rpms / nftables

Clone
Source Code
GIT

Files

  1.   1374adc83cb07a9a742cbe746c5dabbaa4ea4169
  2.   SOURCES
  3.   0042-tests-Disable-tests-known-to-fail-on-RHEL8.patch
Blob Blame History Raw 
From f9dca1704ce66be31eceac4d7317b825269b3d07 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Tue, 2 Mar 2021 17:06:06 +0100
Subject: [PATCH] tests: Disable tests known to fail on RHEL8

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1919203
Upstream Status: RHEL-only

RHEL8 kernel does not support:

- ct timeout or expectation objects
- synproxy
- flowtables in families other than inet
- meta time
- bridge family-specific meta expressions (e.g. ibrvproto, ibrpvid)
- socket mark
- osf
- delete set elements from packet path
- update stateful objects
- explicitly setting set element expiration (commit 79ebb5bb4e3)
- flushing chains and deleting referenced objects in the same
  transaction (upstream commits with 'bogus EBUSY' in subject)

Disable all related tests to make the testsuites pass.
---
 tests/monitor/testcases/object.t                   | 14 +++----
 tests/py/any/meta.t                                | 36 ++++++++---------
 tests/py/bridge/meta.t                             |  8 ++--
 tests/py/inet/osf.t                                | 24 +++++------
 tests/py/inet/socket.t                             |  2 +-
 tests/py/inet/synproxy.t                           | 12 +++---
 tests/py/ip/objects.t                              | 46 +++++++++++-----------
 tests/py/ip6/sets.t                                |  2 +-
 .../testcases/flowtable/0002create_flowtable_0     |  8 ++--
 .../testcases/flowtable/0003add_after_flush_0      |  8 ++--
 .../testcases/flowtable/0004delete_after_add_0     |  6 +--
 .../shell/testcases/flowtable/0005delete_in_use_1  | 10 ++---
 tests/shell/testcases/flowtable/0007prio_0         |  6 +--
 tests/shell/testcases/flowtable/0008prio_1         |  4 +-
 .../testcases/flowtable/0009deleteafterflush_0     | 12 +++---
 tests/shell/testcases/listing/0013objects_0        |  2 +
 tests/shell/testcases/nft-f/0017ct_timeout_obj_0   |  2 +
 .../shell/testcases/nft-f/0018ct_expectation_obj_0 |  2 +
 .../testcases/nft-f/dumps/0017ct_timeout_obj_0.nft | 11 ------
 .../nft-f/dumps/0017ct_timeout_obj_0.nft.disabled  | 11 ++++++
 .../testcases/optionals/update_object_handles_0    |  2 +
 .../sets/0036add_set_element_expiration_0          |  2 +
 tests/shell/testcases/transactions/0046set_0       |  2 +
 23 files changed, 122 insertions(+), 110 deletions(-)
 delete mode 100644 tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft
 create mode 100644 tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled

diff --git a/tests/monitor/testcases/object.t b/tests/monitor/testcases/object.t
index 2afe33c..1b30384 100644
--- a/tests/monitor/testcases/object.t
+++ b/tests/monitor/testcases/object.t
@@ -37,10 +37,10 @@ I delete ct helper ip t cth
 O -
 J {"delete": {"ct helper": {"family": "ip", "name": "cth", "table": "t", "handle": 0, "type": "sip", "protocol": "tcp", "l3proto": "ip"}}}
 
