This is borrowed from one of firewalld's test cases.
Signed-off-by: Eric Garver <[email protected]>
---
tests/shell/testcases/transactions/0049huge_0 | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/tests/shell/testcases/transactions/0049huge_0
b/tests/shell/testcases/transactions/0049huge_0
index f029ee3c54d7..684d27a17b5a 100755
--- a/tests/shell/testcases/transactions/0049huge_0
+++ b/tests/shell/testcases/transactions/0049huge_0
@@ -29,3 +29,13 @@ done
echo ']}'
)
test $($NFT -j -e -a -f - <<< "$RULESET" |sed 's/\({"add":\)/\n\1/g' |grep
'"handle"' |wc -l) -eq ${RULE_COUNT} || exit 1
+
+# Now an example from firewalld's testsuite
+#
+$NFT flush ruleset
+
+RULESET='{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add":
{"table": {"family": "inet", "name": "firewalld"}}}, {"add": {"table":
{"family": "ip", "name": "firewalld"}}}, {"add": {"table": {"family": "ip6",
"name": "firewalld"}}},
+{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"raw_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -290}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"raw_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PREROUTING", "expr": [{"jump": {"target":
"raw_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "mangle_PREROUTING", "type": "filter", "hook":
"prerouting", "prio": -140}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "mangle_PREROUTING_ZONES"}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump":
{"target": "mangle_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook":
"prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump":
{"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook":
"postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook":
"prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump":
{"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook":
"postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_INPUT", "type": "filter", "hook":
"input", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FORWARD", "type": "filter", "hook": "forward",
"prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld",
"name": "filter_OUTPUT", "type": "filter", "hook": "output", "prio": 10}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_INPUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct":
{"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}},
{"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "status"}},
"op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr":
[{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}},
{"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_INPUT", "expr": [{"jump": {"target":
"filter_INPUT_ZONES"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct":
{"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop":
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_INPUT", "expr": [{"reject": {"type": "icmpx", "expr":
"admin-prohibited"}}]}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FORWARD_IN_ZONES"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FORWARD_OUT_ZONES"}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD",
"expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right":
{"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr":
[{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}},
{"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_FORWARD", "expr": [{"match": {"left": {"meta": {"key":
"iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD",
"expr": [{"jump": {"target": "filter_FORWARD_IN_ZONES"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr":
[{"jump": {"target": "filter_FORWARD_OUT_ZONES"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr":
[{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set":
["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FORWARD", "expr": [{"reject": {"type":
"icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"match": {"left":
{"meta": {"key": "oifname"}}, "op": "==", "right": "lo"}}, {"accept":
null}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld",
"chain": "raw_PREROUTING", "expr": [{"match": {"left": {"meta": {"key":
"nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib":
{"flags": ["saddr", "iif"], "result": "oif"}}, "op": "==", "right": false}},
{"drop": null}]}}}, {"insert": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"payload":
{"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": {"set":
["nd-router-advert", "nd-neighbor-solicit"]}}}, {"accept": null}]}}},
+{"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_OUTPUT", "index": 0, "expr": [{"match": {"left": {"payload":
{"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set":
[{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr":
"::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}},
{"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr":
"2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}},
{"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr":
"2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}},
{"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD",
"index": 2, "expr": [{"match": {"left": {"payload": {"protocol": "ip6",
"field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr":
"::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}},
{"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr":
"2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}},
{"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr":
"2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}},
{"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type":
"icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "raw_PRE_public"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name": "raw_PRE_public_pre"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"raw_PRE_public_log"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "raw_PRE_public_deny"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "raw_PRE_public_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"raw_PRE_public_post"}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PRE_public", "expr": [{"jump": {"target":
"raw_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PRE_public", "expr": [{"jump": {"target":
"raw_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PRE_public", "expr": [{"jump": {"target":
"raw_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PRE_public", "expr": [{"jump": {"target":
"raw_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PRE_public", "expr": [{"jump": {"target":
"raw_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_IN_public"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_IN_public_pre"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_IN_public_log"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_IN_public_deny"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_IN_public_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_IN_public_post"}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target":
"filter_IN_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target":
"filter_IN_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target":
"filter_IN_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target":
