ruleset: dispatch ct states using verdict map

[project/firewall4.git] / tests / 05_ipsets / 02_usage

diff --git a/tests/05_ipsets/02_usage b/tests/05_ipsets/02_usage
index 0f919aff3cf787d07282e60585aee39acdab3093..6bff992662118b51759f62a2fd9375f712c1ebeb 100644 (file)
--- a/tests/05_ipsets/02_usage
+++ b/tests/05_ipsets/02_usage
@@ -162,13 +162,13 @@ table inet fw4 {
 
                iifname "lo" accept comment "!fw4: Accept traffic from loopback"
 
-               ct state established,related accept comment "!fw4: Allow inbound established and related flows"
+               ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows"
        }
 
        chain forward {
                type filter hook forward priority filter; policy drop;
 
-               ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
+               ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows"
                meta nfproto ipv4 meta l4proto tcp ip saddr . tcp dport @test-set-1 counter comment "!fw4: Rule using test set #1"
                meta nfproto ipv4 meta l4proto tcp ip saddr . tcp sport @test-set-2 counter comment "!fw4: Rule using test set #2, match direction should default to 'source'"
                meta nfproto ipv4 meta l4proto tcp ip daddr . tcp sport @test-set-1 counter comment "!fw4: Rule using test set #1, overriding match direction"
@@ -182,7 +182,7 @@ table inet fw4 {
 
                oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
 
-               ct state established,related accept comment "!fw4: Allow outbound established and related flows"
+               ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows"
        }
 
        chain prerouting {