-I add ct timeout ip t ctt { protocol udp; l3proto ip; policy = { unreplied : 15, replied : 12 }; }
-O -
-J {"add": {"ct timeout": {"family": "ip", "name": "ctt", "table": "t", "handle": 0, "protocol": "udp", "l3proto": "ip", "policy": {"unreplied": 15, "replied": 12}}}}
-
-I delete ct timeout ip t ctt
-O -
-J {"delete": {"ct timeout": {"family": "ip", "name": "ctt", "table": "t", "handle": 0, "protocol": "udp", "l3proto": "ip", "policy": {"unreplied": 15, "replied": 12}}}}
+# I add ct timeout ip t ctt { protocol udp; l3proto ip; policy = { unreplied : 15, replied : 12 }; }
+# O -
+# J {"add": {"ct timeout": {"family": "ip", "name": "ctt", "table": "t", "handle": 0, "protocol": "udp", "l3proto": "ip", "policy": {"unreplied": 15, "replied": 12}}}}
+# 
+# I delete ct timeout ip t ctt
+# O -
+# J {"delete": {"ct timeout": {"family": "ip", "name": "ctt", "table": "t", "handle": 0, "protocol": "udp", "l3proto": "ip", "policy": {"unreplied": 15, "replied": 12}}}}
diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t
index 327f973..241b466 100644
--- a/tests/py/any/meta.t
+++ b/tests/py/any/meta.t
@@ -204,21 +204,21 @@ meta iif . meta oif vmap { "lo" . "lo" : drop };ok;iif . oif vmap { "lo" . "lo"
 meta random eq 1;ok;meta random 1
 meta random gt 1000000;ok;meta random > 1000000
 
-meta time "1970-05-23 21:07:14" drop;ok
-meta time 12341234 drop;ok;meta time "1970-05-23 22:07:14" drop
-meta time "2019-06-21 17:00:00" drop;ok
-meta time "2019-07-01 00:00:00" drop;ok
-meta time "2019-07-01 00:01:00" drop;ok
-meta time "2019-07-01 00:00:01" drop;ok
-meta day "Saturday" drop;ok
-meta day 6 drop;ok;meta day "Saturday" drop
-meta day "Satturday" drop;fail
-meta hour "17:00" drop;ok
-meta hour "17:00:00" drop;ok;meta hour "17:00" drop
-meta hour "17:00:01" drop;ok
-meta hour "00:00" drop;ok
-meta hour "00:01" drop;ok
-
-meta time "meh";fail
-meta hour "24:00" drop;fail
-meta day 7 drop;fail
+- meta time "1970-05-23 21:07:14" drop;ok
+- meta time 12341234 drop;ok;meta time "1970-05-23 22:07:14" drop
+- meta time "2019-06-21 17:00:00" drop;ok
+- meta time "2019-07-01 00:00:00" drop;ok
+- meta time "2019-07-01 00:01:00" drop;ok
+- meta time "2019-07-01 00:00:01" drop;ok
+- meta day "Saturday" drop;ok
+- meta day 6 drop;ok;meta day "Saturday" drop
+- meta day "Satturday" drop;fail
+- meta hour "17:00" drop;ok
+- meta hour "17:00:00" drop;ok;meta hour "17:00" drop
+- meta hour "17:00:01" drop;ok
+- meta hour "00:00" drop;ok
+- meta hour "00:01" drop;ok
+
+- meta time "meh";fail
+- meta hour "24:00" drop;fail
+- meta day 7 drop;fail
diff --git a/tests/py/bridge/meta.t b/tests/py/bridge/meta.t
index 94525f2..9f55cde 100644
--- a/tests/py/bridge/meta.t
+++ b/tests/py/bridge/meta.t
@@ -2,7 +2,7 @@
 
 *bridge;test-bridge;input
 
-meta obrname "br0";ok
-meta ibrname "br0";ok
-meta ibrvproto vlan;ok
-meta ibrpvid 100;ok
+- meta obrname "br0";ok
+- meta ibrname "br0";ok
+- meta ibrvproto vlan;ok
+- meta ibrpvid 100;ok
diff --git a/tests/py/inet/osf.t b/tests/py/inet/osf.t
index c828541..5191e72 100644
--- a/tests/py/inet/osf.t
+++ b/tests/py/inet/osf.t
@@ -4,15 +4,15 @@
 *ip6;osfip6;osfchain
 *inet;osfinet;osfchain
 
