1 Testing that not enabled rules are ignored.
5 include("./root/usr/share/firewall4/main.uc", {
6 getenv: function(varname) {
16 -- File uci/helpers.json --
20 -- File uci/firewall.json --
25 "name": "Implicitly enabled"
29 "name": "Explicitly enabled",
34 "name": "Explicitly disabled",
42 [!] Section @rule[2] (Explicitly disabled) is disabled, ignoring section
64 include "/etc/nftables.d/*.nft"
72 type filter hook input priority filter; policy drop;
74 iifname "lo" accept comment "!fw4: Accept traffic from loopback"
76 ct state established,related accept comment "!fw4: Allow inbound established and related flows"
80 type filter hook forward priority filter; policy drop;
82 ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
86 type filter hook output priority filter; policy drop;
88 oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
90 ct state established,related accept comment "!fw4: Allow outbound established and related flows"
91 counter comment "!fw4: Implicitly enabled"
92 counter comment "!fw4: Explicitly enabled"
96 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
97 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
106 type nat hook prerouting priority dstnat; policy accept;
110 type nat hook postrouting priority srcnat; policy accept;
115 # Raw rules (notrack & helper)
118 chain raw_prerouting {
119 type filter hook prerouting priority raw; policy accept;
123 type filter hook output priority raw; policy accept;
131 chain mangle_prerouting {
132 type filter hook prerouting priority mangle; policy accept;
135 chain mangle_postrouting {
136 type filter hook postrouting priority mangle; policy accept;
140 type filter hook input priority mangle; policy accept;
143 chain mangle_output {
144 type route hook output priority mangle; policy accept;
147 chain mangle_forward {
148 type filter hook forward priority mangle; policy accept;