1 Testing that rule declarations are mapped to the proper chains depending
2 on src and dest options.
6 include("./root/usr/share/firewall4/main.uc", {
7 getenv: function(varname) {
17 -- File uci/helpers.json --
21 -- File uci/firewall.json --
25 ".description": "Neither source, nor dest => should result in an output rule",
29 ".description": "Source any, no dest => should result in an input rule",
34 ".description": "Dest any, no source => should result in an output rule",
39 ".description": "Source any, dest any => should result in a forward rule",
67 include "/etc/nftables.d/*.nft"
75 type filter hook input priority filter; policy drop;
77 iifname "lo" accept comment "!fw4: Accept traffic from loopback"
79 ct state established,related accept comment "!fw4: Allow inbound established and related flows"
80 counter comment "!fw4: @rule[1]"
84 type filter hook forward priority filter; policy drop;
86 ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
87 counter comment "!fw4: @rule[3]"
91 type filter hook output priority filter; policy drop;
93 oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
95 ct state established,related accept comment "!fw4: Allow outbound established and related flows"
96 counter comment "!fw4: @rule[0]"
97 counter comment "!fw4: @rule[2]"
101 type filter hook prerouting priority filter; policy accept;
104 chain handle_reject {
105 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
106 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
115 type nat hook prerouting priority dstnat; policy accept;
119 type nat hook postrouting priority srcnat; policy accept;
124 # Raw rules (notrack)
127 chain raw_prerouting {
128 type filter hook prerouting priority raw; policy accept;
132 type filter hook output priority raw; policy accept;
140 chain mangle_prerouting {
141 type filter hook prerouting priority mangle; policy accept;
144 chain mangle_postrouting {
145 type filter hook postrouting priority mangle; policy accept;
149 type filter hook input priority mangle; policy accept;
152 chain mangle_output {
153 type route hook output priority mangle; policy accept;
156 chain mangle_forward {
157 type filter hook forward priority mangle; policy accept;