"filter_IN_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target":
"filter_IN_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left":
{"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}},
{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set":
["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr":
[{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op":
"==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left":
{"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}},
{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set":
["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDI_public"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDI_public_pre"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FWDI_public_log"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDI_public_deny"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDI_public_allow"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FWDI_public_post"}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump":
{"target": "filter_FWDI_public_pre"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump":
{"target": "filter_FWDI_public_log"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump":
{"target": "filter_FWDI_public_deny"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump":
{"target": "filter_FWDI_public_allow"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump":
{"target": "filter_FWDI_public_post"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_IN_public", "index": 4, "expr":
[{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set":
["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FWDI_public", "index": 4,
"expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right":
{"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING_ZONES",
"expr": [{"goto": {"target": "raw_PRE_public"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name": "mangle_PRE_public"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_public_pre"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "mangle_PRE_public_log"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "mangle_PRE_public_deny"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_public_allow"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "mangle_PRE_public_post"}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump":
{"target": "mangle_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump":
{"target": "mangle_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump":
{"target": "mangle_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump":
{"target": "mangle_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump":
{"target": "mangle_PRE_public_post"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"goto":
{"target": "mangle_PRE_public"}}]}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add":
{"chain": {"family": "ip", "table": "firewalld", "name":
"nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr":
[{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump":
{"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_log"}}},
{"add": {"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family":
"ip6", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr":
[{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump":
{"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_post"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target":
"nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target":
"nat_PRE_public"}}]}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name": "nat_POST_public_log"}}},
{"add": {"chain": {"family": "ip", "table": "firewalld", "name":
"nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr":
[{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump":
{"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target":
"nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target":
"nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target":
"nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name": "nat_POST_public_log"}}},
{"add": {"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family":
"ip6", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add":
{"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public",
"expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr":
[{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump":
{"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target":
"nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target":
"nat_POST_public_post"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target":
"nat_POST_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target":
"nat_POST_public"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"goto": {"target":
"filter_IN_public"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"goto": {"target":
"filter_FWDI_public"}}]}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FWDO_public"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDO_public_pre"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDO_public_log"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FWDO_public_deny"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDO_public_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDO_public_post"}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target":
"filter_FWDO_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target":
"filter_FWDO_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target":
"filter_FWDO_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target":
"filter_FWDO_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target":
"filter_FWDO_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"goto": {"target":
"filter_FWDO_public"}}]}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "raw_PRE_trusted"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "raw_PRE_trusted_pre"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name": "raw_PRE_trusted_log"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"raw_PRE_trusted_deny"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "raw_PRE_trusted_allow"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "raw_PRE_trusted_post"}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted",
"expr": [{"jump": {"target": "raw_PRE_trusted_pre"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "raw_PRE_trusted", "expr":
[{"jump": {"target": "raw_PRE_trusted_log"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "raw_PRE_trusted", "expr": [{"jump":
{"target": "raw_PRE_trusted_deny"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "raw_PRE_trusted", "expr": [{"jump": {"target":
"raw_PRE_trusted_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PRE_trusted", "expr": [{"jump": {"target":
"raw_PRE_trusted_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PREROUTING_ZONES", "expr": [{"match": {"left":
{"meta": {"key": "iifname"}}, "op": "==", "right": "perm_dummy2"}}, {"goto":
{"target": "raw_PRE_trusted"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "mangle_PRE_trusted"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name": "mangle_PRE_trusted_pre"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_trusted_log"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "mangle_PRE_trusted_deny"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "mangle_PRE_trusted_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_trusted_post"}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "mangle_PRE_trusted", "expr": [{"jump": {"target":
