Recent changes to chain flush and zero routines incorporate proper error propagation so trying to flush or zero a non-existent chain results in an error. This is consistent with iptables-legacy, extend tests to make sure it stays this way. Also extend verbose output test to make these recent changes didn't mess it up. Signed-off-by: Phil Sutter <phil@xxxxxx> --- .../shell/testcases/iptables/0002-verbose-output_0 | 13 +++++++++---- .../shell/testcases/iptables/0004-return-codes_0 | 6 ++++++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 index 2e8059536ea7b..b1ef91f61f481 100755 --- a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 +++ b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 @@ -29,23 +29,28 @@ Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables -v -n -L) +[[ -z $($XT_MULTI iptables -v -N foobar) ]] || exit 1 + diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI iptables -v -D FORWARD $RULE1) diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI iptables -v -D FORWARD $RULE2) EXPECT="Flushing chain \`INPUT' Flushing chain \`FORWARD' -Flushing chain \`OUTPUT'" +Flushing chain \`OUTPUT' +Flushing chain \`foobar'" diff -u <(echo -e "$EXPECT") <($XT_MULTI iptables -v -F) EXPECT="Zeroing chain \`INPUT' Zeroing chain \`FORWARD' -Zeroing chain \`OUTPUT'" +Zeroing chain \`OUTPUT' +Zeroing chain \`foobar'" diff -u <(echo -e "$EXPECT") <($XT_MULTI iptables -v -Z) diff -u <(echo "Flushing chain \`OUTPUT'") <($XT_MULTI iptables -v -F OUTPUT) diff -u <(echo "Zeroing chain \`OUTPUT'") <($XT_MULTI iptables -v -Z OUTPUT) +diff -u <(echo "Flushing chain \`foobar'") <($XT_MULTI iptables -v -F foobar) +diff -u <(echo "Zeroing chain \`foobar'") <($XT_MULTI iptables -v -Z foobar) -$XT_MULTI iptables -N foo -diff -u <(echo "Deleting chain \`foo'") <($XT_MULTI iptables -v -X foo) +diff -u <(echo "Deleting chain \`foobar'") <($XT_MULTI iptables -v -X foobar) diff --git a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 index 5b6e1f6f1bc7a..9d2493992bd69 100755 --- a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 +++ b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 @@ -23,6 +23,12 @@ cmd 1 iptables -N foo # iptables-nft allows this - bug or feature? #cmd 2 iptables -N "invalid name" +# test chain flushing/zeroing +cmd 0 iptables -F foo +cmd 0 iptables -Z foo +cmd 1 iptables -F bar +cmd 1 iptables -Z bar + # test chain rename cmd 0 iptables -E foo bar cmd 1 iptables -E foo bar -- 2.19.0