1 Testing that not enabled rules are ignored.
5 include("./root/usr/share/firewall4/main.uc", {
6 getenv: function(varname) {
16 -- File uci/helpers.json --
20 -- File uci/firewall.json --
25 "name": "Implicitly enabled"
29 "name": "Explicitly enabled",
34 "name": "Explicitly disabled",
42 [!] Section @rule[2] (Explicitly disabled) is disabled, ignoring section
59 include "/etc/nftables.d/*.nft"
67 type filter hook input priority filter; policy drop;
69 iif "lo" accept comment "!fw4: Accept traffic from loopback"
71 ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows"
75 type filter hook forward priority filter; policy drop;
77 ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows"
81 type filter hook output priority filter; policy drop;
83 oif "lo" accept comment "!fw4: Accept traffic towards loopback"
85 ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows"
86 counter comment "!fw4: Implicitly enabled"
87 counter comment "!fw4: Explicitly enabled"
91 type filter hook prerouting priority filter; policy accept;
95 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
96 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
105 type nat hook prerouting priority dstnat; policy accept;
109 type nat hook postrouting priority srcnat; policy accept;
114 # Raw rules (notrack)
117 chain raw_prerouting {
118 type filter hook prerouting priority raw; policy accept;
122 type filter hook output priority raw; policy accept;
130 chain mangle_prerouting {
131 type filter hook prerouting priority mangle; policy accept;
134 chain mangle_postrouting {
135 type filter hook postrouting priority mangle; policy accept;
139 type filter hook input priority mangle; policy accept;
142 chain mangle_output {
143 type route hook output priority mangle; policy accept;
146 chain mangle_forward {
147 type filter hook forward priority mangle; policy accept;