| #!/bin/bash |
| |
| RET=0 |
| tmpfile="" |
| |
| clean_tmpfile() |
| { |
| if [ ! -z "$tmpfile" ];then |
| rm -f "$tmpfile" |
| fi |
| } |
| |
| trap clean_tmpfile EXIT |
| |
| do_diff() |
| { |
| A="$1" |
| B="$2" |
| |
| AT=$(mktemp) |
| grep -v "^#" "$A" > "$AT" |
| |
| diff -u "$AT" "$B" |
| x=$? |
| rm -f "$AT" |
| |
| return $x |
| } |
| |
| tmpfile=$(mktemp) || exit 1 |
| do_simple() |
| { |
| iptables="$1" |
| dumpfile="$2" |
| opt="$3" |
| |
| $XT_MULTI ${iptables}-restore $opt < "$dumpfile" |
| if [ $? -ne 0 ]; then |
| echo "$XT_MULTI ${iptables}-restore $opt $dumpfile failed" 1>&2 |
| exit 1 |
| fi |
| |
| :> "$tmpfile" |
| |
| for table in mangle raw filter; do |
| $XT_MULTI ${iptables}-save -t $table $opt | grep -v "^#" >> "$tmpfile" |
| done |
| |
| do_diff $dumpfile "$tmpfile" |
| |
| if [ $? -ne 0 ]; then |
| RET=1 |
| fi |
| } |
| # fedora27-iptables dump contains chain counters to test counter restore/save |
| do_simple "iptables" $(dirname "$0")/dumps/fedora27-iptables "-c" |
| do_simple "ip6tables" $(dirname "$0")/dumps/fedora27-ip6tables |
| |
| exit $RET |