summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich2022-10-03 12:26:02 +0000
committerJo-Philipp Wich2022-10-03 12:29:41 +0000
commitb0a6bff4ee4410cd554811fa0ca3b28fce908473 (patch)
tree6afc1e83f1fa5f74aff07b1d9f6de31a6f87f02c
parent145e1591a3ca7cc4f92f9f80ef7bdfe393ac0229 (diff)
downloadfirewall4-b0a6bff4ee4410cd554811fa0ca3b28fce908473.tar.gz
tests: fix testcases
Align expected output with the current implementation. Fixes: a540f6d ("fw4: fix cosmetic issue with per-ruleset and per-table include paths") Fixes: 145e159 ("fw4: recognize `option log` and `option counter` in `config nat` sections") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r--tests/01_configuration/01_ruleset8
-rw-r--r--tests/01_configuration/02_rule_order8
-rw-r--r--tests/03_rules/08_family_inheritance8
3 files changed, 12 insertions, 12 deletions
diff --git a/tests/01_configuration/01_ruleset b/tests/01_configuration/01_ruleset
index 06249f2..e30ca76 100644
--- a/tests/01_configuration/01_ruleset
+++ b/tests/01_configuration/01_ruleset
@@ -303,10 +303,10 @@ table inet fw4 {
[!] Section @defaults[0] specifies unknown option 'unknown_defaults_option'
[!] Section @rule[9] (Test-Deprecated-Rule-Option) option '_name' is deprecated by fw4
[!] Section @rule[9] (Test-Deprecated-Rule-Option) specifies unknown option 'unknown_rule_option'
-[call] fs.glob pattern </usr/share/nftables.d/ruleset-pre//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/ruleset-post//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/table-pre//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/table-post//*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/ruleset-pre/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/ruleset-post/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/table-pre/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/table-post/*.nft>
[call] fs.lsdir path </usr/share/nftables.d/chain-pre>
[call] fs.lsdir path </usr/share/nftables.d/chain-post>
[call] ctx.call object <network.device> method <status> args <null>
diff --git a/tests/01_configuration/02_rule_order b/tests/01_configuration/02_rule_order
index 245bb74..93a0f08 100644
--- a/tests/01_configuration/02_rule_order
+++ b/tests/01_configuration/02_rule_order
@@ -229,10 +229,10 @@ table inet fw4 {
[call] ctx.call object <network.interface> method <dump> args <null>
[call] ctx.call object <service> method <get_data> args <{ "type": "firewall" }>
[call] fs.open path </proc/version> mode <r>
-[call] fs.glob pattern </usr/share/nftables.d/ruleset-pre//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/ruleset-post//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/table-pre//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/table-post//*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/ruleset-pre/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/ruleset-post/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/table-pre/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/table-post/*.nft>
[call] fs.lsdir path </usr/share/nftables.d/chain-pre>
[call] fs.lsdir path </usr/share/nftables.d/chain-post>
[call] fs.popen cmdline </usr/sbin/nft --terse --json list flowtables inet> mode <r>
diff --git a/tests/03_rules/08_family_inheritance b/tests/03_rules/08_family_inheritance
index fc489b5..fa02ead 100644
--- a/tests/03_rules/08_family_inheritance
+++ b/tests/03_rules/08_family_inheritance
@@ -266,9 +266,9 @@ table inet fw4 {
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
- meta nfproto ipv4 masquerade comment "!fw4: NAT #3"
- ip6 saddr fc00::/7 masquerade comment "!fw4: NAT #4"
- masquerade comment "!fw4: NAT #6"
+ meta nfproto ipv4 counter masquerade comment "!fw4: NAT #3"
+ ip6 saddr fc00::/7 counter masquerade comment "!fw4: NAT #4"
+ counter masquerade comment "!fw4: NAT #6"
meta nfproto ipv4 ip daddr 192.168.1.0/24 jump srcnat_ipv4only comment "!fw4: Handle ipv4only IPv4 srcnat traffic"
}
@@ -276,7 +276,7 @@ table inet fw4 {
}
chain srcnat_ipv4only {
- meta nfproto ipv4 masquerade comment "!fw4: NAT #5"
+ meta nfproto ipv4 counter masquerade comment "!fw4: NAT #5"
}