[PATCH 2/8] util/tests: enable locking on iptables/ebtables commandlines in unit tests
Laine Stump
laine at redhat.com
Tue Nov 24 03:29:58 UTC 2020
All the unit tests that use iptables/ip6tables/ebtables have been
written to omit the locking/exclusive use primitive on the generated
commandlines. Even though none of the tests actually execute those
commands (and so it doesn't matter for purposes of the test whether or
not the commands support these options), it still made sense when some
systems had these locking options and some didn't.
We are now at a point where every supported Linux distro has supported
the locking options on these commands for quite a long time, and are
going to make their use non-optional. As a first step, this patch uses
the virFirewallSetLockOverride() function, which is called at the
beginning of all firewall-related tests, to set all the bools
controlling whether or not the locking options are used to true. This
means that all the test cases must be updated to include the proper
locking option in their commandlines.
The change to make actual execs of the commands unconditionally use
the locking option will be in an upcoming patch - this one affects
only the unit tests.
Signed-off-by: Laine Stump <laine at redhat.com>
---
src/util/virfirewall.c | 6 +
tests/networkxml2firewalldata/base.args | 34 ++
.../nat-default-linux.args | 19 +
.../nat-ipv6-linux.args | 30 ++
.../nat-ipv6-masquerade-linux.args | 34 ++
.../nat-many-ips-linux.args | 33 ++
.../nat-no-dhcp-linux.args | 29 ++
.../nat-tftp-linux.args | 21 +
.../route-default-linux.args | 14 +
tests/nwfilterebiptablestest.c | 464 +++++++++---------
.../ah-ipv6-linux.args | 9 +
tests/nwfilterxml2firewalldata/ah-linux.args | 9 +
.../all-ipv6-linux.args | 9 +
tests/nwfilterxml2firewalldata/all-linux.args | 9 +
tests/nwfilterxml2firewalldata/arp-linux.args | 5 +
.../comment-linux.args | 19 +
.../conntrack-linux.args | 7 +
.../esp-ipv6-linux.args | 9 +
tests/nwfilterxml2firewalldata/esp-linux.args | 9 +
.../example-1-linux.args | 12 +
.../example-2-linux.args | 10 +
.../hex-data-linux.args | 10 +
.../icmp-direction-linux.args | 6 +
.../icmp-direction2-linux.args | 6 +
.../icmp-direction3-linux.args | 6 +
.../nwfilterxml2firewalldata/icmp-linux.args | 3 +
.../icmpv6-linux.args | 4 +
.../nwfilterxml2firewalldata/igmp-linux.args | 9 +
tests/nwfilterxml2firewalldata/ip-linux.args | 3 +
.../nwfilterxml2firewalldata/ipset-linux.args | 18 +
.../ipt-no-macspoof-linux.args | 2 +
.../nwfilterxml2firewalldata/ipv6-linux.args | 15 +
.../nwfilterxml2firewalldata/iter1-linux.args | 9 +
.../nwfilterxml2firewalldata/iter2-linux.args | 171 +++++++
.../nwfilterxml2firewalldata/iter3-linux.args | 15 +
tests/nwfilterxml2firewalldata/mac-linux.args | 4 +
.../nwfilterxml2firewalldata/rarp-linux.args | 6 +
.../sctp-ipv6-linux.args | 9 +
.../nwfilterxml2firewalldata/sctp-linux.args | 9 +
tests/nwfilterxml2firewalldata/stp-linux.args | 11 +
.../target-linux.args | 33 ++
.../target2-linux.args | 12 +
.../tcp-ipv6-linux.args | 9 +
tests/nwfilterxml2firewalldata/tcp-linux.args | 13 +
.../udp-ipv6-linux.args | 9 +
tests/nwfilterxml2firewalldata/udp-linux.args | 9 +
.../udplite-ipv6-linux.args | 9 +
.../udplite-linux.args | 9 +
.../nwfilterxml2firewalldata/vlan-linux.args | 7 +
tests/nwfilterxml2firewalltest.c | 144 +++---
tests/virfirewalltest.c | 112 +++--
51 files changed, 1115 insertions(+), 358 deletions(-)
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index f6a8beec95..5f30c34483 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -105,6 +105,12 @@ void
virFirewallSetLockOverride(bool avoid)
{
lockOverride = avoid;
+ if (avoid) {
+ /* add the lock option to all commands */
+ iptablesUseLock = true;
+ ip6tablesUseLock = true;
+ ebtablesUseLock = true;
+ }
}
static void
diff --git a/tests/networkxml2firewalldata/base.args b/tests/networkxml2firewalldata/base.args
index 0e71bf3a64..056ee12758 100644
--- a/tests/networkxml2firewalldata/base.args
+++ b/tests/networkxml2firewalldata/base.args
@@ -1,116 +1,150 @@
iptables \
+-w \
--table filter \
--list-rules
iptables \
+-w \
--table nat \
--list-rules
iptables \
+-w \
--table mangle \
--list-rules
iptables \
+-w \
--table filter \
--new-chain LIBVIRT_INP
iptables \
+-w \
--table filter \
--insert INPUT \
--jump LIBVIRT_INP
iptables \
+-w \
--table filter \
--new-chain LIBVIRT_OUT
iptables \
+-w \
--table filter \
--insert OUTPUT \
--jump LIBVIRT_OUT
iptables \
+-w \
--table filter \
--new-chain LIBVIRT_FWO
iptables \
+-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWO
iptables \
+-w \
--table filter \
--new-chain LIBVIRT_FWI
iptables \
+-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWI
iptables \
+-w \
--table filter \
--new-chain LIBVIRT_FWX
iptables \
+-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWX
iptables \
+-w \
--table nat \
--new-chain LIBVIRT_PRT
iptables \
+-w \
--table nat \
--insert POSTROUTING \
--jump LIBVIRT_PRT
iptables \
+-w \
--table mangle \
--new-chain LIBVIRT_PRT
iptables \
+-w \
--table mangle \
--insert POSTROUTING \
--jump LIBVIRT_PRT
ip6tables \
+-w \
--table filter \
--list-rules
ip6tables \
+-w \
--table nat \
--list-rules
ip6tables \
+-w \
--table mangle \
--list-rules
ip6tables \
+-w \
--table filter \
--new-chain LIBVIRT_INP
ip6tables \
+-w \
--table filter \
--insert INPUT \
--jump LIBVIRT_INP
ip6tables \
+-w \
--table filter \
--new-chain LIBVIRT_OUT
ip6tables \
+-w \
--table filter \
--insert OUTPUT \
--jump LIBVIRT_OUT
ip6tables \
+-w \
--table filter \
--new-chain LIBVIRT_FWO
ip6tables \
+-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWO
ip6tables \
+-w \
--table filter \
--new-chain LIBVIRT_FWI
ip6tables \
+-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWI
ip6tables \
+-w \
--table filter \
--new-chain LIBVIRT_FWX
ip6tables \
+-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWX
ip6tables \
+-w \
--table nat \
--new-chain LIBVIRT_PRT
ip6tables \
+-w \
--table nat \
--insert POSTROUTING \
--jump LIBVIRT_PRT
ip6tables \
+-w \
--table mangle \
--new-chain LIBVIRT_PRT
ip6tables \
+-w \
--table mangle \
--insert POSTROUTING \
--jump LIBVIRT_PRT
diff --git a/tests/networkxml2firewalldata/nat-default-linux.args b/tests/networkxml2firewalldata/nat-default-linux.args
index ab18f30bd0..3cfa61333c 100644
--- a/tests/networkxml2firewalldata/nat-default-linux.args
+++ b/tests/networkxml2firewalldata/nat-default-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,28 +63,33 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -85,12 +98,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -99,6 +114,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -107,18 +123,21 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
+-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.args b/tests/networkxml2firewalldata/nat-ipv6-linux.args
index 05d9ee33ca..ce295cbc6d 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-linux.args
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,38 +63,45 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -94,6 +109,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -101,6 +117,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -108,6 +125,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -115,6 +133,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -122,6 +141,7 @@ ip6tables \
--destination-port 547 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -129,12 +149,14 @@ ip6tables \
--destination-port 546 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -143,12 +165,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -157,6 +181,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -165,30 +190,35 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 2001:db8:ca2:2::/64 \
--in-interface virbr0 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 2001:db8:ca2:2::/64 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.args b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.args
index f7b82c987a..d78537dc5c 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.args
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,38 +63,45 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -94,6 +109,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -101,6 +117,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -108,6 +125,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -115,6 +133,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -122,6 +141,7 @@ ip6tables \
--destination-port 547 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -129,12 +149,14 @@ ip6tables \
--destination-port 546 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -143,12 +165,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -157,6 +181,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -165,24 +190,28 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 2001:db8:ca2:2::/64 \
--in-interface virbr0 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 2001:db8:ca2:2::/64 \
@@ -191,12 +220,14 @@ ip6tables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
ip6tables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 2001:db8:ca2:2::/64 '!' \
--destination 2001:db8:ca2:2::/64 \
--jump MASQUERADE
ip6tables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 2001:db8:ca2:2::/64 \
@@ -205,6 +236,7 @@ ip6tables \
--jump MASQUERADE \
--to-ports 1024-65535
ip6tables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 2001:db8:ca2:2::/64 \
@@ -213,12 +245,14 @@ ip6tables \
--jump MASQUERADE \
--to-ports 1024-65535
ip6tables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 2001:db8:ca2:2::/64 \
--destination ff02::/16 \
--jump RETURN
iptables \
+-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.args b/tests/networkxml2firewalldata/nat-many-ips-linux.args
index 82e1380f51..ba7f234b82 100644
--- a/tests/networkxml2firewalldata/nat-many-ips-linux.args
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,28 +63,33 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -85,12 +98,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -99,6 +114,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -107,24 +123,28 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.128.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.128.0/24 \
@@ -133,12 +153,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.128.0/24 '!' \
--destination 192.168.128.0/24 \
--jump MASQUERADE
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.128.0/24 \
@@ -147,6 +169,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.128.0/24 \
@@ -155,24 +178,28 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.128.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.128.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.150.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.150.0/24 \
@@ -181,12 +208,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.150.0/24 '!' \
--destination 192.168.150.0/24 \
--jump MASQUERADE
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.150.0/24 \
@@ -195,6 +224,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.150.0/24 \
