Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- extensions/libebt_802_3.t | 3 +++ extensions/libebt_arp.t | 11 +++++++++++ extensions/libebt_ip.t | 10 ++++++++++ extensions/libebt_ip6.t | 12 ++++++++++++ extensions/libebt_log.t | 6 ++++++ extensions/libebt_mark.t | 5 +++++ extensions/libebt_mark_m.t | 6 ++++++ extensions/libebt_nflog.t | 5 +++++ extensions/libebt_pkttype.t | 13 +++++++++++++ extensions/libebt_stp.t | 13 +++++++++++++ extensions/libebt_vlan.t | 5 +++++ 11 files changed, 89 insertions(+) create mode 100644 extensions/libebt_802_3.t create mode 100644 extensions/libebt_arp.t create mode 100644 extensions/libebt_ip.t create mode 100644 extensions/libebt_ip6.t create mode 100644 extensions/libebt_log.t create mode 100644 extensions/libebt_mark.t create mode 100644 extensions/libebt_mark_m.t create mode 100644 extensions/libebt_nflog.t create mode 100644 extensions/libebt_pkttype.t create mode 100644 extensions/libebt_stp.t create mode 100644 extensions/libebt_vlan.t diff --git a/extensions/libebt_802_3.t b/extensions/libebt_802_3.t new file mode 100644 index 000000000000..ddfb2f0a72ba --- /dev/null +++ b/extensions/libebt_802_3.t @@ -0,0 +1,3 @@ +:INPUT,FORWARD,OUTPUT +--802_3-sap ! 0x0a -j CONTINUE;=;OK +--802_3-type 0x000a -j RETURN;=;OK diff --git a/extensions/libebt_arp.t b/extensions/libebt_arp.t new file mode 100644 index 000000000000..64b4362f9cdb --- /dev/null +++ b/extensions/libebt_arp.t @@ -0,0 +1,11 @@ +:INPUT,FORWARD,OUTPUT +-p ARP --arp-op Request;=;OK +-p ARP --arp-htype ! 1;=;OK +-p ARP --arp-ptype 0x2;=;OK +-p ARP --arp-ip-src 1.2.3.4;=;OK +-p ARP ! --arp-ip-dst 1.2.3.4;-p ARP --arp-ip-dst ! 1.2.3.4 -j CONTINUE;OK +-p ARP --arp-ip-src ! 0.0.0.0;=;OK +-p ARP --arp-ip-dst ! 0.0.0.0/8;=;OK +-p ARP --arp-mac-src 0:de:ad:be:ef:0;=;OK +-p ARP --arp-mac-dst de:ad:be:ef:0:0/ff:ff:ff:ff:0:0;=;OK +-p ARP --arp-gratuitous;=;OK diff --git a/extensions/libebt_ip.t b/extensions/libebt_ip.t new file mode 100644 index 000000000000..6f99aa56d238 --- /dev/null +++ b/extensions/libebt_ip.t @@ -0,0 +1,10 @@ +:INPUT,FORWARD,OUTPUT +-p ip --ip-src ! 192.168.0.0/24 -j ACCEPT;-p IPv4 --ip-src ! 192.168.0.0/24 -j ACCEPT;OK +-p IPv4 --ip-dst 10.0.0.1;=;OK +-p IPv4 --ip-tos 0xFF;=;OK +-p IPv4 --ip-proto tcp --ip-dport 22;=;OK +-p IPv4 --ip-proto udp --ip-sport 1024:65535;=;OK +-p IPv4 --ip-proto 253;=;OK +-p IPv4 --ip-proto icmp --ip-icmp-type echo-request;=;OK +-p IPv4 --ip-proto icmp --ip-icmp-type 1/1;=;OK +-p ip --ip-protocol icmp --ip-icmp-type ! 1:10;-p IPv4 --ip-proto icmp --ip-icmp-type ! 1:10/0:255 -j CONTINUE;OK diff --git a/extensions/libebt_ip6.t b/extensions/libebt_ip6.t new file mode 100644 index 000000000000..986348008f12 --- /dev/null +++ b/extensions/libebt_ip6.t @@ -0,0 +1,12 @@ +:INPUT,FORWARD,OUTPUT +-p ip6 --ip6-src ! dead::beef/64 -j ACCEPT;-p IPv6 --ip6-src ! dead::/64 -j ACCEPT;OK +-p IPv6 --ip6-dst dead:beef::/64 -j ACCEPT;=;OK +-p IPv6 --ip6-dst f00:ba::;=;OK +-p IPv6 --ip6-tclass 0xFF;=;OK +-p IPv6 --ip6-proto tcp --ip6-dport 22;=;OK +-p IPv6 --ip6-proto udp --ip6-sport 1024:65535;=;OK +-p IPv6 --ip6-proto 253;=;OK +-p IPv6 --ip6-proto ipv6-icmp --ip6-icmp-type echo-request -j CONTINUE;=;OK +-p IPv6 --ip6-proto ipv6-icmp --ip6-icmp-type echo-request;=;OK +-p ip6 --ip6-protocol icmpv6 --ip6-icmp-type 1/1;-p IPv6 --ip6-proto ipv6-icmp --ip6-icmp-type communication-prohibited -j CONTINUE;OK +-p IPv6 --ip6-proto ipv6-icmp --ip6-icmp-type ! 