"mangle_PRE_trusted_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "mangle_PRE_trusted", "expr": [{"jump": {"target":
"mangle_PRE_trusted_log"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "mangle_PRE_trusted", "expr": [{"jump": {"target":
"mangle_PRE_trusted_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "mangle_PRE_trusted", "expr": [{"jump": {"target":
"mangle_PRE_trusted_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "mangle_PRE_trusted", "expr": [{"jump": {"target":
"mangle_PRE_trusted_post"}}]}}}, {"insert": {"rule": {"family": "inet",
"table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"match":
{"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "perm_dummy2"}},
{"goto": {"target": "mangle_PRE_trusted"}}]}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PRE_trusted"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name": "nat_PRE_trusted_pre"}}},
{"add": {"chain": {"family": "ip", "table": "firewalld", "name":
"nat_PRE_trusted_log"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_trusted_deny"}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PRE_trusted_allow"}}}, {"add":
{"chain": {"family": "ip", "table": "firewalld", "name":
"nat_PRE_trusted_post"}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_trusted", "expr": [{"jump": {"target":
"nat_PRE_trusted_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_trusted", "expr": [{"jump": {"target":
"nat_PRE_trusted_log"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_trusted", "expr": [{"jump": {"target":
"nat_PRE_trusted_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_trusted", "expr": [{"jump": {"target":
"nat_PRE_trusted_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_trusted", "expr": [{"jump": {"target":
"nat_PRE_trusted_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_PRE_trusted"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_PRE_trusted_pre"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name": "nat_PRE_trusted_log"}}},
{"add": {"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_PRE_trusted_deny"}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_PRE_trusted_allow"}}}, {"add": {"chain": {"family":
"ip6", "table": "firewalld", "name": "nat_PRE_trusted_post"}}}, {"add":
{"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted",
"expr": [{"jump": {"target": "nat_PRE_trusted_pre"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "expr":
[{"jump": {"target": "nat_PRE_trusted_log"}}]}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_PRE_trusted", "expr": [{"jump":
{"target": "nat_PRE_trusted_deny"}}]}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PRE_trusted", "expr": [{"jump": {"target":
"nat_PRE_trusted_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_PRE_trusted", "expr": [{"jump": {"target":
"nat_PRE_trusted_post"}}]}}}, {"insert": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left":
{"meta": {"key": "iifname"}}, "op": "==", "right": "perm_dummy2"}}, {"goto":
{"target": "nat_PRE_trusted"}}]}}}, {"insert": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match":
{"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "perm_dummy2"}},
{"goto": {"target": "nat_PRE_trusted"}}]}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_POST_trusted"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name": "nat_POST_trusted_pre"}}},
{"add": {"chain": {"family": "ip", "table": "firewalld", "name":
"nat_POST_trusted_log"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_POST_trusted_deny"}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_POST_trusted_allow"}}}, {"add":
{"chain": {"family": "ip", "table": "firewalld", "name":
"nat_POST_trusted_post"}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POST_trusted", "expr": [{"jump": {"target":
"nat_POST_trusted_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POST_trusted", "expr": [{"jump": {"target":
"nat_POST_trusted_log"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POST_trusted", "expr": [{"jump": {"target":
"nat_POST_trusted_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POST_trusted", "expr": [{"jump": {"target":
"nat_POST_trusted_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POST_trusted", "expr": [{"jump": {"target":
"nat_POST_trusted_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_POST_trusted"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_POST_trusted_pre"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name": "nat_POST_trusted_log"}}},
{"add": {"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_POST_trusted_deny"}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_POST_trusted_allow"}}}, {"add": {"chain": {"family":
"ip6", "table": "firewalld", "name": "nat_POST_trusted_post"}}}, {"add":
{"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted",
"expr": [{"jump": {"target": "nat_POST_trusted_pre"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain": "nat_POST_trusted", "expr":
[{"jump": {"target": "nat_POST_trusted_log"}}]}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_POST_trusted", "expr": [{"jump":
{"target": "nat_POST_trusted_deny"}}]}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POST_trusted", "expr": [{"jump": {"target":
"nat_POST_trusted_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_POST_trusted", "expr": [{"jump": {"target":
"nat_POST_trusted_post"}}]}}}, {"insert": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left":
{"meta": {"key": "oifname"}}, "op": "==", "right": "perm_dummy2"}}, {"goto":
{"target": "nat_POST_trusted"}}]}}}, {"insert": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match":
{"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "perm_dummy2"}},
{"goto": {"target": "nat_POST_trusted"}}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_IN_trusted"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name": "filter_IN_trusted_pre"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_IN_trusted_log"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_IN_trusted_deny"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_IN_trusted_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_IN_trusted_post"}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_trusted", "expr": [{"jump": {"target":
"filter_IN_trusted_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_trusted", "expr": [{"jump": {"target":
"filter_IN_trusted_log"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_trusted", "expr": [{"jump": {"target":
"filter_IN_trusted_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_trusted", "expr": [{"jump": {"target":
"filter_IN_trusted_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_trusted", "expr": [{"jump": {"target":
"filter_IN_trusted_post"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_trusted", "expr": [{"accept": null}]}}},
{"insert": {"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_INPUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}},