@@ -203,18 +233,21 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.150.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.150.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
+-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.args b/tests/networkxml2firewalldata/nat-no-dhcp-linux.args
index 8954cc5473..1e5aa05231 100644
--- a/tests/networkxml2firewalldata/nat-no-dhcp-linux.args
+++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,38 +63,45 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -94,6 +109,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -101,6 +117,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -108,6 +125,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -115,6 +133,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -122,6 +141,7 @@ ip6tables \
--destination-port 547 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -129,12 +149,14 @@ ip6tables \
--destination-port 546 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -143,12 +165,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -157,6 +181,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -165,24 +190,28 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 2001:db8:ca2:2::/64 \
--in-interface virbr0 \
--jump ACCEPT
ip6tables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 2001:db8:ca2:2::/64 \
diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.args b/tests/networkxml2firewalldata/nat-tftp-linux.args
index 88e9929b62..565fff737c 100644
--- a/tests/networkxml2firewalldata/nat-tftp-linux.args
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,6 +63,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -62,6 +71,7 @@ iptables \
--destination-port 69 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -69,28 +79,33 @@ iptables \
--destination-port 69 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -99,12 +114,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -113,6 +130,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -121,18 +139,21 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
+-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
+-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/route-default-linux.args b/tests/networkxml2firewalldata/route-default-linux.args
index c427d9602d..a7b969c077 100644
--- a/tests/networkxml2firewalldata/route-default-linux.args
+++ b/tests/networkxml2firewalldata/route-default-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,34 +63,40 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
+-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \
diff --git a/tests/nwfilterebiptablestest.c b/tests/nwfilterebiptablestest.c
index 4d8791023c..5562682e9a 100644
--- a/tests/nwfilterebiptablestest.c
+++ b/tests/nwfilterebiptablestest.c
@@ -36,34 +36,34 @@
#define VIR_NWFILTER_NEW_RULES_TEARDOWN \
- "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n" \
- "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n" \
- "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" \
- "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n" \
- "iptables -F FP-vnet0\n" \
- "iptables -X FP-vnet0\n" \
- "iptables -F FJ-vnet0\n" \
- "iptables -X FJ-vnet0\n" \
- "iptables -F HJ-vnet0\n" \
- "iptables -X HJ-vnet0\n" \
- "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n" \
- "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n" \
- "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" \
- "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n" \
- "ip6tables -F FP-vnet0\n" \
- "ip6tables -X FP-vnet0\n" \
- "ip6tables -F FJ-vnet0\n" \
- "ip6tables -X FJ-vnet0\n" \
- "ip6tables -F HJ-vnet0\n" \
- "ip6tables -X HJ-vnet0\n" \
- "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0\n" \
- "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0\n" \
- "ebtables -t nat -L libvirt-J-vnet0\n" \
- "ebtables -t nat -L libvirt-P-vnet0\n" \
- "ebtables -t nat -F libvirt-J-vnet0\n" \
- "ebtables -t nat -X libvirt-J-vnet0\n" \
- "ebtables -t nat -F libvirt-P-vnet0\n" \
- "ebtables -t nat -X libvirt-P-vnet0\n"
+ "iptables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n" \
+ "iptables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n" \
+ "iptables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" \
+ "iptables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n" \
+ "iptables -w -F FP-vnet0\n" \
+ "iptables -w -X FP-vnet0\n" \
+ "iptables -w -F FJ-vnet0\n" \
+ "iptables -w -X FJ-vnet0\n" \
+ "iptables -w -F HJ-vnet0\n" \
+ "iptables -w -X HJ-vnet0\n" \
+ "ip6tables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n" \
+ "ip6tables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n" \
+ "ip6tables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" \
+ "ip6tables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n" \
+ "ip6tables -w -F FP-vnet0\n" \
+ "ip6tables -w -X FP-vnet0\n" \
+ "ip6tables -w -F FJ-vnet0\n" \
+ "ip6tables -w -X FJ-vnet0\n" \
+ "ip6tables -w -F HJ-vnet0\n" \
+ "ip6tables -w -X HJ-vnet0\n" \
+ "ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0\n" \
+ "ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0\n" \
+ "ebtables --concurrent -t nat -L libvirt-J-vnet0\n" \
+ "ebtables --concurrent -t nat -L libvirt-P-vnet0\n" \
+ "ebtables --concurrent -t nat -F libvirt-J-vnet0\n" \
+ "ebtables --concurrent -t nat -X libvirt-J-vnet0\n" \
+ "ebtables --concurrent -t nat -F libvirt-P-vnet0\n" \
+ "ebtables --concurrent -t nat -X libvirt-P-vnet0\n"
static int
testNWFilterEBIPTablesAllTeardown(const void *opaque G_GNUC_UNUSED)
@@ -71,36 +71,36 @@ testNWFilterEBIPTablesAllTeardown(const void *opaque G_GNUC_UNUSED)
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
const char *expected =
VIR_NWFILTER_NEW_RULES_TEARDOWN
- "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
- "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
- "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
- "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
- "iptables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
- "iptables -F FO-vnet0\n"
- "iptables -X FO-vnet0\n"
- "iptables -F FI-vnet0\n"
- "iptables -X FI-vnet0\n"
- "iptables -F HI-vnet0\n"
- "iptables -X HI-vnet0\n"
- "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
- "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
- "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
- "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
- "ip6tables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
- "ip6tables -F FO-vnet0\n"
- "ip6tables -X FO-vnet0\n"
- "ip6tables -F FI-vnet0\n"
- "ip6tables -X FI-vnet0\n"
- "ip6tables -F HI-vnet0\n"
- "ip6tables -X HI-vnet0\n"
- "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
- "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
- "ebtables -t nat -L libvirt-I-vnet0\n"
- "ebtables -t nat -L libvirt-O-vnet0\n"
- "ebtables -t nat -F libvirt-I-vnet0\n"
- "ebtables -t nat -X libvirt-I-vnet0\n"
- "ebtables -t nat -F libvirt-O-vnet0\n"
- "ebtables -t nat -X libvirt-O-vnet0\n";
+ "iptables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
+ "iptables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
+ "iptables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
+ "iptables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
+ "iptables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
+ "iptables -w -F FO-vnet0\n"
+ "iptables -w -X FO-vnet0\n"
+ "iptables -w -F FI-vnet0\n"
+ "iptables -w -X FI-vnet0\n"
+ "iptables -w -F HI-vnet0\n"
+ "iptables -w -X HI-vnet0\n"
+ "ip6tables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
+ "ip6tables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
+ "ip6tables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
+ "ip6tables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
+ "ip6tables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
+ "ip6tables -w -F FO-vnet0\n"
+ "ip6tables -w -X FO-vnet0\n"
+ "ip6tables -w -F FI-vnet0\n"
+ "ip6tables -w -X FI-vnet0\n"
+ "ip6tables -w -F HI-vnet0\n"
+ "ip6tables -w -X HI-vnet0\n"
+ "ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-O-vnet0\n";
char *actual = NULL;
int ret = -1;
@@ -130,44 +130,44 @@ testNWFilterEBIPTablesTearOldRules(const void *opaque G_GNUC_UNUSED)
{
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
const char *expected =
- "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
- "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
- "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
- "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
- "iptables -F FO-vnet0\n"
- "iptables -X FO-vnet0\n"
- "iptables -F FI-vnet0\n"
- "iptables -X FI-vnet0\n"
- "iptables -F HI-vnet0\n"
- "iptables -X HI-vnet0\n"
- "iptables -E FP-vnet0 FO-vnet0\n"
- "iptables -E FJ-vnet0 FI-vnet0\n"
- "iptables -E HJ-vnet0 HI-vnet0\n"
- "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
- "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
- "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
- "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
- "ip6tables -F FO-vnet0\n"
- "ip6tables -X FO-vnet0\n"
- "ip6tables -F FI-vnet0\n"
- "ip6tables -X FI-vnet0\n"
- "ip6tables -F HI-vnet0\n"
- "ip6tables -X HI-vnet0\n"
- "ip6tables -E FP-vnet0 FO-vnet0\n"
- "ip6tables -E FJ-vnet0 FI-vnet0\n"
- "ip6tables -E HJ-vnet0 HI-vnet0\n"
- "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
- "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
- "ebtables -t nat -L libvirt-I-vnet0\n"
- "ebtables -t nat -L libvirt-O-vnet0\n"
- "ebtables -t nat -F libvirt-I-vnet0\n"
- "ebtables -t nat -X libvirt-I-vnet0\n"
- "ebtables -t nat -F libvirt-O-vnet0\n"
- "ebtables -t nat -X libvirt-O-vnet0\n"
- "ebtables -t nat -L libvirt-J-vnet0\n"
- "ebtables -t nat -L libvirt-P-vnet0\n"
- "ebtables -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n"
- "ebtables -t nat -E libvirt-P-vnet0 libvirt-O-vnet0\n";
+ "iptables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
+ "iptables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
+ "iptables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
+ "iptables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
+ "iptables -w -F FO-vnet0\n"
+ "iptables -w -X FO-vnet0\n"
+ "iptables -w -F FI-vnet0\n"
+ "iptables -w -X FI-vnet0\n"
+ "iptables -w -F HI-vnet0\n"
+ "iptables -w -X HI-vnet0\n"
+ "iptables -w -E FP-vnet0 FO-vnet0\n"
+ "iptables -w -E FJ-vnet0 FI-vnet0\n"
+ "iptables -w -E HJ-vnet0 HI-vnet0\n"
+ "ip6tables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
+ "ip6tables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
+ "ip6tables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
+ "ip6tables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
+ "ip6tables -w -F FO-vnet0\n"
+ "ip6tables -w -X FO-vnet0\n"
+ "ip6tables -w -F FI-vnet0\n"
+ "ip6tables -w -X FI-vnet0\n"
+ "ip6tables -w -F HI-vnet0\n"
+ "ip6tables -w -X HI-vnet0\n"
+ "ip6tables -w -E FP-vnet0 FO-vnet0\n"
+ "ip6tables -w -E FJ-vnet0 FI-vnet0\n"
+ "ip6tables -w -E HJ-vnet0 HI-vnet0\n"
