| #!/bin/bash |
| |
| set -e |
| |
| $XT_MULTI iptables -N foo |
| $XT_MULTI iptables -A FORWARD -i eth23 -o eth42 -j ACCEPT |
| $XT_MULTI iptables -A FORWARD -i eth42 -o eth23 -g foo |
| $XT_MULTI iptables -t nat -A OUTPUT -o eth123 -m mark --mark 0x42 -j ACCEPT |
| |
| EXPECT='-P INPUT ACCEPT |
| -P FORWARD ACCEPT |
| -P OUTPUT ACCEPT |
| -N foo |
| -A FORWARD -i eth23 -o eth42 -j ACCEPT |
| -A FORWARD -i eth42 -o eth23 -g foo' |
| |
| diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables -S) |
| |
| EXPECT='-P INPUT ACCEPT -c 0 0 |
| -P FORWARD ACCEPT -c 0 0 |
| -P OUTPUT ACCEPT -c 0 0 |
| -N foo |
| -A FORWARD -i eth23 -o eth42 -c 0 0 -j ACCEPT |
| -A FORWARD -i eth42 -o eth23 -c 0 0 -g foo' |
| |
| diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables -v -S) |
| |
| EXPECT='-P FORWARD ACCEPT |
| -A FORWARD -i eth23 -o eth42 -j ACCEPT |
| -A FORWARD -i eth42 -o eth23 -g foo' |
| |
| diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables -S FORWARD) |
| |
| EXPECT='-P FORWARD ACCEPT -c 0 0 |
| -A FORWARD -i eth23 -o eth42 -c 0 0 -j ACCEPT |
| -A FORWARD -i eth42 -o eth23 -c 0 0 -g foo' |
| |
| diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables -v -S FORWARD) |
| |
| EXPECT='-P OUTPUT ACCEPT |
| -A OUTPUT -o eth123 -m mark --mark 0x42 -j ACCEPT' |
| |
| diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables -t nat -S OUTPUT) |
| |
| EXPECT='-P OUTPUT ACCEPT -c 0 0 |
| -A OUTPUT -o eth123 -m mark --mark 0x42 -c 0 0 -j ACCEPT' |
| |
| diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables -v -t nat -S OUTPUT) |
| |
| # some of the following commands are supposed to fail |
| set +e |
| |
| $XT_MULTI iptables -S nonexistent && { |
| echo "list-rules in non-existent chain should fail" |
| exit 1 |
| } |
| $XT_MULTI iptables -S nonexistent 23 && { |
| echo "list-rules in non-existent chain with given rule number should fail" |
| exit 1 |
| } |
| $XT_MULTI iptables -S FORWARD 234 || { |
| echo "list-rules in existent chain with invalid rule number should succeed" |
| exit 1 |
| } |