Since packets traverse both tables, the accept rule in the first one is
ineffective due to the second table's drop policy. To prevent lockouts
when running the testsuite via SSH connection, set the second chain's
policy to accept as well.
Fixes: 337c7e0de3d9d ("tests: shell: make sure split table definition works via
nft -f")
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
tests/shell/testcases/nft-f/0008split_tables_0 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/shell/testcases/nft-f/0008split_tables_0
b/tests/shell/testcases/nft-f/0008split_tables_0
index 2bc6e46c852a6..dd03545b172ac 100755
--- a/tests/shell/testcases/nft-f/0008split_tables_0
+++ b/tests/shell/testcases/nft-f/0008split_tables_0
@@ -19,7 +19,7 @@ RULESET="table inet filter {
table inet filter {
chain input {
- type filter hook input priority 1; policy drop;
+ type filter hook input priority 1; policy accept;
}
}"
@@ -37,7 +37,7 @@ EXPECTED="table inet filter {
}
chain input {
- type filter hook input priority 1; policy drop;
+ type filter hook input priority 1; policy accept;
}
}"
--
2.13.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
