1 Testing various MARK rules. 2 3 -- Testcase -- 4 {% 5 include("./root/usr/share/firewall4/main.uc", { 6 getenv: function(varname) { 7 switch (varname) { 8 case 'ACTION': 9 return 'print'; 10 } 11 } 12 }) 13 %} 14 -- End -- 15 16 -- File uci/helpers.json -- 17 {} 18 -- End -- 19 20 -- File uci/firewall.json -- 21 { 22 "rule": [ 23 { 24 ".description": "Test setting mark", 25 "name": "Mark rule #1", 26 "proto": "all", 27 "src": "*", 28 "target": "MARK", 29 "set_mark": "0xaa" 30 }, 31 { 32 ".description": "Test setting mark with mask", 33 "name": "Mark rule #2", 34 "proto": "all", 35 "src": "*", 36 "target": "MARK", 37 "set_mark": "0xab/0xff00" 38 }, 39 { 40 ".description": "Test setting xor mark", 41 "name": "Mark rule #3", 42 "proto": "all", 43 "src": "*", 44 "target": "MARK", 45 "set_xmark": "0xac" 46 }, 47 { 48 ".description": "Test setting xor mark with mask", 49 "name": "Mark rule #4", 50 "proto": "all", 51 "src": "*", 52 "target": "MARK", 53 "set_xmark": "0xad/0xff00" 54 }, 55 { 56 ".description": "Test ANDing bits (set xmark 0/~bits)", 57 "name": "Mark rule #5", 58 "proto": "all", 59 "src": "*", 60 "target": "MARK", 61 "set_xmark": "0/0xffffff51" 62 }, 63 { 64 ".description": "Test ORing bits (set xmark bits/bits)", 65 "name": "Mark rule #6", 66 "proto": "all", 67 "src": "*", 68 "target": "MARK", 69 "set_xmark": "0xaf/0xaf" 70 } 71 ] 72 } 73 -- End -- 74 75 -- Expect stdout -- 76 table inet fw4 77 flush table inet fw4 78 79 table inet fw4 { 80 # 81 # Defines 82 # 83 84 85 # 86 # User includes 87 # 88 89 include "/etc/nftables.d/*.nft" 90 91 92 # 93 # Filter rules 94 # 95 96 chain input { 97 type filter hook input priority filter; policy drop; 98 99 iif "lo" accept comment "!fw4: Accept traffic from loopback" 100 101 ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows" 102 } 103 104 chain forward { 105 type filter hook forward priority filter; policy drop; 106 107 ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows" 108 } 109 110 chain output { 111 type filter hook output priority filter; policy drop; 112 113 oif "lo" accept comment "!fw4: Accept traffic towards loopback" 114 115 ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows" 116 } 117 118 chain prerouting { 119 type filter hook prerouting priority filter; policy accept; 120 } 121 122 chain handle_reject { 123 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic" 124 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic" 125 } 126 127 128 # 129 # NAT rules 130 # 131 132 chain dstnat { 133 type nat hook prerouting priority dstnat; policy accept; 134 } 135 136 chain srcnat { 137 type nat hook postrouting priority srcnat; policy accept; 138 } 139 140 141 # 142 # Raw rules (notrack) 143 # 144 145 chain raw_prerouting { 146 type filter hook prerouting priority raw; policy accept; 147 } 148 149 chain raw_output { 150 type filter hook output priority raw; policy accept; 151 } 152 153 154 # 155 # Mangle rules 156 # 157 158 chain mangle_prerouting { 159 type filter hook prerouting priority mangle; policy accept; 160 } 161 162 chain mangle_postrouting { 163 type filter hook postrouting priority mangle; policy accept; 164 } 165 166 chain mangle_input { 167 type filter hook input priority mangle; policy accept; 168 counter meta mark set 0xaa comment "!fw4: Mark rule #1" 169 counter meta mark set mark and 0xffff0054 xor 0xab comment "!fw4: Mark rule #2" 170 counter meta mark set 0xac comment "!fw4: Mark rule #3" 171 counter meta mark set mark and 0xffff00ff xor 0xad comment "!fw4: Mark rule #4" 172 counter meta mark set mark and 0xae comment "!fw4: Mark rule #5" 173 counter meta mark set mark or 0xaf comment "!fw4: Mark rule #6" 174 } 175 176 chain mangle_output { 177 type route hook output priority mangle; policy accept; 178 } 179 180 chain mangle_forward { 181 type filter hook forward priority mangle; policy accept; 182 } 183 } 184 -- End --
This page was automatically generated by LXR 0.3.1. • OpenWrt