+ "ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-P-vnet0\n"
+ "ebtables --concurrent -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0\n";
char *actual = NULL;
int ret = -1;
@@ -197,22 +197,22 @@ testNWFilterEBIPTablesRemoveBasicRules(const void *opaque G_GNUC_UNUSED)
{
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
const char *expected =
- "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
- "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
- "ebtables -t nat -L libvirt-I-vnet0\n"
- "ebtables -t nat -L libvirt-O-vnet0\n"
- "ebtables -t nat -F libvirt-I-vnet0\n"
- "ebtables -t nat -X libvirt-I-vnet0\n"
- "ebtables -t nat -F libvirt-O-vnet0\n"
- "ebtables -t nat -X libvirt-O-vnet0\n"
- "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
- "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0\n"
- "ebtables -t nat -L libvirt-J-vnet0\n"
- "ebtables -t nat -L libvirt-P-vnet0\n"
- "ebtables -t nat -F libvirt-J-vnet0\n"
- "ebtables -t nat -X libvirt-J-vnet0\n"
- "ebtables -t nat -F libvirt-P-vnet0\n"
- "ebtables -t nat -X libvirt-P-vnet0\n";
+ "ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-P-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-P-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-P-vnet0\n";
char *actual = NULL;
int ret = -1;
@@ -273,43 +273,43 @@ testNWFilterEBIPTablesApplyBasicRules(const void *opaque G_GNUC_UNUSED)
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
const char *expected =
VIR_NWFILTER_NEW_RULES_TEARDOWN
- "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
- "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
- "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
- "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
- "iptables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
- "iptables -F FO-vnet0\n"
- "iptables -X FO-vnet0\n"
- "iptables -F FI-vnet0\n"
- "iptables -X FI-vnet0\n"
- "iptables -F HI-vnet0\n"
- "iptables -X HI-vnet0\n"
- "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
- "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
- "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
- "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
- "ip6tables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
- "ip6tables -F FO-vnet0\n"
- "ip6tables -X FO-vnet0\n"
- "ip6tables -F FI-vnet0\n"
- "ip6tables -X FI-vnet0\n"
- "ip6tables -F HI-vnet0\n"
- "ip6tables -X HI-vnet0\n"
- "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
- "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
- "ebtables -t nat -L libvirt-I-vnet0\n"
- "ebtables -t nat -L libvirt-O-vnet0\n"
- "ebtables -t nat -F libvirt-I-vnet0\n"
- "ebtables -t nat -X libvirt-I-vnet0\n"
- "ebtables -t nat -F libvirt-O-vnet0\n"
- "ebtables -t nat -X libvirt-O-vnet0\n"
- "ebtables -t nat -N libvirt-J-vnet0\n"
- "ebtables -t nat -A libvirt-J-vnet0 -s '!' 10:20:30:40:50:60 -j DROP\n"
- "ebtables -t nat -A libvirt-J-vnet0 -p IPv4 -j ACCEPT\n"
- "ebtables -t nat -A libvirt-J-vnet0 -p ARP -j ACCEPT\n"
- "ebtables -t nat -A libvirt-J-vnet0 -j DROP\n"
- "ebtables -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
- "ebtables -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n";
+ "iptables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
+ "iptables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
+ "iptables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
+ "iptables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
+ "iptables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
+ "iptables -w -F FO-vnet0\n"
+ "iptables -w -X FO-vnet0\n"
+ "iptables -w -F FI-vnet0\n"
+ "iptables -w -X FI-vnet0\n"
+ "iptables -w -F HI-vnet0\n"
+ "iptables -w -X HI-vnet0\n"
+ "ip6tables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
+ "ip6tables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
+ "ip6tables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
+ "ip6tables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
+ "ip6tables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
+ "ip6tables -w -F FO-vnet0\n"
+ "ip6tables -w -X FO-vnet0\n"
+ "ip6tables -w -F FI-vnet0\n"
+ "ip6tables -w -X FI-vnet0\n"
+ "ip6tables -w -F HI-vnet0\n"
+ "ip6tables -w -X HI-vnet0\n"
+ "ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -N libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -A libvirt-J-vnet0 -s '!' 10:20:30:40:50:60 -j DROP\n"
+ "ebtables --concurrent -t nat -A libvirt-J-vnet0 -p IPv4 -j ACCEPT\n"
+ "ebtables --concurrent -t nat -A libvirt-J-vnet0 -p ARP -j ACCEPT\n"
+ "ebtables --concurrent -t nat -A libvirt-J-vnet0 -j DROP\n"
+ "ebtables --concurrent -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n";
char *actual = NULL;
int ret = -1;
virMacAddr mac = { .addr = { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60 } };
@@ -341,51 +341,51 @@ testNWFilterEBIPTablesApplyDHCPOnlyRules(const void *opaque G_GNUC_UNUSED)
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
const char *expected =
VIR_NWFILTER_NEW_RULES_TEARDOWN
- "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
- "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
- "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
- "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
- "iptables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
- "iptables -F FO-vnet0\n"
- "iptables -X FO-vnet0\n"
- "iptables -F FI-vnet0\n"
- "iptables -X FI-vnet0\n"
- "iptables -F HI-vnet0\n"
- "iptables -X HI-vnet0\n"
- "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
- "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
- "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
- "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
- "ip6tables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
- "ip6tables -F FO-vnet0\n"
- "ip6tables -X FO-vnet0\n"
- "ip6tables -F FI-vnet0\n"
- "ip6tables -X FI-vnet0\n"
- "ip6tables -F HI-vnet0\n"
- "ip6tables -X HI-vnet0\n"
- "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
- "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
- "ebtables -t nat -L libvirt-I-vnet0\n"
- "ebtables -t nat -L libvirt-O-vnet0\n"
- "ebtables -t nat -F libvirt-I-vnet0\n"
- "ebtables -t nat -X libvirt-I-vnet0\n"
- "ebtables -t nat -F libvirt-O-vnet0\n"
- "ebtables -t nat -X libvirt-O-vnet0\n"
- "ebtables -t nat -N libvirt-J-vnet0\n"
- "ebtables -t nat -N libvirt-P-vnet0\n"
- "ebtables -t nat -A libvirt-J-vnet0 -s 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-sport 68 --ip-dport 67 -j ACCEPT\n"
- "ebtables -t nat -A libvirt-J-vnet0 -j DROP\n"
- "ebtables -t nat -A libvirt-P-vnet0 -d 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-src 192.168.122.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
- "ebtables -t nat -A libvirt-P-vnet0 -d ff:ff:ff:ff:ff:ff -p ipv4 --ip-protocol udp --ip-src 192.168.122.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
- "ebtables -t nat -A libvirt-P-vnet0 -d 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-src 10.0.0.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
- "ebtables -t nat -A libvirt-P-vnet0 -d ff:ff:ff:ff:ff:ff -p ipv4 --ip-protocol udp --ip-src 10.0.0.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
- "ebtables -t nat -A libvirt-P-vnet0 -d 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-src 10.0.0.2 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
- "ebtables -t nat -A libvirt-P-vnet0 -d ff:ff:ff:ff:ff:ff -p ipv4 --ip-protocol udp --ip-src 10.0.0.2 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
- "ebtables -t nat -A libvirt-P-vnet0 -j DROP\n"
- "ebtables -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
- "ebtables -t nat -A POSTROUTING -o vnet0 -j libvirt-P-vnet0\n"
- "ebtables -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n"
- "ebtables -t nat -E libvirt-P-vnet0 libvirt-O-vnet0\n";
+ "iptables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
+ "iptables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
+ "iptables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
+ "iptables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
+ "iptables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
+ "iptables -w -F FO-vnet0\n"
+ "iptables -w -X FO-vnet0\n"
+ "iptables -w -F FI-vnet0\n"
+ "iptables -w -X FI-vnet0\n"
+ "iptables -w -F HI-vnet0\n"
+ "iptables -w -X HI-vnet0\n"
+ "ip6tables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
+ "ip6tables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
+ "ip6tables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
+ "ip6tables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
+ "ip6tables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
+ "ip6tables -w -F FO-vnet0\n"
+ "ip6tables -w -X FO-vnet0\n"
+ "ip6tables -w -F FI-vnet0\n"
+ "ip6tables -w -X FI-vnet0\n"
+ "ip6tables -w -F HI-vnet0\n"
+ "ip6tables -w -X HI-vnet0\n"
+ "ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -N libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -N libvirt-P-vnet0\n"
+ "ebtables --concurrent -t nat -A libvirt-J-vnet0 -s 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-sport 68 --ip-dport 67 -j ACCEPT\n"
+ "ebtables --concurrent -t nat -A libvirt-J-vnet0 -j DROP\n"
+ "ebtables --concurrent -t nat -A libvirt-P-vnet0 -d 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-src 192.168.122.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
+ "ebtables --concurrent -t nat -A libvirt-P-vnet0 -d ff:ff:ff:ff:ff:ff -p ipv4 --ip-protocol udp --ip-src 192.168.122.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
+ "ebtables --concurrent -t nat -A libvirt-P-vnet0 -d 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-src 10.0.0.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
+ "ebtables --concurrent -t nat -A libvirt-P-vnet0 -d ff:ff:ff:ff:ff:ff -p ipv4 --ip-protocol udp --ip-src 10.0.0.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
+ "ebtables --concurrent -t nat -A libvirt-P-vnet0 -d 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-src 10.0.0.2 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
+ "ebtables --concurrent -t nat -A libvirt-P-vnet0 -d ff:ff:ff:ff:ff:ff -p ipv4 --ip-protocol udp --ip-src 10.0.0.2 --ip-sport 67 --ip-dport 68 -j ACCEPT\n"
+ "ebtables --concurrent -t nat -A libvirt-P-vnet0 -j DROP\n"
+ "ebtables --concurrent -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -A POSTROUTING -o vnet0 -j libvirt-P-vnet0\n"
+ "ebtables --concurrent -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0\n";
char *actual = NULL;
int ret = -1;
virMacAddr mac = { .addr = { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60 } };
@@ -428,44 +428,44 @@ testNWFilterEBIPTablesApplyDropAllRules(const void *opaque G_GNUC_UNUSED)
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
const char *expected =
VIR_NWFILTER_NEW_RULES_TEARDOWN
- "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
- "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
- "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
- "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