"op": "==", "right": "perm_dummy2"}}, {"goto": {"target":
"filter_IN_trusted"}}]}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FWDI_trusted"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDI_trusted_pre"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDI_trusted_log"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FWDI_trusted_deny"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_FWDI_trusted_allow"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FWDI_trusted_post"}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "expr": [{"jump":
{"target": "filter_FWDI_trusted_pre"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_trusted", "expr": [{"jump":
{"target": "filter_FWDI_trusted_log"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_trusted", "expr": [{"jump":
{"target": "filter_FWDI_trusted_deny"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "expr": [{"jump":
{"target": "filter_FWDI_trusted_allow"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "expr": [{"jump":
{"target": "filter_FWDI_trusted_post"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FWDI_trusted", "expr":
[{"accept": null}]}}}, {"insert": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"match": {"left":
{"meta": {"key": "iifname"}}, "op": "==", "right": "perm_dummy2"}}, {"goto":
{"target": "filter_FWDI_trusted"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_FWDO_trusted"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name": "filter_FWDO_trusted_pre"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDO_trusted_log"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FWDO_trusted_deny"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_FWDO_trusted_allow"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FWDO_trusted_post"}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "expr": [{"jump":
{"target": "filter_FWDO_trusted_pre"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDO_trusted", "expr": [{"jump":
{"target": "filter_FWDO_trusted_log"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDO_trusted", "expr": [{"jump":
{"target": "filter_FWDO_trusted_deny"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "expr": [{"jump":
{"target": "filter_FWDO_trusted_allow"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "expr": [{"jump":
{"target": "filter_FWDO_trusted_post"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FWDO_trusted", "expr":
[{"accept": null}]}}}, {"insert": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"match": {"left":
{"meta": {"key": "oifname"}}, "op": "==", "right": "perm_dummy2"}}, {"goto":
{"target": "filter_FWDO_trusted"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "raw_PRE_work"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "raw_PRE_work_pre"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name": "raw_PRE_work_log"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"raw_PRE_work_deny"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "raw_PRE_work_allow"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "raw_PRE_work_post"}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "raw_PRE_work", "expr":
[{"jump": {"target": "raw_PRE_work_pre"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "raw_PRE_work", "expr": [{"jump":
{"target": "raw_PRE_work_log"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "raw_PRE_work", "expr": [{"jump": {"target":
"raw_PRE_work_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PRE_work", "expr": [{"jump": {"target":
"raw_PRE_work_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PRE_work", "expr": [{"jump": {"target":
"raw_PRE_work_post"}}]}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_IN_work"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_IN_work_pre"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name": "filter_IN_work_log"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_IN_work_deny"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_IN_work_allow"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_IN_work_post"}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_work",
"expr": [{"jump": {"target": "filter_IN_work_pre"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "filter_IN_work", "expr":
[{"jump": {"target": "filter_IN_work_log"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_IN_work", "expr": [{"jump":
{"target": "filter_IN_work_deny"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_IN_work", "expr": [{"jump": {"target":
"filter_IN_work_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_work", "expr": [{"jump": {"target":
"filter_IN_work_post"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_IN_work_allow", "expr": [{"match": {"left":
{"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}},
{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set":
["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_IN_work_allow", "expr":
[{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op":
"==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left":
{"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}},
{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set":
["new", "untracked"]}}}, {"accept": null}]}}}, {"insert": {"rule": {"family":
"inet", "table": "firewalld", "chain": "raw_PREROUTING_ZONES", "expr":
[{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right":
"perm_dummy"}}, {"goto": {"target": "raw_PRE_work"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name": "mangle_PRE_work"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_work_pre"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "mangle_PRE_work_log"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "mangle_PRE_work_deny"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_work_allow"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "mangle_PRE_work_post"}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "mangle_PRE_work", "expr": [{"jump":
{"target": "mangle_PRE_work_pre"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "mangle_PRE_work", "expr": [{"jump": {"target":
"mangle_PRE_work_log"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "mangle_PRE_work", "expr": [{"jump": {"target":
"mangle_PRE_work_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "mangle_PRE_work", "expr": [{"jump": {"target":
"mangle_PRE_work_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "mangle_PRE_work", "expr": [{"jump": {"target":
"mangle_PRE_work_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table":
"firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"match": {"left":
{"meta": {"key": "iifname"}}, "op": "==", "right": "perm_dummy"}}, {"goto":
{"target": "mangle_PRE_work"}}]}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_work"}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_PRE_work_pre"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name": "nat_PRE_work_log"}}}, {"add":
{"chain": {"family": "ip", "table": "firewalld", "name":
"nat_PRE_work_deny"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_work_allow"}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PRE_work_post"}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain": "nat_PRE_work", "expr":
