Commit 85c0c8b3 authored Nov 03, 2021 by Phil Sutter Committed by Pablo Neira Ayuso Nov 08, 2021

selftests: nft_nat: Simplify port shadow notrack test



The second rule in prerouting chain was probably a leftover: The router
listens on veth0, so not tracking connections via that interface is
sufficient. Likewise, the rule in output chain can be limited to that
interface as well.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent e1f8bc06

tools/testing/selftests/netfilter/nft_nat.sh

+1 −2

Original line number	Diff line number	Diff line
		@@ -818,11 +818,10 @@ table $family raw {
		chain prerouting {
		type filter hook prerouting priority -300; policy accept;
		meta iif veth0 udp dport 1405 notrack
		udp dport 1405 notrack
		}
		chain output {
		type filter hook output priority -300; policy accept;
		udp sport 1405 notrack
		meta oif veth0 udp sport 1405 notrack
		}
		}
		EOF