Align expected output with the current implementation.
Fixes: a540f6d ("fw4: fix cosmetic issue with per-ruleset and per-table include paths")
Fixes: 145e159 ("fw4: recognize `option log` and `option counter` in `config nat` sections")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
[!] Section @defaults[0] specifies unknown option 'unknown_defaults_option'
[!] Section @rule[9] (Test-Deprecated-Rule-Option) option '_name' is deprecated by fw4
[!] Section @rule[9] (Test-Deprecated-Rule-Option) specifies unknown option 'unknown_rule_option'
-[call] fs.glob pattern </usr/share/nftables.d/ruleset-pre//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/ruleset-post//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/table-pre//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/table-post//*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/ruleset-pre/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/ruleset-post/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/table-pre/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/table-post/*.nft>
[call] fs.lsdir path </usr/share/nftables.d/chain-pre>
[call] fs.lsdir path </usr/share/nftables.d/chain-post>
[call] ctx.call object <network.device> method <status> args <null>
[call] ctx.call object <network.interface> method <dump> args <null>
[call] ctx.call object <service> method <get_data> args <{ "type": "firewall" }>
[call] fs.open path </proc/version> mode <r>
-[call] fs.glob pattern </usr/share/nftables.d/ruleset-pre//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/ruleset-post//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/table-pre//*.nft>
-[call] fs.glob pattern </usr/share/nftables.d/table-post//*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/ruleset-pre/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/ruleset-post/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/table-pre/*.nft>
+[call] fs.glob pattern </usr/share/nftables.d/table-post/*.nft>
[call] fs.lsdir path </usr/share/nftables.d/chain-pre>
[call] fs.lsdir path </usr/share/nftables.d/chain-post>
[call] fs.popen cmdline </usr/sbin/nft --terse --json list flowtables inet> mode <r>
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
- meta nfproto ipv4 masquerade comment "!fw4: NAT #3"
- ip6 saddr fc00::/7 masquerade comment "!fw4: NAT #4"
- masquerade comment "!fw4: NAT #6"
+ meta nfproto ipv4 counter masquerade comment "!fw4: NAT #3"
+ ip6 saddr fc00::/7 counter masquerade comment "!fw4: NAT #4"
+ counter masquerade comment "!fw4: NAT #6"
meta nfproto ipv4 ip daddr 192.168.1.0/24 jump srcnat_ipv4only comment "!fw4: Handle ipv4only IPv4 srcnat traffic"
}
}
chain srcnat_ipv4only {
- meta nfproto ipv4 masquerade comment "!fw4: NAT #5"
+ meta nfproto ipv4 counter masquerade comment "!fw4: NAT #5"
}