- "iptables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
- "iptables -F FO-vnet0\n"
- "iptables -X FO-vnet0\n"
- "iptables -F FI-vnet0\n"
- "iptables -X FI-vnet0\n"
- "iptables -F HI-vnet0\n"
- "iptables -X HI-vnet0\n"
- "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
- "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
- "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
- "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
- "ip6tables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
- "ip6tables -F FO-vnet0\n"
- "ip6tables -X FO-vnet0\n"
- "ip6tables -F FI-vnet0\n"
- "ip6tables -X FI-vnet0\n"
- "ip6tables -F HI-vnet0\n"
- "ip6tables -X HI-vnet0\n"
- "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
- "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
- "ebtables -t nat -L libvirt-I-vnet0\n"
- "ebtables -t nat -L libvirt-O-vnet0\n"
- "ebtables -t nat -F libvirt-I-vnet0\n"
- "ebtables -t nat -X libvirt-I-vnet0\n"
- "ebtables -t nat -F libvirt-O-vnet0\n"
- "ebtables -t nat -X libvirt-O-vnet0\n"
- "ebtables -t nat -N libvirt-J-vnet0\n"
- "ebtables -t nat -N libvirt-P-vnet0\n"
- "ebtables -t nat -A libvirt-J-vnet0 -j DROP\n"
- "ebtables -t nat -A libvirt-P-vnet0 -j DROP\n"
- "ebtables -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
- "ebtables -t nat -A POSTROUTING -o vnet0 -j libvirt-P-vnet0\n"
- "ebtables -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n"
- "ebtables -t nat -E libvirt-P-vnet0 libvirt-O-vnet0\n";
+ "iptables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
+ "iptables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
+ "iptables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
+ "iptables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
+ "iptables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
+ "iptables -w -F FO-vnet0\n"
+ "iptables -w -X FO-vnet0\n"
+ "iptables -w -F FI-vnet0\n"
+ "iptables -w -X FI-vnet0\n"
+ "iptables -w -F HI-vnet0\n"
+ "iptables -w -X HI-vnet0\n"
+ "ip6tables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n"
+ "ip6tables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n"
+ "ip6tables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n"
+ "ip6tables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n"
+ "ip6tables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
+ "ip6tables -w -F FO-vnet0\n"
+ "ip6tables -w -X FO-vnet0\n"
+ "ip6tables -w -F FI-vnet0\n"
+ "ip6tables -w -X FI-vnet0\n"
+ "ip6tables -w -F HI-vnet0\n"
+ "ip6tables -w -X HI-vnet0\n"
+ "ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-O-vnet0\n"
+ "ebtables --concurrent -t nat -N libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -N libvirt-P-vnet0\n"
+ "ebtables --concurrent -t nat -A libvirt-J-vnet0 -j DROP\n"
+ "ebtables --concurrent -t nat -A libvirt-P-vnet0 -j DROP\n"
+ "ebtables --concurrent -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -A POSTROUTING -o vnet0 -j libvirt-P-vnet0\n"
+ "ebtables --concurrent -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n"
+ "ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0\n";
char *actual = NULL;
int ret = -1;
diff --git a/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args b/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args
index 35c9de38b8..77f0532fd2 100644
--- a/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args
+++ b/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args
@@ -1,4 +1,5 @@
ip6tables \
+-w \
-A FJ-vnet0 \
-p ah \
-m mac \
@@ -11,6 +12,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p ah \
--destination f:e:d::c:b:a/127 \
@@ -21,6 +23,7 @@ ip6tables \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p ah \
-m mac \
@@ -33,6 +36,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p ah \
--destination a:b:c::/128 \
@@ -42,6 +46,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p ah \
-m mac \
@@ -53,6 +58,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p ah \
--destination a:b:c::/128 \
@@ -62,6 +68,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p ah \
--destination ::10.1.2.3/128 \
@@ -71,6 +78,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p ah \
-m mac \
@@ -82,6 +90,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p ah \
--destination ::10.1.2.3/128 \
diff --git a/tests/nwfilterxml2firewalldata/ah-linux.args b/tests/nwfilterxml2firewalldata/ah-linux.args
index 269636754e..c7e5c1eb17 100644
--- a/tests/nwfilterxml2firewalldata/ah-linux.args
+++ b/tests/nwfilterxml2firewalldata/ah-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p ah \
-m mac \
@@ -10,6 +11,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p ah \
--source 10.1.2.3/32 \
@@ -19,6 +21,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p ah \
-m mac \
@@ -30,6 +33,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p ah \
--destination 10.1.2.3/22 \
@@ -39,6 +43,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p ah \
-m mac \
@@ -50,6 +55,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p ah \
--destination 10.1.2.3/22 \
@@ -59,6 +65,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p ah \
--destination 10.1.2.3/22 \
@@ -68,6 +75,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p ah \
-m mac \
@@ -79,6 +87,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p ah \
--destination 10.1.2.3/22 \
diff --git a/tests/nwfilterxml2firewalldata/all-ipv6-linux.args b/tests/nwfilterxml2firewalldata/all-ipv6-linux.args
index 2f84c1bfea..d86908663c 100644
--- a/tests/nwfilterxml2firewalldata/all-ipv6-linux.args
+++ b/tests/nwfilterxml2firewalldata/all-ipv6-linux.args
@@ -1,4 +1,5 @@
ip6tables \
+-w \
-A FJ-vnet0 \
-p all \
-m mac \
@@ -11,6 +12,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p all \
--destination f:e:d::c:b:a/127 \
@@ -21,6 +23,7 @@ ip6tables \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p all \
-m mac \
@@ -33,6 +36,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p all \
--destination a:b:c::/128 \
@@ -42,6 +46,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p all \
-m mac \
@@ -53,6 +58,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p all \
--destination a:b:c::/128 \
@@ -62,6 +68,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p all \
--destination ::10.1.2.3/128 \
@@ -71,6 +78,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p all \
-m mac \
@@ -82,6 +90,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p all \
--destination ::10.1.2.3/128 \
diff --git a/tests/nwfilterxml2firewalldata/all-linux.args b/tests/nwfilterxml2firewalldata/all-linux.args
index 7ea769f74f..187d9ed9ca 100644
--- a/tests/nwfilterxml2firewalldata/all-linux.args
+++ b/tests/nwfilterxml2firewalldata/all-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m mac \
@@ -10,6 +11,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
@@ -19,6 +21,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m mac \
@@ -30,6 +33,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
@@ -39,6 +43,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m mac \
@@ -50,6 +55,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
@@ -59,6 +65,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
@@ -68,6 +75,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m mac \
@@ -79,6 +87,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
diff --git a/tests/nwfilterxml2firewalldata/arp-linux.args b/tests/nwfilterxml2firewalldata/arp-linux.args
index b1360175c4..ef9f44d7bb 100644
--- a/tests/nwfilterxml2firewalldata/arp-linux.args
+++ b/tests/nwfilterxml2firewalldata/arp-linux.args
@@ -1,4 +1,5 @@
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -11,6 +12,7 @@ ebtables \
--arp-mac-dst 0a:0b:0c:0d:0e:0f \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -20,6 +22,7 @@ ebtables \
--arp-ptype 0xff \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -29,6 +32,7 @@ ebtables \
--arp-ptype 0x100 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -38,6 +42,7 @@ ebtables \
--arp-ptype 0xffff \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-p 0x806 \
diff --git a/tests/nwfilterxml2firewalldata/comment-linux.args b/tests/nwfilterxml2firewalldata/comment-linux.args
index 462b2e2177..6233ccf9f5 100644
--- a/tests/nwfilterxml2firewalldata/comment-linux.args
+++ b/tests/nwfilterxml2firewalldata/comment-linux.args
@@ -1,9 +1,11 @@
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-p 0x1234 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -17,6 +19,7 @@ ebtables \
--ip-tos 0x32 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \
@@ -29,6 +32,7 @@ ebtables \
--ip6-destination-port 13107:65535 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -41,6 +45,7 @@ ebtables \
--arp-mac-dst 0a:0b:0c:0d:0e:0f \
-j ACCEPT
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
-m mac \
@@ -56,6 +61,7 @@ iptables \
--comment 'udp rule' \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--source 10.1.2.3/32 \
@@ -69,6 +75,7 @@ iptables \
--comment 'udp rule' \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
-m mac \
@@ -84,6 +91,7 @@ iptables \
--comment 'udp rule' \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
@@ -97,6 +105,7 @@ ip6tables \
--comment 'tcp/ipv6 rule' \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p tcp \
-m mac \
@@ -112,6 +121,7 @@ ip6tables \
--comment 'tcp/ipv6 rule' \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
@@ -125,6 +135,7 @@ ip6tables \
--comment 'tcp/ipv6 rule' \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p udp \
-m state \
@@ -133,6 +144,7 @@ ip6tables \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p udp \
-m state \
@@ -141,6 +153,7 @@ ip6tables \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p udp \
-m state \
@@ -149,6 +162,7 @@ ip6tables \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p sctp \
-m state \
@@ -157,6 +171,7 @@ ip6tables \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p sctp \
-m state \
@@ -165,6 +180,7 @@ ip6tables \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p sctp \
-m state \
@@ -173,6 +189,7 @@ ip6tables \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p ah \
-m state \
@@ -182,6 +199,7 @@ ip6tables \
-f ${tmp}' \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p ah \
-m state \
@@ -191,6 +209,7 @@ ip6tables \
-f ${tmp}' \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p ah \
-m state \
diff --git a/tests/nwfilterxml2firewalldata/conntrack-linux.args b/tests/nwfilterxml2firewalldata/conntrack-linux.args
index c653049e8e..78495598a1 100644
--- a/tests/nwfilterxml2firewalldata/conntrack-linux.args
+++ b/tests/nwfilterxml2firewalldata/conntrack-linux.args
@@ -1,40 +1,47 @@
iptables \
+-w \
-A FJ-vnet0 \
-p icmp \
-m connlimit \
--connlimit-above 1 \
-j DROP
iptables \
+-w \
-A HJ-vnet0 \
-p icmp \
-m connlimit \
--connlimit-above 1 \
-j DROP
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
-m connlimit \
--connlimit-above 2 \
-j DROP
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
-m connlimit \
--connlimit-above 2 \
-j DROP