1:10/0:255;=;OK diff --git a/extensions/libebt_log.t b/extensions/libebt_log.t new file mode 100644 index 000000000000..a0df6169112a --- /dev/null +++ b/extensions/libebt_log.t @@ -0,0 +1,6 @@ +:INPUT,FORWARD,OUTPUT +--log;=;OK +--log-level crit;=;OK +--log-level 1;--log-level alert --log-prefix "";OK +--log-level emerg --log-ip --log-arp --log-ip6;--log-level emerg --log-prefix "" --log-ip --log-arp --log-ip6 -j CONTINUE;OK +--log-level crit --log-ip --log-arp --log-ip6 --log-prefix foo;--log-level crit --log-prefix "foo" --log-ip --log-arp --log-ip6 -j CONTINUE;OK diff --git a/extensions/libebt_mark.t b/extensions/libebt_mark.t new file mode 100644 index 000000000000..2d8f9d7a972a --- /dev/null +++ b/extensions/libebt_mark.t @@ -0,0 +1,5 @@ +:INPUT,FORWARD,OUTPUT +-j mark --mark-set 1;-j mark --mark-set 0x1 --mark-target ACCEPT;OK +-j mark --mark-or 0xa --mark-target CONTINUE;=;OK +-j mark --mark-and 0x1 --mark-target RETURN;=;OK +-j mark --mark-xor 0x1 --mark-target CONTINUE;=;OK diff --git a/extensions/libebt_mark_m.t b/extensions/libebt_mark_m.t new file mode 100644 index 000000000000..00035427f8b6 --- /dev/null +++ b/extensions/libebt_mark_m.t @@ -0,0 +1,6 @@ +:INPUT,FORWARD,OUTPUT +--mark 42;--mark 0x2a;OK +--mark ! 42;--mark ! 0x2a;OK +--mark 42/0xff;--mark 0x2a/0xff;OK +--mark ! 0x1/0xff;=;OK +--mark /0x2;=;OK diff --git a/extensions/libebt_nflog.t b/extensions/libebt_nflog.t new file mode 100644 index 000000000000..f867df303fa9 --- /dev/null +++ b/extensions/libebt_nflog.t @@ -0,0 +1,5 @@ +:INPUT,FORWARD,OUTPUT +--nflog;=;OK +--nflog-group 42;=;OK +--nflog-range 42;--nflog-group 1 --nflog-range 42 -j CONTINUE;OK +--nflog-threshold 100 --nflog-prefix foo;--nflog-prefix "foo" --nflog-group 1 --nflog-threshold 100 -j CONTINUE;OK diff --git a/extensions/libebt_pkttype.t b/extensions/libebt_pkttype.t new file mode 100644 index 000000000000..921cf3acbbda --- /dev/null +++ b/extensions/libebt_pkttype.t @@ -0,0 +1,13 @@ +:INPUT,FORWARD,OUTPUT +-s 0:0:0:0:0:0;=;OK +-d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK +-s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK +-d de:ad:be:ef:0:0;=;OK +! --pkttype-type host;--pkttype-type ! host -j CONTINUE;OK +--pkttype-type host;=;OK +--pkttype-type broadcast;=;OK +--pkttype-type ! multicast;=;OK +--pkttype-type multicast;=;OK +--pkttype-type otherhost;=;OK +--pkttype-type outgoing;=;OK +--pkttype-type loopback;=;OK diff --git a/extensions/libebt_stp.t b/extensions/libebt_stp.t new file mode 100644 index 000000000000..0c6b77b91454 --- /dev/null +++ b/extensions/libebt_stp.t @@ -0,0 +1,13 @@ +:INPUT,FORWARD,OUTPUT +--stp-type 1;=;OK +--stp-flags 0x1;--stp-flags topology-change -j CONTINUE;OK +--stp-root-prio 1 -j ACCEPT;=;OK +--stp-root-addr 0d:ea:d0:0b:ee:f0;=;OK +--stp-root-cost 1;=;OK +--stp-sender-prio 1;=;OK +--stp-sender-addr de:ad:be:ef:00:00;=;OK +--stp-port 1;=;OK +--stp-msg-age 1;=;OK +--stp-max-age 1;=;OK +--stp-hello-time 1;=;OK +--stp-forward-delay 1;=;OK diff --git a/extensions/libebt_vlan.t b/extensions/libebt_vlan.t new file mode 100644 index 000000000000..58471caa2343 --- /dev/null +++ b/extensions/libebt_vlan.t @@ -0,0 +1,5 @@ +:INPUT,FORWARD,OUTPUT +-p 802_1Q --vlan-id 42;=;OK +-p 802_1Q --vlan-prio ! 1;=;OK +-p 802_1Q --vlan-encap ip;-p 802_1Q --vlan-encap 0800 -j CONTINUE;OK +-p 802_1Q --vlan-encap IPv6 ! --vlan-id 1;-p 802_1Q --vlan-id ! 1 --vlan-encap 86DD -j CONTINUE;OK -- 2.18.1