-osf name "Linux";ok
-osf ttl loose name "Linux";ok
-osf ttl skip name "Linux";ok
-osf ttl skip version "Linux:3.0";ok
-osf ttl skip version "morethan:sixteenbytes";fail
-osf ttl nottl name "Linux";fail
-osf name "morethansixteenbytes";fail
-osf name ;fail
-osf name { "Windows", "MacOs" };ok
-osf version { "Windows:XP", "MacOs:Sierra" };ok
-ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 };ok
-ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 };ok
+- osf name "Linux";ok
+- osf ttl loose name "Linux";ok
+- osf ttl skip name "Linux";ok
+- osf ttl skip version "Linux:3.0";ok
+- osf ttl skip version "morethan:sixteenbytes";fail
+- osf ttl nottl name "Linux";fail
+- osf name "morethansixteenbytes";fail
+- osf name ;fail
+- osf name { "Windows", "MacOs" };ok
+- osf version { "Windows:XP", "MacOs:Sierra" };ok
+- ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 };ok
+- ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 };ok
diff --git a/tests/py/inet/socket.t b/tests/py/inet/socket.t
index 91846e8..dbc0554 100644
--- a/tests/py/inet/socket.t
+++ b/tests/py/inet/socket.t
@@ -8,4 +8,4 @@ socket transparent 0;ok
 socket transparent 1;ok
 socket transparent 2;fail
 
-socket mark 0x00000005;ok
+- socket mark 0x00000005;ok
diff --git a/tests/py/inet/synproxy.t b/tests/py/inet/synproxy.t
index 55a05e1..9c58239 100644
--- a/tests/py/inet/synproxy.t
+++ b/tests/py/inet/synproxy.t
@@ -4,10 +4,10 @@
 *ip6;synproxyip6;synproxychain
 *inet;synproxyinet;synproxychain
 
-synproxy;ok
-synproxy mss 1460 wscale 7;ok
-synproxy mss 1460 wscale 5 timestamp sack-perm;ok
-synproxy timestamp sack-perm;ok
-synproxy timestamp;ok
-synproxy sack-perm;ok
+-synproxy;ok
+-synproxy mss 1460 wscale 7;ok
+-synproxy mss 1460 wscale 5 timestamp sack-perm;ok
+-synproxy timestamp sack-perm;ok
+-synproxy timestamp;ok
+-synproxy sack-perm;ok
 
diff --git a/tests/py/ip/objects.t b/tests/py/ip/objects.t
index 4fcde7c..06e94f1 100644
--- a/tests/py/ip/objects.t
+++ b/tests/py/ip/objects.t
@@ -33,26 +33,26 @@ ip saddr 192.168.1.3 limit name "lim1";ok
 ip saddr 192.168.1.3 limit name "lim3";fail
 limit name tcp dport map {443 : "lim1", 80 : "lim2", 22 : "lim1"};ok
 
