100 # 101 # NAT rules 102 # 103 104 chain dstnat { 105 type nat hook prerouting priority dstnat; policy accept; 106 } 107 108 chain srcnat { 109 type nat hook postrouting priority srcnat; policy accept; 110 } 111 112 113 # 114 # Raw rules (notrack) 115 # 116 117 chain raw_prerouting { 118 type filter hook prerouting priority raw; policy accept; 119 } 120 121 chain raw_output { 122 type filter hook output priority raw; policy accept; 123 } 124 125 126 # 127 # Mangle rules 128 # 129 130 chain mangle_prerouting { 131 type filter hook prerouting priority mangle; policy accept; 132 } 133 134 chain mangle_postrouting { 135 type filter hook postrouting priority mangle; policy accept; 136 } 137 138 chain mangle_input { 139 type filter hook input priority mangle; policy accept; 140 } 141 142 chain mangle_output { 143 type route hook output priority mangle; policy accept; 144 } 145 146 chain mangle_forward { 147 type filter hook forward priority mangle; policy accept; 148 } 149 } 150 -- End --
This page was automatically generated by LXR 0.3.1. • OpenWrt