selftests: nft_nat: Simplify port shadow notrack test

The second rule in prerouting chain was probably a leftover: The router listens on veth0, so not tracking connections via that interface is sufficient. Likewise, the rule in output chain can be limited to that interface as well. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2021-11-03 19:53:43 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-11-08 11:26:57 +0100
commit: 85c0c8b342e89761554eed3f572ee55c0e5c6536 (patch)
tree: e3bcb99e35989f48522df42877881a4d7cca91d5 /tools/testing
parent: e1f8bc06e49794ebecc0f276429a7ab9f105ac06 (diff)
download: linux-85c0c8b342e89761554eed3f572ee55c0e5c6536.tar.bz2
1 files changed, 1 insertions, 2 deletions
diff --git a/tools/testing/selftests/netfilter/nft_nat.sh b/tools/testing/selftests/netfilter/nft_nat.sh
index 905c033db74d..c62e4e26252c 100755
--- a/tools/testing/selftests/netfilter/nft_nat.sh
+++ b/tools/testing/selftests/netfilter/nft_nat.sh
@@ -818,11 +818,10 @@ table $family raw {
 	chain prerouting {
 		type filter hook prerouting priority -300; policy accept;
 		meta iif veth0 udp dport 1405 notrack
-		udp dport 1405 notrack
 	}
 	chain output {
 		type filter hook output priority -300; policy accept;
-		udp sport 1405 notrack
+		meta oif veth0 udp sport 1405 notrack
 	}
 }
 EOF
author	Phil Sutter <phil@nwl.cc>	2021-11-03 19:53:43 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-11-08 11:26:57 +0100
commit	85c0c8b342e89761554eed3f572ee55c0e5c6536 (patch)
tree	e3bcb99e35989f48522df42877881a4d7cca91d5 /tools/testing
parent	e1f8bc06e49794ebecc0f276429a7ab9f105ac06 (diff)
download	linux-85c0c8b342e89761554eed3f572ee55c0e5c6536.tar.bz2