-# ct timeout
-%cttime1 type ct timeout { protocol tcp; policy = { established:122 } ;};ok
-%cttime2 type ct timeout { protocol udp; policy = { syn_sent:122 } ;};fail
-%cttime3 type ct timeout { protocol tcp; policy = { established:132, close:16, close_wait:16 } ; l3proto ip ;};ok
-%cttime4 type ct timeout { protocol udp; policy = { replied:14, unreplied:19 } ;};ok
-%cttime5 type ct timeout {protocol tcp; policy = { estalbished:100 } ;};fail
-
-ct timeout set "cttime1";ok
-
-# ct expectation
-%ctexpect1 type ct expectation { protocol tcp; dport 1234; timeout 2m; size 12; };ok
-%ctexpect2 type ct expectation { protocol udp; };fail
-%ctexpect3 type ct expectation { protocol tcp; dport 4321; };fail
-%ctexpect4 type ct expectation { protocol tcp; dport 4321; timeout 2m; };fail
-%ctexpect5 type ct expectation { protocol udp; dport 9876; timeout 2m; size 12; l3proto ip; };ok
-
-ct expectation set "ctexpect1";ok
-
-# synproxy
-%synproxy1 type synproxy mss 1460 wscale 7;ok
-%synproxy2 type synproxy mss 1460 wscale 7 timestamp sack-perm;ok
-
-synproxy name tcp dport map {443 : "synproxy1", 80 : "synproxy2"};ok
+# # ct timeout
+# %cttime1 type ct timeout { protocol tcp; policy = { established:122 } ;};ok
+# %cttime2 type ct timeout { protocol udp; policy = { syn_sent:122 } ;};fail
+# %cttime3 type ct timeout { protocol tcp; policy = { established:132, close:16, close_wait:16 } ; l3proto ip ;};ok
+# %cttime4 type ct timeout { protocol udp; policy = { replied:14, unreplied:19 } ;};ok
+# %cttime5 type ct timeout {protocol tcp; policy = { estalbished:100 } ;};fail
+# 
+# ct timeout set "cttime1";ok
+
+# # ct expectation
+# %ctexpect1 type ct expectation { protocol tcp; dport 1234; timeout 2m; size 12; };ok
+# %ctexpect2 type ct expectation { protocol udp; };fail
+# %ctexpect3 type ct expectation { protocol tcp; dport 4321; };fail
+# %ctexpect4 type ct expectation { protocol tcp; dport 4321; timeout 2m; };fail
+# %ctexpect5 type ct expectation { protocol udp; dport 9876; timeout 2m; size 12; l3proto ip; };ok
+# 
+# ct expectation set "ctexpect1";ok
+
+# # synproxy
+# %synproxy1 type synproxy mss 1460 wscale 7;ok
+# %synproxy2 type synproxy mss 1460 wscale 7 timestamp sack-perm;ok
+# 
+# synproxy name tcp dport map {443 : "synproxy1", 80 : "synproxy2"};ok
diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t
index add82eb..cc43aca 100644
--- a/tests/py/ip6/sets.t
+++ b/tests/py/ip6/sets.t
@@ -40,4 +40,4 @@ ip6 saddr != @set33 drop;fail
 !set5 type ipv6_addr . ipv6_addr;ok
 ip6 saddr . ip6 daddr @set5 drop;ok
 add @set5 { ip6 saddr . ip6 daddr };ok
-delete @set5 { ip6 saddr . ip6 daddr };ok
+- delete @set5 { ip6 saddr . ip6 daddr };ok
diff --git a/tests/shell/testcases/flowtable/0002create_flowtable_0 b/tests/shell/testcases/flowtable/0002create_flowtable_0
index 4c85c3f..8b80e34 100755
--- a/tests/shell/testcases/flowtable/0002create_flowtable_0
+++ b/tests/shell/testcases/flowtable/0002create_flowtable_0
@@ -1,12 +1,12 @@
 #!/bin/bash
 
 set -e
-$NFT add table t
-$NFT add flowtable t f { hook ingress priority 10 \; devices = { lo }\; }
-if $NFT create flowtable t f { hook ingress priority 10 \; devices = { lo }\; } 2>/dev/null ; then
+$NFT add table inet t
+$NFT add flowtable inet t f { hook ingress priority 10 \; devices = { lo }\; }
+if $NFT create flowtable inet t f { hook ingress priority 10 \; devices = { lo }\; } 2>/dev/null ; then
 	echo "E: flowtable creation not failing on existing set" >&2
 	exit 1
 fi
-$NFT add flowtable t f { hook ingress priority 10 \; devices = { lo }\; }
+$NFT add flowtable inet t f { hook ingress priority 10 \; devices = { lo }\; }
 
 exit 0
diff --git a/tests/shell/testcases/flowtable/0003add_after_flush_0 b/tests/shell/testcases/flowtable/0003add_after_flush_0
index 481c7ed..b4243bc 100755
--- a/tests/shell/testcases/flowtable/0003add_after_flush_0
+++ b/tests/shell/testcases/flowtable/0003add_after_flush_0
@@ -1,8 +1,8 @@
 #!/bin/bash
 
