0006-policy-override_0 635 Bytes
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#!/bin/bash

[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }

# make sure none of the commands invoking nft_xt_builtin_init() override
# non-default chain policies via needless chain add.

RC=0

do_test() {
	$XT_MULTI $@
	$XT_MULTI iptables -S | grep -q -- '-P FORWARD DROP' && return

	echo "command '$@' kills chain policies"
	$XT_MULTI iptables -P FORWARD DROP
	RC=1
}

$XT_MULTI iptables -P FORWARD DROP

do_test iptables -A OUTPUT -j ACCEPT
do_test iptables -F
do_test iptables -N foo
do_test iptables -E foo foo2
do_test iptables -I OUTPUT -j ACCEPT
do_test iptables -nL
do_test iptables -S

exit $RC