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m state \
diff --git a/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args
index 51cf74815b..22dad0b412 100644
--- a/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args
+++ b/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args
@@ -1,4 +1,5 @@
ip6tables \
+-w \
-A FJ-vnet0 \
-p esp \
-m mac \
@@ -11,6 +12,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p esp \
--destination f:e:d::c:b:a/127 \
@@ -21,6 +23,7 @@ ip6tables \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p esp \
-m mac \
@@ -33,6 +36,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p esp \
--destination a:b:c::/128 \
@@ -42,6 +46,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p esp \
-m mac \
@@ -53,6 +58,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p esp \
--destination a:b:c::/128 \
@@ -62,6 +68,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p esp \
--destination ::10.1.2.3/128 \
@@ -71,6 +78,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p esp \
-m mac \
@@ -82,6 +90,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p esp \
--destination ::10.1.2.3/128 \
diff --git a/tests/nwfilterxml2firewalldata/esp-linux.args b/tests/nwfilterxml2firewalldata/esp-linux.args
index 17acb8133c..7cd70afaa1 100644
--- a/tests/nwfilterxml2firewalldata/esp-linux.args
+++ b/tests/nwfilterxml2firewalldata/esp-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p esp \
-m mac \
@@ -10,6 +11,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p esp \
--source 10.1.2.3/32 \
@@ -19,6 +21,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p esp \
-m mac \
@@ -30,6 +33,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p esp \
--destination 10.1.2.3/22 \
@@ -39,6 +43,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p esp \
-m mac \
@@ -50,6 +55,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p esp \
--destination 10.1.2.3/22 \
@@ -59,6 +65,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p esp \
--destination 10.1.2.3/22 \
@@ -68,6 +75,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p esp \
-m mac \
@@ -79,6 +87,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p esp \
--destination 10.1.2.3/22 \
diff --git a/tests/nwfilterxml2firewalldata/example-1-linux.args b/tests/nwfilterxml2firewalldata/example-1-linux.args
index c5549f8dd6..1cc3746d40 100644
--- a/tests/nwfilterxml2firewalldata/example-1-linux.args
+++ b/tests/nwfilterxml2firewalldata/example-1-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--sport 22 \
@@ -6,6 +7,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--dport 22 \
@@ -13,6 +15,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--sport 22 \
@@ -20,50 +23,59 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p icmp \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p icmp \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p icmp \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-j DROP
iptables \
+-w \
-A FP-vnet0 \
-p all \
-j DROP
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-j DROP
diff --git a/tests/nwfilterxml2firewalldata/example-2-linux.args b/tests/nwfilterxml2firewalldata/example-2-linux.args
index 2db58f1e0f..87462ad954 100644
--- a/tests/nwfilterxml2firewalldata/example-2-linux.args
+++ b/tests/nwfilterxml2firewalldata/example-2-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m state \
@@ -7,6 +8,7 @@ iptables \
--comment 'out: existing and related (ftp) connections' \
-j RETURN
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m state \
@@ -15,6 +17,7 @@ iptables \
--comment 'out: existing and related (ftp) connections' \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m state \
@@ -23,6 +26,7 @@ iptables \
--comment 'in: existing connections' \
-j ACCEPT
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--dport 21:22 \
@@ -32,6 +36,7 @@ iptables \
--comment 'in: ftp and ssh' \
-j ACCEPT
iptables \
+-w \
-A FP-vnet0 \
-p icmp \
-m state \
@@ -40,6 +45,7 @@ iptables \
--comment 'in: icmp' \
-j ACCEPT
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--dport 53 \
@@ -49,6 +55,7 @@ iptables \
--comment 'out: DNS lookups' \
-j RETURN
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--dport 53 \
@@ -58,18 +65,21 @@ iptables \
--comment 'out: DNS lookups' \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m comment \
--comment 'inout: drop all non-accepted traffic' \
-j DROP
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m comment \
--comment 'inout: drop all non-accepted traffic' \
-j DROP
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m comment \
diff --git a/tests/nwfilterxml2firewalldata/hex-data-linux.args b/tests/nwfilterxml2firewalldata/hex-data-linux.args
index f1a1f588f2..3c04e1c23d 100644
--- a/tests/nwfilterxml2firewalldata/hex-data-linux.args
+++ b/tests/nwfilterxml2firewalldata/hex-data-linux.args
@@ -1,9 +1,11 @@
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-p 0x1234 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -17,6 +19,7 @@ ebtables \
--ip-tos 0x32 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \
@@ -29,6 +32,7 @@ ebtables \
--ip6-destination-port 13107:65535 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -41,6 +45,7 @@ ebtables \
--arp-mac-dst 0a:0b:0c:0d:0e:0f \
-j ACCEPT
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
-m mac \
@@ -54,6 +59,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--source 10.1.2.3/32 \
@@ -65,6 +71,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
-m mac \
@@ -78,6 +85,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
@@ -89,6 +97,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p tcp \
-m mac \
@@ -102,6 +111,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
diff --git a/tests/nwfilterxml2firewalldata/icmp-direction-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction-linux.args
index 9f481fa831..7548aaeba5 100644
--- a/tests/nwfilterxml2firewalldata/icmp-direction-linux.args
+++ b/tests/nwfilterxml2firewalldata/icmp-direction-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FP-vnet0 \
-p icmp \
--icmp-type 0 \
@@ -6,6 +7,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A FJ-vnet0 \
-p icmp \
--icmp-type 8 \
@@ -13,6 +15,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A HJ-vnet0 \
-p icmp \
--icmp-type 8 \
@@ -20,14 +23,17 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p icmp \
-j DROP
iptables \
+-w \
-A FP-vnet0 \
-p icmp \
-j DROP
iptables \
+-w \
-A HJ-vnet0 \
-p icmp \
-j DROP
diff --git a/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args
index 1faa3d880a..026702caee 100644
--- a/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args
+++ b/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FP-vnet0 \
-p icmp \
--icmp-type 8 \
@@ -6,6 +7,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A FJ-vnet0 \
-p icmp \
--icmp-type 0 \
@@ -13,6 +15,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A HJ-vnet0 \
-p icmp \
--icmp-type 0 \
@@ -20,14 +23,17 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p icmp \
-j DROP
iptables \
+-w \
-A FP-vnet0 \
-p icmp \
-j DROP
iptables \
+-w \
-A HJ-vnet0 \
-p icmp \
-j DROP
diff --git a/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args
index 6cc8e132d9..6ee6a4f84a 100644
--- a/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args
+++ b/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args
@@ -1,30 +1,36 @@
iptables \
+-w \
-A FJ-vnet0 \
-p icmp \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p icmp \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p icmp \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-j DROP
iptables \
+-w \
-A FP-vnet0 \
-p all \
-j DROP
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-j DROP
diff --git a/tests/nwfilterxml2firewalldata/icmp-linux.args b/tests/nwfilterxml2firewalldata/icmp-linux.args
index d808f0ea60..d688e29213 100644
--- a/tests/nwfilterxml2firewalldata/icmp-linux.args
+++ b/tests/nwfilterxml2firewalldata/icmp-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p icmp \
-m mac \
@@ -11,6 +12,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A HJ-vnet0 \
-p icmp \
-m mac \
@@ -23,6 +25,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p icmp \
-m mac \
diff --git a/tests/nwfilterxml2firewalldata/icmpv6-linux.args b/tests/nwfilterxml2firewalldata/icmpv6-linux.args
index 92190eb311..6e2110fb81 100644
--- a/tests/nwfilterxml2firewalldata/icmpv6-linux.args
+++ b/tests/nwfilterxml2firewalldata/icmpv6-linux.args
@@ -1,4 +1,5 @@
ip6tables \
+-w \
-A FJ-vnet0 \
-p icmpv6 \
-m mac \
@@ -12,6 +13,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A HJ-vnet0 \
-p icmpv6 \
-m mac \
@@ -25,6 +27,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p icmpv6 \
-m mac \
@@ -37,6 +40,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A FP-vnet0 \
-p icmpv6 \
-m mac \
diff --git a/tests/nwfilterxml2firewalldata/igmp-linux.args b/tests/nwfilterxml2firewalldata/igmp-linux.args
index 727463a62d..b954b0ae99 100644
--- a/tests/nwfilterxml2firewalldata/igmp-linux.args
+++ b/tests/nwfilterxml2firewalldata/igmp-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p igmp \
-m mac \
@@ -10,6 +11,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p igmp \
--source 10.1.2.3/32 \
@@ -19,6 +21,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p igmp \
-m mac \
@@ -30,6 +33,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p igmp \
--destination 10.1.2.3/22 \
@@ -39,6 +43,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p igmp \
-m mac \
@@ -50,6 +55,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p igmp \
--destination 10.1.2.3/22 \
@@ -59,6 +65,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p igmp \
--destination 10.1.2.3/22 \
@@ -68,6 +75,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p igmp \
-m mac \
@@ -79,6 +87,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p igmp \
--destination 10.1.2.3/22 \
diff --git a/tests/nwfilterxml2firewalldata/ip-linux.args b/tests/nwfilterxml2firewalldata/ip-linux.args
index 399a47491e..8e64839678 100644
--- a/tests/nwfilterxml2firewalldata/ip-linux.args
+++ b/tests/nwfilterxml2firewalldata/ip-linux.args
@@ -1,4 +1,5 @@
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -11,6 +12,7 @@ ebtables \
--ip-destination-port 100:101 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-p ipv4 \
@@ -20,6 +22,7 @@ ebtables \
--ip-tos 0x3f \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-p ipv4 \
diff --git a/tests/nwfilterxml2firewalldata/ipset-linux.args b/tests/nwfilterxml2firewalldata/ipset-linux.args
index 0fe0739962..5cdb151354 100644
--- a/tests/nwfilterxml2firewalldata/ipset-linux.args
+++ b/tests/nwfilterxml2firewalldata/ipset-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m state \
@@ -7,6 +8,7 @@ iptables \
--match-set tck_test src,dst \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m state \
@@ -15,6 +17,7 @@ iptables \
--match-set tck_test dst,src \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m state \
@@ -23,6 +26,7 @@ iptables \
