@@ -4,6 +4,27 @@
set -e
+echo "loading ruleset with anonymous set"
+$NFT -f - <<EOF
+table t {
+ chain dns-nat-pre {
+ type nat hook prerouting priority filter; policy accept;
+ meta l4proto { tcp, udp } th dport 53 ip saddr 10.24.0.0/24 ip daddr != 10.25.0.1 counter packets 1000 bytes 1000 dnat to 10.25.0.1
+ }
+}
+EOF
+
+echo "resetting ruleset with anonymous set"
+$NFT reset rules
+EXPECT='table ip t {
+ chain dns-nat-pre {
+ type nat hook prerouting priority filter; policy accept;
+ meta l4proto { tcp, udp } th dport 53 ip saddr 10.24.0.0/24 ip daddr != 10.25.0.1 counter packets 0 bytes 0 dnat to 10.25.0.1
+ }
+}'
+$DIFF -u <(echo "$EXPECT") <($NFT list ruleset)
+$NFT flush ruleset
+
echo "loading ruleset"
$NFT -f - <<EOF
table ip t {
Extend existing test to reset counters for rules with anonymous set. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1763 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- .../testcases/rule_management/0011reset_0 | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+)