 set -e
-$NFT add table x
-$NFT add flowtable x y { hook ingress priority 0\; devices = { lo }\;}
+$NFT add table inet x
+$NFT add flowtable inet x y { hook ingress priority 0\; devices = { lo }\;}
 $NFT flush ruleset
-$NFT add table x
-$NFT add flowtable x y { hook ingress priority 0\; devices = { lo }\;}
+$NFT add table inet x
+$NFT add flowtable inet x y { hook ingress priority 0\; devices = { lo }\;}
diff --git a/tests/shell/testcases/flowtable/0004delete_after_add_0 b/tests/shell/testcases/flowtable/0004delete_after_add_0
index 8d9a842..4618595 100755
--- a/tests/shell/testcases/flowtable/0004delete_after_add_0
+++ b/tests/shell/testcases/flowtable/0004delete_after_add_0
@@ -1,6 +1,6 @@
 #!/bin/bash
 
 set -e
-$NFT add table x
-$NFT add flowtable x y { hook ingress priority 0\; devices = { lo }\;}
-$NFT delete flowtable x y
+$NFT add table inet x
+$NFT add flowtable inet x y { hook ingress priority 0\; devices = { lo }\;}
+$NFT delete flowtable inet x y
diff --git a/tests/shell/testcases/flowtable/0005delete_in_use_1 b/tests/shell/testcases/flowtable/0005delete_in_use_1
index ef52620..eda1fb9 100755
--- a/tests/shell/testcases/flowtable/0005delete_in_use_1
+++ b/tests/shell/testcases/flowtable/0005delete_in_use_1
@@ -1,11 +1,11 @@
 #!/bin/bash
 
 set -e
-$NFT add table x
-$NFT add chain x x
-$NFT add flowtable x y { hook ingress priority 0\; devices = { lo }\;}
-$NFT add rule x x flow add @y
+$NFT add table inet x
+$NFT add chain inet x x
+$NFT add flowtable inet x y { hook ingress priority 0\; devices = { lo }\;}
+$NFT add rule inet x x flow add @y
 
-$NFT delete flowtable x y || exit 0
+$NFT delete flowtable inet x y || exit 0
 echo "E: delete flowtable in use"
 exit 1
diff --git a/tests/shell/testcases/flowtable/0007prio_0 b/tests/shell/testcases/flowtable/0007prio_0
index 49bbcac..0ea262f 100755
--- a/tests/shell/testcases/flowtable/0007prio_0
+++ b/tests/shell/testcases/flowtable/0007prio_0
@@ -15,10 +15,10 @@ format_offset () {
 	fi
 }
 
-$NFT add table t
+$NFT add table inet t
 for offset in -11 -10 0 10 11
 do
-	$NFT add flowtable t f "{ hook ingress priority filter `format_offset $offset`; devices = { lo }; }"
-	$NFT delete flowtable t f
+	$NFT add flowtable inet t f "{ hook ingress priority filter `format_offset $offset`; devices = { lo }; }"
+	$NFT delete flowtable inet t f
 done
 
diff --git a/tests/shell/testcases/flowtable/0008prio_1 b/tests/shell/testcases/flowtable/0008prio_1
index 48953d7..0d8cdff 100755
--- a/tests/shell/testcases/flowtable/0008prio_1
+++ b/tests/shell/testcases/flowtable/0008prio_1
@@ -1,9 +1,9 @@
 #!/bin/bash
 
-$NFT add table t
+$NFT add table inet t
 for prioname in raw mangle dstnar security srcnat out dummy
 do
-	$NFT add flowtable t f { hook ingress priority $prioname \; devices = { lo }\; }
+	$NFT add flowtable inet t f { hook ingress priority $prioname \; devices = { lo }\; }
 	if (($? == 0))
 	then
 		echo "E: $prioname should not be a valid priority name for flowtables" >&2
diff --git a/tests/shell/testcases/flowtable/0009deleteafterflush_0 b/tests/shell/testcases/flowtable/0009deleteafterflush_0
index 2cda563..061e22e 100755
--- a/tests/shell/testcases/flowtable/0009deleteafterflush_0
+++ b/tests/shell/testcases/flowtable/0009deleteafterflush_0
@@ -1,9 +1,9 @@
 #!/bin/bash
 
