1 Testing that not enabled rules are ignored.
5 include("./root/usr/share/firewall4/main.uc", {
6 getenv: function(varname) {
16 -- File uci/helpers.json --
20 -- File uci/firewall.json --
25 "name": "Implicitly enabled"
29 "name": "Explicitly enabled",
34 "name": "Explicitly disabled",
42 [!] Section @rule[2] (Explicitly disabled) is disabled, ignoring section
64 include "/etc/nftables.d/*.nft"
72 type filter hook input priority filter; policy drop;
74 iifname "lo" accept comment "!fw4: Accept traffic from loopback"
76 ct state established,related accept comment "!fw4: Allow inbound established and related flows"
80 type filter hook forward priority filter; policy drop;
82 ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
86 type filter hook output priority filter; policy drop;
88 oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
90 ct state established,related accept comment "!fw4: Allow outbound established and related flows"
91 counter comment "!fw4: Implicitly enabled"
92 counter comment "!fw4: Explicitly enabled"
96 type filter hook prerouting priority filter; policy accept;
100 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
101 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
110 type nat hook prerouting priority dstnat; policy accept;
114 type nat hook postrouting priority srcnat; policy accept;
119 # Raw rules (notrack)
122 chain raw_prerouting {
123 type filter hook prerouting priority raw; policy accept;
127 type filter hook output priority raw; policy accept;
135 chain mangle_prerouting {
136 type filter hook prerouting priority mangle; policy accept;
139 chain mangle_postrouting {
140 type filter hook postrouting priority mangle; policy accept;
144 type filter hook input priority mangle; policy accept;
147 chain mangle_output {
148 type route hook output priority mangle; policy accept;
151 chain mangle_forward {
152 type filter hook forward priority mangle; policy accept;