[{"jump": {"target": "nat_PRE_work_pre"}}]}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_PRE_work", "expr": [{"jump":
{"target": "nat_PRE_work_log"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_work", "expr": [{"jump": {"target":
"nat_PRE_work_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_work", "expr": [{"jump": {"target":
"nat_PRE_work_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_work", "expr": [{"jump": {"target":
"nat_PRE_work_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_PRE_work"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_PRE_work_pre"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name": "nat_PRE_work_log"}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_PRE_work_deny"}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_PRE_work_allow"}}}, {"add": {"chain": {"family":
"ip6", "table": "firewalld", "name": "nat_PRE_work_post"}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain": "nat_PRE_work", "expr":
[{"jump": {"target": "nat_PRE_work_pre"}}]}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_PRE_work", "expr": [{"jump":
{"target": "nat_PRE_work_log"}}]}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PRE_work", "expr": [{"jump": {"target":
"nat_PRE_work_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_PRE_work", "expr": [{"jump": {"target":
"nat_PRE_work_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_PRE_work", "expr": [{"jump": {"target":
"nat_PRE_work_post"}}]}}}, {"insert": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left":
{"meta": {"key": "iifname"}}, "op": "==", "right": "perm_dummy"}}, {"goto":
{"target": "nat_PRE_work"}}]}}}, {"insert": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left":
{"meta": {"key": "iifname"}}, "op": "==", "right": "perm_dummy"}}, {"goto":
{"target": "nat_PRE_work"}}]}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_POST_work"}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_POST_work_pre"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name": "nat_POST_work_log"}}}, {"add":
{"chain": {"family": "ip", "table": "firewalld", "name":
"nat_POST_work_deny"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_POST_work_allow"}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_POST_work_post"}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain": "nat_POST_work", "expr":
[{"jump": {"target": "nat_POST_work_pre"}}]}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_POST_work", "expr": [{"jump":
{"target": "nat_POST_work_log"}}]}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POST_work", "expr": [{"jump": {"target":
"nat_POST_work_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POST_work", "expr": [{"jump": {"target":
"nat_POST_work_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POST_work", "expr": [{"jump": {"target":
"nat_POST_work_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_POST_work"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_POST_work_pre"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name": "nat_POST_work_log"}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_POST_work_deny"}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_POST_work_allow"}}}, {"add": {"chain": {"family":
"ip6", "table": "firewalld", "name": "nat_POST_work_post"}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain": "nat_POST_work", "expr":
[{"jump": {"target": "nat_POST_work_pre"}}]}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_POST_work", "expr": [{"jump":
{"target": "nat_POST_work_log"}}]}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POST_work", "expr": [{"jump": {"target":
"nat_POST_work_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_POST_work", "expr": [{"jump": {"target":
"nat_POST_work_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_POST_work", "expr": [{"jump": {"target":
"nat_POST_work_post"}}]}}}, {"insert": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left":
{"meta": {"key": "oifname"}}, "op": "==", "right": "perm_dummy"}}, {"goto":
{"target": "nat_POST_work"}}]}}}, {"insert": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match":
{"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "perm_dummy"}},
{"goto": {"target": "nat_POST_work"}}]}}}, {"insert": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match":
{"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "perm_dummy"}},
{"goto": {"target": "filter_IN_work"}}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDI_work"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name": "filter_FWDI_work_pre"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDI_work_log"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FWDI_work_deny"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDI_work_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDI_work_post"}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDI_work", "expr": [{"jump": {"target":
"filter_FWDI_work_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDI_work", "expr": [{"jump": {"target":
"filter_FWDI_work_log"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDI_work", "expr": [{"jump": {"target":
"filter_FWDI_work_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDI_work", "expr": [{"jump": {"target":
"filter_FWDI_work_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDI_work", "expr": [{"jump": {"target":
"filter_FWDI_work_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"match": {"left":
{"meta": {"key": "iifname"}}, "op": "==", "right": "perm_dummy"}}, {"goto":
{"target": "filter_FWDI_work"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_FWDO_work"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name": "filter_FWDO_work_pre"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDO_work_log"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_FWDO_work_deny"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDO_work_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDO_work_post"}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDO_work", "expr": [{"jump": {"target":
"filter_FWDO_work_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDO_work", "expr": [{"jump": {"target":
"filter_FWDO_work_log"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDO_work", "expr": [{"jump": {"target":
"filter_FWDO_work_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDO_work", "expr": [{"jump": {"target":
"filter_FWDO_work_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FWDO_work", "expr": [{"jump": {"target":
"filter_FWDO_work_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"match": {"left":
{"meta": {"key": "oifname"}}, "op": "==", "right": "perm_dummy"}}, {"goto":
{"target": "filter_FWDO_work"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_IN_work", "index": 4, "expr": [{"match":
{"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp",
"icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_work", "index": 4, "expr":
[{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set":
["icmp", "icmpv6"]}}}, {"accept": null}]}}}]}'
+
+test -z "$($NFT -j -e -a -f - <<< "$RULESET" |sed
's/\({"add":\|{"insert":\)/\n\1/g' |grep '\({"add":\|{"insert":\)' | grep -v
'"handle"')"
--
2.20.1
