1 Testing that rule declarations are mapped to the proper chains depending
2 on src and dest options.
6 include("./root/usr/share/firewall4/main.uc", {
7 getenv: function(varname) {
17 -- File uci/helpers.json --
21 -- File uci/firewall.json --
25 ".description": "Neither source, nor dest => should result in an output rule",
29 ".description": "Source any, no dest => should result in an input rule",
34 ".description": "Dest any, no source => should result in an output rule",
39 ".description": "Source any, dest any => should result in a forward rule",
62 include "/etc/nftables.d/*.nft"
70 type filter hook input priority filter; policy drop;
72 iifname "lo" accept comment "!fw4: Accept traffic from loopback"
74 ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows"
75 counter comment "!fw4: @rule[1]"
79 type filter hook forward priority filter; policy drop;
81 ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows"
82 counter comment "!fw4: @rule[3]"
86 type filter hook output priority filter; policy drop;
88 oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
90 ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows"
91 counter comment "!fw4: @rule[0]"
92 counter comment "!fw4: @rule[2]"
96 type filter hook prerouting priority filter; policy accept;
100 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
101 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
110 type nat hook prerouting priority dstnat; policy accept;
114 type nat hook postrouting priority srcnat; policy accept;
119 # Raw rules (notrack)
122 chain raw_prerouting {
123 type filter hook prerouting priority raw; policy accept;
127 type filter hook output priority raw; policy accept;
135 chain mangle_prerouting {
136 type filter hook prerouting priority mangle; policy accept;
139 chain mangle_postrouting {
140 type filter hook postrouting priority mangle; policy accept;
144 type filter hook input priority mangle; policy accept;
147 chain mangle_output {
148 type route hook output priority mangle; policy accept;
151 chain mangle_forward {
152 type filter hook forward priority mangle; policy accept;