--match-set tck_test src,dst \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m set \
@@ -31,6 +35,7 @@ iptables \
--comment in+NONE \
-j ACCEPT
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m set \
@@ -39,6 +44,7 @@ iptables \
--comment out+NONE \
-j RETURN
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m set \
@@ -47,6 +53,7 @@ iptables \
--comment out+NONE \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m state \
@@ -55,6 +62,7 @@ iptables \
--match-set tck_test dst,src,dst \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m state \
@@ -63,6 +71,7 @@ iptables \
--match-set tck_test src,dst,src \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m state \
@@ -71,6 +80,7 @@ iptables \
--match-set tck_test dst,src,dst \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m state \
@@ -79,6 +89,7 @@ iptables \
--match-set tck_test dst,src,dst \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m state \
@@ -87,6 +98,7 @@ iptables \
--match-set tck_test src,dst,src \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m state \
@@ -95,6 +107,7 @@ iptables \
--match-set tck_test dst,src,dst \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m state \
@@ -103,6 +116,7 @@ iptables \
--match-set tck_test dst,src \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m state \
@@ -111,6 +125,7 @@ iptables \
--match-set tck_test src,dst \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m state \
@@ -119,6 +134,7 @@ iptables \
--match-set tck_test dst,src \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m set \
@@ -127,6 +143,7 @@ iptables \
--comment inout \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m set \
@@ -135,6 +152,7 @@ iptables \
--comment inout \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m set \
diff --git a/tests/nwfilterxml2firewalldata/ipt-no-macspoof-linux.args b/tests/nwfilterxml2firewalldata/ipt-no-macspoof-linux.args
index 86ab228fb8..c35fa1e488 100644
--- a/tests/nwfilterxml2firewalldata/ipt-no-macspoof-linux.args
+++ b/tests/nwfilterxml2firewalldata/ipt-no-macspoof-linux.args
@@ -1,10 +1,12 @@
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m mac '!' \
--mac-source 12:34:56:78:9a:bc \
-j DROP
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m mac '!' \
diff --git a/tests/nwfilterxml2firewalldata/ipv6-linux.args b/tests/nwfilterxml2firewalldata/ipv6-linux.args
index 6fba19f2eb..87db9c2979 100644
--- a/tests/nwfilterxml2firewalldata/ipv6-linux.args
+++ b/tests/nwfilterxml2firewalldata/ipv6-linux.args
@@ -1,4 +1,5 @@
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \
@@ -11,6 +12,7 @@ ebtables \
--ip6-destination-port 100:101 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
@@ -21,6 +23,7 @@ ebtables \
--ip6-source-port 100:101 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
@@ -31,6 +34,7 @@ ebtables \
--ip6-destination-port 100:101 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
@@ -41,6 +45,7 @@ ebtables \
--ip6-source-port 65535:65535 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
@@ -51,6 +56,7 @@ ebtables \
--ip6-destination-port 65535:65535 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
@@ -59,6 +65,7 @@ ebtables \
--ip6-protocol 18 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
@@ -67,6 +74,7 @@ ebtables \
--ip6-protocol 18 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
@@ -76,6 +84,7 @@ ebtables \
--ip6-icmp-type 1:11/10:11 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
@@ -85,6 +94,7 @@ ebtables \
--ip6-icmp-type 1:11/10:11 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
@@ -94,6 +104,7 @@ ebtables \
--ip6-icmp-type 1:1/10:10 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
@@ -103,6 +114,7 @@ ebtables \
--ip6-icmp-type 1:1/10:10 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
@@ -112,6 +124,7 @@ ebtables \
--ip6-icmp-type 0:255/10:10 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
@@ -121,6 +134,7 @@ ebtables \
--ip6-icmp-type 0:255/10:10 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
@@ -130,6 +144,7 @@ ebtables \
--ip6-icmp-type 1:1/0:255 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
diff --git a/tests/nwfilterxml2firewalldata/iter1-linux.args b/tests/nwfilterxml2firewalldata/iter1-linux.args
index 31f37cf537..9bdad18748 100644
--- a/tests/nwfilterxml2firewalldata/iter1-linux.args
+++ b/tests/nwfilterxml2firewalldata/iter1-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -9,6 +10,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -19,6 +21,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -29,6 +32,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -39,6 +43,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 2.2.2.2 \
@@ -49,6 +54,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -59,6 +65,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -69,6 +76,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 3.3.3.3 \
@@ -79,6 +87,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
diff --git a/tests/nwfilterxml2firewalldata/iter2-linux.args b/tests/nwfilterxml2firewalldata/iter2-linux.args
index 4230a9d524..b088350ee5 100644
--- a/tests/nwfilterxml2firewalldata/iter2-linux.args
+++ b/tests/nwfilterxml2firewalldata/iter2-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -9,6 +10,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -19,6 +21,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -29,6 +32,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -39,6 +43,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 2.2.2.2 \
@@ -49,6 +54,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -59,6 +65,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -69,6 +76,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 3.3.3.3 \
@@ -79,6 +87,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -89,6 +98,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 1.1.1.1 \
@@ -99,6 +109,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 1.1.1.1 \
@@ -109,6 +120,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 1.1.1.1 \
@@ -119,6 +131,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -129,6 +142,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 2.2.2.2 \
@@ -139,6 +153,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -149,6 +164,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 3.3.3.3 \
@@ -159,6 +175,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 3.3.3.3 \
@@ -169,6 +186,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 3.3.3.3 \
@@ -179,6 +197,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 1.1.1.1 \
@@ -189,6 +208,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 1.1.1.1 \
@@ -199,6 +219,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 1.1.1.1 \
@@ -209,6 +230,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -219,6 +241,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 2.2.2.2 \
@@ -229,6 +252,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -239,6 +263,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 3.3.3.3 \
@@ -249,6 +274,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 3.3.3.3 \
@@ -259,6 +285,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 3.3.3.3 \
@@ -269,6 +296,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 1.1.1.1 \
@@ -280,6 +308,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 1.1.1.1 \
@@ -291,6 +320,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 1.1.1.1 \
@@ -302,6 +332,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
@@ -313,6 +344,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 2.2.2.2 \
@@ -324,6 +356,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
@@ -335,6 +368,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 3.3.3.3 \
@@ -346,6 +380,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 3.3.3.3 \
@@ -357,6 +392,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 3.3.3.3 \
@@ -368,6 +404,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 1.1.1.1 \
@@ -379,6 +416,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 1.1.1.1 \
@@ -390,6 +428,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 1.1.1.1 \
@@ -401,6 +440,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
@@ -412,6 +452,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 2.2.2.2 \
@@ -423,6 +464,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
@@ -434,6 +476,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 3.3.3.3 \
@@ -445,6 +488,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 3.3.3.3 \
@@ -456,6 +500,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 3.3.3.3 \
@@ -467,6 +512,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 1.1.1.1 \
@@ -478,6 +524,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 1.1.1.1 \
@@ -489,6 +536,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 1.1.1.1 \
@@ -500,6 +548,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
@@ -511,6 +560,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 2.2.2.2 \
@@ -522,6 +572,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
@@ -533,6 +584,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 3.3.3.3 \
@@ -544,6 +596,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 3.3.3.3 \
@@ -555,6 +608,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 3.3.3.3 \
@@ -566,6 +620,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 1.1.1.1 \
@@ -577,6 +632,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 1.1.1.1 \
@@ -588,6 +644,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 1.1.1.1 \
@@ -599,6 +656,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
@@ -610,6 +668,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 2.2.2.2 \
@@ -621,6 +680,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
@@ -632,6 +692,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 3.3.3.3 \
@@ -643,6 +704,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 3.3.3.3 \
@@ -654,6 +716,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 3.3.3.3 \
@@ -665,6 +728,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -676,6 +740,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -687,6 +752,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -698,6 +764,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -709,6 +776,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 2.2.2.2 \
@@ -720,6 +788,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -731,6 +800,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -742,6 +812,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 3.3.3.3 \
@@ -753,6 +824,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -764,6 +836,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -775,6 +848,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -786,6 +860,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -797,6 +872,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -808,6 +884,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 2.2.2.2 \
@@ -819,6 +896,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -830,6 +908,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -841,6 +920,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 3.3.3.3 \