 set -e
-$NFT add table x
-$NFT add chain x y
-$NFT add flowtable x f { hook ingress priority 0\; devices = { lo }\;}
-$NFT add rule x y flow add @f
-$NFT flush chain x y
-$NFT delete flowtable x f
+$NFT add table inet x
+$NFT add chain inet x y
+$NFT add flowtable inet x f { hook ingress priority 0\; devices = { lo }\;}
+$NFT add rule inet x y flow add @f
+$NFT flush chain inet x y
+$NFT delete flowtable inet x f
diff --git a/tests/shell/testcases/listing/0013objects_0 b/tests/shell/testcases/listing/0013objects_0
index 4d39143..130d02c 100755
--- a/tests/shell/testcases/listing/0013objects_0
+++ b/tests/shell/testcases/listing/0013objects_0
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+exit 0
+
 # list table with all objects and chains
 
 EXPECTED="table ip test {
diff --git a/tests/shell/testcases/nft-f/0017ct_timeout_obj_0 b/tests/shell/testcases/nft-f/0017ct_timeout_obj_0
index 4f40779..e0f9e44 100755
--- a/tests/shell/testcases/nft-f/0017ct_timeout_obj_0
+++ b/tests/shell/testcases/nft-f/0017ct_timeout_obj_0
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+exit 0
+
 EXPECTED='table ip filter {
 	ct timeout cttime{
 		protocol tcp
diff --git a/tests/shell/testcases/nft-f/0018ct_expectation_obj_0 b/tests/shell/testcases/nft-f/0018ct_expectation_obj_0
index 4f9872f..f518cf7 100755
--- a/tests/shell/testcases/nft-f/0018ct_expectation_obj_0
+++ b/tests/shell/testcases/nft-f/0018ct_expectation_obj_0
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+exit 0
+
 EXPECTED='table ip filter {
 	ct expectation ctexpect{
 		protocol tcp
diff --git a/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft b/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft
deleted file mode 100644
index 7cff1ed..0000000
--- a/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft
+++ /dev/null
@@ -1,11 +0,0 @@
-table ip filter {
-	ct timeout cttime {
-		protocol tcp
-		l3proto ip
-		policy = { established : 123, close : 12 }
-	}
-
-	chain c {
-		ct timeout set "cttime"
-	}
-}
diff --git a/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled b/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled
new file mode 100644
index 0000000..7cff1ed
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled
@@ -0,0 +1,11 @@
+table ip filter {
+	ct timeout cttime {
+		protocol tcp
+		l3proto ip
+		policy = { established : 123, close : 12 }
+	}
+
+	chain c {
+		ct timeout set "cttime"
+	}
+}
diff --git a/tests/shell/testcases/optionals/update_object_handles_0 b/tests/shell/testcases/optionals/update_object_handles_0
index 8b12b8c..e11b4e7 100755
--- a/tests/shell/testcases/optionals/update_object_handles_0
+++ b/tests/shell/testcases/optionals/update_object_handles_0
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+exit 0
+
 set -e
 $NFT add table test-ip
 $NFT add counter test-ip traffic-counter
diff --git a/tests/shell/testcases/sets/0036add_set_element_expiration_0 b/tests/shell/testcases/sets/0036add_set_element_expiration_0
index 51ed0f2..043bb8f 100755
--- a/tests/shell/testcases/sets/0036add_set_element_expiration_0
+++ b/tests/shell/testcases/sets/0036add_set_element_expiration_0
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+exit 0
+
 set -e
 
 RULESET="add table ip x
diff --git a/tests/shell/testcases/transactions/0046set_0 b/tests/shell/testcases/transactions/0046set_0
index 172e24d..1b24964 100755
--- a/tests/shell/testcases/transactions/0046set_0
+++ b/tests/shell/testcases/transactions/0046set_0
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+exit 0
+
 RULESET='add table ip filter
 add chain ip filter group_7933
 add map ip filter group_7933 { type ipv4_addr : classid; flags interval; }
-- 
1.8.3.1

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation