1#!/bin/bash 2 3set -e 4#set -x 5 6# ensure verbose output is identical between legacy and nft tools 7 8RULE1='-i eth2 -o eth3 -s feed:babe::1 -d feed:babe::2 -j ACCEPT' 9VOUT1='ACCEPT all opt -- in eth2 out eth3 feed:babe::1 -> feed:babe::2' 10RULE2='-i eth2 -o eth3 -s feed:babe::4 -d feed:babe::5 -j ACCEPT' 11VOUT2='ACCEPT all opt -- in eth2 out eth3 feed:babe::4 -> feed:babe::5' 12RULE3='-p icmpv6 -m icmp6 --icmpv6-type no-route' 13VOUT3=' ipv6-icmp opt -- in * out * ::/0 -> ::/0 ipv6-icmptype 1 code 0' 14RULE4='-m dst --dst-len 42 -m rt --rt-type 23' 15VOUT4=' all opt -- in * out * ::/0 -> ::/0 dst length:42 rt type:23' 16RULE5='-m frag --fragid 1337 -j LOG' 17VOUT5='LOG all opt -- in * out * ::/0 -> ::/0 frag id:1337 LOG flags 0 level 4' 18 19diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI ip6tables -v -A FORWARD $RULE1) 20diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI ip6tables -v -I FORWARD 2 $RULE2) 21diff -u -Z <(echo -e "$VOUT3") <($XT_MULTI ip6tables -v -A FORWARD $RULE3) 22diff -u -Z <(echo -e "$VOUT4") <($XT_MULTI ip6tables -v -A FORWARD $RULE4) 23diff -u -Z <(echo -e "$VOUT5") <($XT_MULTI ip6tables -v -A FORWARD $RULE5) 24 25diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI ip6tables -v -C FORWARD $RULE1) 26diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI ip6tables -v -C FORWARD $RULE2) 27diff -u -Z <(echo -e "$VOUT3") <($XT_MULTI ip6tables -v -C FORWARD $RULE3) 28diff -u -Z <(echo -e "$VOUT4") <($XT_MULTI ip6tables -v -C FORWARD $RULE4) 29diff -u -Z <(echo -e "$VOUT5") <($XT_MULTI ip6tables -v -C FORWARD $RULE5) 30 31EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes) 32 pkts bytes target prot opt in out source destination 33 34Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) 35 pkts bytes target prot opt in out source destination 36 0 0 ACCEPT all -- eth2 eth3 feed:babe::1 feed:babe::2 37 0 0 ACCEPT all -- eth2 eth3 feed:babe::4 feed:babe::5 38 0 0 58 -- * * ::/0 ::/0 ipv6-icmptype 1 code 0 39 0 0 all -- * * ::/0 ::/0 dst length:42 rt type:23 40 0 0 LOG all -- * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4 41 42Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) 43 pkts bytes target prot opt in out source destination' 44 45diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI ip6tables -v -n -L) 46 47diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI ip6tables -v -D FORWARD $RULE1) 48diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI ip6tables -v -D FORWARD $RULE2) 49 50EXPECT="Flushing chain \`INPUT' 51Flushing chain \`FORWARD' 52Flushing chain \`OUTPUT'" 53 54diff -u <(echo -e "$EXPECT") <($XT_MULTI ip6tables -v -F) 55 56EXPECT="Zeroing chain \`INPUT' 57Zeroing chain \`FORWARD' 58Zeroing chain \`OUTPUT'" 59 60diff -u <(echo -e "$EXPECT") <($XT_MULTI ip6tables -v -Z) 61 62diff -u <(echo "Flushing chain \`OUTPUT'") <($XT_MULTI ip6tables -v -F OUTPUT) 63diff -u <(echo "Zeroing chain \`OUTPUT'") <($XT_MULTI ip6tables -v -Z OUTPUT) 64 65$XT_MULTI ip6tables -N foo 66diff -u <(echo "Deleting chain \`foo'") <($XT_MULTI ip6tables -v -X foo) 67