@@ -852,6 +932,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -863,6 +944,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -874,6 +956,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -885,6 +968,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -896,6 +980,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -907,6 +992,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 2.2.2.2 \
@@ -918,6 +1004,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -929,6 +1016,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -940,6 +1028,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 3.3.3.3 \
@@ -951,6 +1040,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -962,6 +1052,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -973,6 +1064,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -984,6 +1076,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -995,6 +1088,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -1006,6 +1100,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 2.2.2.2 \
@@ -1017,6 +1112,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -1028,6 +1124,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -1039,6 +1136,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 3.3.3.3 \
@@ -1050,6 +1148,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -1061,6 +1160,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -1072,6 +1172,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -1083,6 +1184,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -1094,6 +1196,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -1105,6 +1208,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 2.2.2.2 \
@@ -1116,6 +1220,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -1127,6 +1232,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -1138,6 +1244,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 3.3.3.3 \
@@ -1149,6 +1256,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -1160,6 +1268,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -1171,6 +1280,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -1182,6 +1292,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -1193,6 +1304,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -1204,6 +1316,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 2.2.2.2 \
@@ -1215,6 +1328,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -1226,6 +1340,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -1237,6 +1352,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 3.3.3.3 \
@@ -1248,6 +1364,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -1259,6 +1376,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -1270,6 +1388,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -1281,6 +1400,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -1292,6 +1412,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -1303,6 +1424,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 2.2.2.2 \
@@ -1314,6 +1436,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -1325,6 +1448,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -1336,6 +1460,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 3.3.3.3 \
@@ -1347,6 +1472,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -1358,6 +1484,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -1369,6 +1496,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -1380,6 +1508,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -1391,6 +1520,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -1402,6 +1532,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 2.2.2.2 \
@@ -1413,6 +1544,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
@@ -1424,6 +1556,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -1435,6 +1568,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 3.3.3.3 \
@@ -1446,6 +1580,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
@@ -1457,6 +1592,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 1.1.1.1 \
@@ -1467,6 +1603,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 1.1.1.1 \
@@ -1477,6 +1614,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 1.1.1.1 \
@@ -1487,6 +1625,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -1497,6 +1636,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 2.2.2.2 \
@@ -1507,6 +1647,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -1517,6 +1658,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 3.3.3.3 \
@@ -1527,6 +1669,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 3.3.3.3 \
@@ -1537,6 +1680,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 3.3.3.3 \
@@ -1547,6 +1691,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 1.1.1.1 \
@@ -1557,6 +1702,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 1.1.1.1 \
@@ -1567,6 +1713,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 1.1.1.1 \
@@ -1577,6 +1724,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -1587,6 +1735,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 2.2.2.2 \
@@ -1597,6 +1746,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -1607,6 +1757,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 3.3.3.3 \
@@ -1617,6 +1768,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 3.3.3.3 \
@@ -1627,6 +1779,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 3.3.3.3 \
@@ -1637,6 +1790,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 1.1.1.1 \
@@ -1647,6 +1801,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 1.1.1.1 \
@@ -1657,6 +1812,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 1.1.1.1 \
@@ -1667,6 +1823,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -1677,6 +1834,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 2.2.2.2 \
@@ -1687,6 +1845,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -1697,6 +1856,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 3.3.3.3 \
@@ -1707,6 +1867,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 3.3.3.3 \
@@ -1717,6 +1878,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 3.3.3.3 \
@@ -1727,6 +1889,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 1.1.1.1 \
@@ -1737,6 +1900,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 1.1.1.1 \
@@ -1747,6 +1911,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 1.1.1.1 \
@@ -1757,6 +1922,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
@@ -1767,6 +1933,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 2.2.2.2 \
@@ -1777,6 +1944,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
@@ -1787,6 +1955,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 3.3.3.3 \
@@ -1797,6 +1966,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 3.3.3.3 \
@@ -1807,6 +1977,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 3.3.3.3 \
diff --git a/tests/nwfilterxml2firewalldata/iter3-linux.args b/tests/nwfilterxml2firewalldata/iter3-linux.args
index 0b16577992..cc6d442c75 100644
--- a/tests/nwfilterxml2firewalldata/iter3-linux.args
+++ b/tests/nwfilterxml2firewalldata/iter3-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -9,6 +10,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -19,6 +21,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -29,6 +32,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -39,6 +43,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
@@ -49,6 +54,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
@@ -59,6 +65,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -69,6 +76,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 2.2.2.2 \
@@ -79,6 +87,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -89,6 +98,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -99,6 +109,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--destination 2.2.2.2 \
@@ -109,6 +120,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--source 2.2.2.2 \
@@ -119,6 +131,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
@@ -130,6 +143,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--destination 2.2.2.2 \
@@ -141,6 +155,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
diff --git a/tests/nwfilterxml2firewalldata/mac-linux.args b/tests/nwfilterxml2firewalldata/mac-linux.args
index 0fd9dbccc0..cc3aab2b92 100644
--- a/tests/nwfilterxml2firewalldata/mac-linux.args
+++ b/tests/nwfilterxml2firewalldata/mac-linux.args
@@ -1,22 +1,26 @@
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x600 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
diff --git a/tests/nwfilterxml2firewalldata/rarp-linux.args b/tests/nwfilterxml2firewalldata/rarp-linux.args
index f5fd6433bd..3e2441818c 100644
--- a/tests/nwfilterxml2firewalldata/rarp-linux.args
+++ b/tests/nwfilterxml2firewalldata/rarp-linux.args
@@ -1,7 +1,9 @@
ebtables \
+--concurrent \
-t nat \
-N libvirt-J-vnet0
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -14,6 +16,7 @@ ebtables \
--arp-mac-dst 0a:0b:0c:0d:0e:0f \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -23,6 +26,7 @@ ebtables \
--arp-ptype 0xff \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -32,6 +36,7 @@ ebtables \
--arp-ptype 0x100 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -41,6 +46,7 @@ ebtables \
--arp-ptype 0xffff \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A PREROUTING \
-i vnet0 \
diff --git a/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args
index 959c4e8e0f..fbe6f39198 100644
--- a/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args
+++ b/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args
@@ -1,4 +1,5 @@
ip6tables \
+-w \
-A FJ-vnet0 \
-p sctp \
-m mac \
@@ -10,6 +11,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p sctp \
--source a:b:c::d:e:f/128 \
@@ -19,6 +21,7 @@ ip6tables \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p sctp \
-m mac \
@@ -30,6 +33,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p sctp \
--destination a:b:c::/128 \
@@ -41,6 +45,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p sctp \
-m mac \
@@ -54,6 +59,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p sctp \
--destination a:b:c::/128 \
@@ -65,6 +71,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p sctp \
--destination ::10.1.2.3/128 \
@@ -76,6 +83,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p sctp \
-m mac \
@@ -89,6 +97,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p sctp \
--destination ::10.1.2.3/128 \
diff --git a/tests/nwfilterxml2firewalldata/sctp-linux.args b/tests/nwfilterxml2firewalldata/sctp-linux.args
index 671fc0480f..a3c5a7a72d 100644
--- a/tests/nwfilterxml2firewalldata/sctp-linux.args
+++ b/tests/nwfilterxml2firewalldata/sctp-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
-m mac \
@@ -10,6 +11,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
--source 10.1.2.3/32 \
@@ -19,6 +21,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
-m mac \
@@ -30,6 +33,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--destination 10.1.2.3/32 \
@@ -41,6 +45,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
-m mac \
@@ -54,6 +59,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--destination 10.1.2.3/32 \
