1#!/bin/bash 2 3# test for iptables-restore --noflush skipping an explicitly requested chain 4# flush because the chain did not exist when cache was fetched. In order to 5# expect for that chain to appear when refreshing the transaction (due to a 6# concurrent ruleset change), the chain flush job has to be present in batch 7# job list (although disabled at first). 8# The input line requesting chain flush is ':FOO - [0:0]'. RS1 and RS2 contents 9# are crafted to cause EBUSY when deleting the BAR* chains if FOO is not 10# flushed in the same transaction. 11 12set -e 13 14RS="*filter 15:INPUT ACCEPT [12024:3123388] 16:FORWARD ACCEPT [0:0] 17:OUTPUT ACCEPT [12840:2144421] 18:FOO - [0:0] 19:BAR0 - [0:0] 20:BAR1 - [0:0] 21:BAR2 - [0:0] 22:BAR3 - [0:0] 23:BAR4 - [0:0] 24:BAR5 - [0:0] 25:BAR6 - [0:0] 26:BAR7 - [0:0] 27:BAR8 - [0:0] 28:BAR9 - [0:0] 29" 30 31RS1="$RS 32-X BAR3 33-X BAR6 34-X BAR9 35-A FOO -s 9.9.0.1/32 -j BAR1 36-A FOO -s 9.9.0.2/32 -j BAR2 37-A FOO -s 9.9.0.4/32 -j BAR4 38-A FOO -s 9.9.0.5/32 -j BAR5 39-A FOO -s 9.9.0.7/32 -j BAR7 40-A FOO -s 9.9.0.8/32 -j BAR8 41COMMIT 42" 43 44RS2="$RS 45-X BAR2 46-X BAR5 47-X BAR7 48-A FOO -s 9.9.0.1/32 -j BAR1 49-A FOO -s 9.9.0.3/32 -j BAR3 50-A FOO -s 9.9.0.4/32 -j BAR4 51-A FOO -s 9.9.0.6/32 -j BAR6 52-A FOO -s 9.9.0.8/32 -j BAR8 53-A FOO -s 9.9.0.9/32 -j BAR9 54COMMIT 55" 56 57NORS="*filter 58COMMIT 59" 60 61for n in $(seq 1 10); do 62 $XT_MULTI iptables-restore <<< "$NORS" 63 $XT_MULTI iptables-restore --noflush -w <<< "$RS1" & 64 $XT_MULTI iptables-restore --noflush -w <<< "$RS2" & 65 wait -n 66 wait -n 67done 68