@@ -65,6 +71,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p sctp \
--destination 10.1.2.3/32 \
@@ -76,6 +83,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p sctp \
-m mac \
@@ -89,6 +97,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p sctp \
--destination 10.1.2.3/32 \
diff --git a/tests/nwfilterxml2firewalldata/stp-linux.args b/tests/nwfilterxml2firewalldata/stp-linux.args
index e3114ac622..76f5321856 100644
--- a/tests/nwfilterxml2firewalldata/stp-linux.args
+++ b/tests/nwfilterxml2firewalldata/stp-linux.args
@@ -1,32 +1,41 @@
ebtables \
+--concurrent \
-t nat \
-F J-vnet0-stp-xyz
ebtables \
+--concurrent \
-t nat \
-X J-vnet0-stp-xyz
ebtables \
+--concurrent \
-t nat \
-N J-vnet0-stp-xyz
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-d 01:80:c2:00:00:00 \
-j J-vnet0-stp-xyz
ebtables \
+--concurrent \
-t nat \
-F P-vnet0-stp-xyz
ebtables \
+--concurrent \
-t nat \
-X P-vnet0-stp-xyz
ebtables \
+--concurrent \
-t nat \
-N P-vnet0-stp-xyz
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-d 01:80:c2:00:00:00 \
-j P-vnet0-stp-xyz
ebtables \
+--concurrent \
-t nat \
-A P-vnet0-stp-xyz \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -35,6 +44,7 @@ ebtables \
--stp-flags 68 \
-j CONTINUE
ebtables \
+--concurrent \
-t nat \
-A J-vnet0-stp-xyz \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -44,6 +54,7 @@ ebtables \
--stp-root-cost 287454020:573785173 \
-j RETURN
ebtables \
+--concurrent \
-t nat \
-A P-vnet0-stp-xyz \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
diff --git a/tests/nwfilterxml2firewalldata/target-linux.args b/tests/nwfilterxml2firewalldata/target-linux.args
index d219877716..5216c709dd 100644
--- a/tests/nwfilterxml2firewalldata/target-linux.args
+++ b/tests/nwfilterxml2firewalldata/target-linux.args
@@ -1,40 +1,47 @@
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j DROP
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j DROP
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j ACCEPT
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j DROP
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j DROP
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m mac \
@@ -49,6 +56,7 @@ iptables \
-- dir out' \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
@@ -61,6 +69,7 @@ iptables \
-- dir out' \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m mac \
@@ -75,6 +84,7 @@ iptables \
-- dir out' \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m mac \
@@ -87,6 +97,7 @@ iptables \
-- dir out' \
-j DROP
iptables \
+-w \
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
@@ -97,6 +108,7 @@ iptables \
-- dir out' \
-j DROP
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m mac \
@@ -109,6 +121,7 @@ iptables \
-- dir out' \
-j DROP
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m mac \
@@ -121,6 +134,7 @@ iptables \
-- dir out' \
-j REJECT
iptables \
+-w \
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
@@ -131,6 +145,7 @@ iptables \
-- dir out' \
-j REJECT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m mac \
@@ -143,6 +158,7 @@ iptables \
-- dir out' \
-j REJECT
iptables \
+-w \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
@@ -155,6 +171,7 @@ iptables \
-- dir in' \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m mac \
@@ -169,6 +186,7 @@ iptables \
-- dir in' \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
@@ -181,6 +199,7 @@ iptables \
-- dir in' \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
@@ -191,6 +210,7 @@ iptables \
-- dir in' \
-j DROP
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m mac \
@@ -203,6 +223,7 @@ iptables \
-- dir in' \
-j DROP
iptables \
+-w \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
@@ -213,6 +234,7 @@ iptables \
-- dir in' \
-j DROP
iptables \
+-w \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
@@ -223,6 +245,7 @@ iptables \
-- dir in' \
-j REJECT
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m mac \
@@ -235,6 +258,7 @@ iptables \
-- dir in' \
-j REJECT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
@@ -245,6 +269,7 @@ iptables \
-- dir in' \
-j REJECT
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m comment \
@@ -252,6 +277,7 @@ iptables \
-- dir inout' \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m comment \
@@ -259,6 +285,7 @@ iptables \
-- dir inout' \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m comment \
@@ -266,6 +293,7 @@ iptables \
-- dir inout' \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m comment \
@@ -273,6 +301,7 @@ iptables \
-- dir inout' \
-j DROP
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m comment \
@@ -280,6 +309,7 @@ iptables \
-- dir inout' \
-j DROP
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m comment \
@@ -287,6 +317,7 @@ iptables \
-- dir inout' \
-j DROP
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-m comment \
@@ -294,6 +325,7 @@ iptables \
-- dir inout' \
-j REJECT
iptables \
+-w \
-A FP-vnet0 \
-p all \
-m comment \
@@ -301,6 +333,7 @@ iptables \
-- dir inout' \
-j REJECT
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-m comment \
diff --git a/tests/nwfilterxml2firewalldata/target2-linux.args b/tests/nwfilterxml2firewalldata/target2-linux.args
index cfa4f589d6..c774f6f24a 100644
--- a/tests/nwfilterxml2firewalldata/target2-linux.args
+++ b/tests/nwfilterxml2firewalldata/target2-linux.args
@@ -1,19 +1,23 @@
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--dport 22 \
-j ACCEPT
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--sport 22 \
-j RETURN
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--sport 22 \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--sport 80 \
@@ -21,6 +25,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--dport 80 \
@@ -28,6 +33,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--sport 80 \
@@ -35,26 +41,32 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
-j REJECT
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
-j REJECT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
-j REJECT
iptables \
+-w \
-A FJ-vnet0 \
-p all \
-j DROP
iptables \
+-w \
-A FP-vnet0 \
-p all \
-j DROP
iptables \
+-w \
-A HJ-vnet0 \
-p all \
-j DROP
diff --git a/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args
index e6f8de3fca..8fa5e24eff 100644
--- a/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args
+++ b/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args
@@ -1,4 +1,5 @@
ip6tables \
+-w \
-A FJ-vnet0 \
-p tcp \
-m mac \
@@ -10,6 +11,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p tcp \
--source a:b:c::d:e:f/128 \
@@ -19,6 +21,7 @@ ip6tables \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p tcp \
-m mac \
@@ -30,6 +33,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
@@ -41,6 +45,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p tcp \
-m mac \
@@ -54,6 +59,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
@@ -65,6 +71,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p tcp \
--destination ::10.1.2.3/128 \
@@ -76,6 +83,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p tcp \
-m mac \
@@ -89,6 +97,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p tcp \
--destination ::10.1.2.3/128 \
diff --git a/tests/nwfilterxml2firewalldata/tcp-linux.args b/tests/nwfilterxml2firewalldata/tcp-linux.args
index 195bfc01e6..74ac4a6733 100644
--- a/tests/nwfilterxml2firewalldata/tcp-linux.args
+++ b/tests/nwfilterxml2firewalldata/tcp-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
-m mac \
@@ -10,6 +11,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--source 10.1.2.3/32 \
@@ -19,6 +21,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
-m mac \
@@ -30,6 +33,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
@@ -39,6 +43,7 @@ iptables \
--sport 100:1111 \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
-m mac \
@@ -50,6 +55,7 @@ iptables \
--dport 100:1111 \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
@@ -59,6 +65,7 @@ iptables \
--sport 100:1111 \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
@@ -68,6 +75,7 @@ iptables \
--sport 65535:65535 \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
-m mac \
@@ -79,6 +87,7 @@ iptables \
--dport 65535:65535 \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
@@ -88,21 +97,25 @@ iptables \
--sport 65535:65535 \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--tcp-flags SYN ALL \
-j ACCEPT
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--tcp-flags SYN SYN,ACK \
-j ACCEPT
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--tcp-flags RST NONE \
-j ACCEPT
iptables \
+-w \
-A FP-vnet0 \
-p tcp \
--tcp-flags PSH NONE \
diff --git a/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args
index 9183c08753..59367ed3d3 100644
--- a/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args
+++ b/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args
@@ -1,4 +1,5 @@
ip6tables \
+-w \
-A FJ-vnet0 \
-p udp \
-m mac \
@@ -10,6 +11,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p udp \
--source a:b:c::d:e:f/128 \
@@ -19,6 +21,7 @@ ip6tables \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p udp \
-m mac \
@@ -30,6 +33,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p udp \
--destination ::a:b:c/128 \
@@ -41,6 +45,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p udp \
-m mac \
@@ -54,6 +59,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p udp \
--destination ::a:b:c/128 \
@@ -65,6 +71,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p udp \
--destination ::10.1.2.3/128 \
@@ -76,6 +83,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p udp \
-m mac \
@@ -89,6 +97,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p udp \
--destination ::10.1.2.3/128 \
diff --git a/tests/nwfilterxml2firewalldata/udp-linux.args b/tests/nwfilterxml2firewalldata/udp-linux.args
index 910d648a8a..32a8f56dfc 100644
--- a/tests/nwfilterxml2firewalldata/udp-linux.args
+++ b/tests/nwfilterxml2firewalldata/udp-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
-m mac \
@@ -10,6 +11,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
--source 10.1.2.3/32 \
@@ -19,6 +21,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
-m mac \
@@ -30,6 +33,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--destination 10.1.2.3/32 \
@@ -41,6 +45,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
-m mac \
@@ -54,6 +59,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--destination 10.1.2.3/32 \
@@ -65,6 +71,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udp \
--destination 10.1.2.3/32 \
@@ -76,6 +83,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udp \
-m mac \
@@ -89,6 +97,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udp \
--destination 10.1.2.3/32 \
diff --git a/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args b/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args
index 9eb38d7e6d..de564aee36 100644
--- a/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args
+++ b/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args
@@ -1,4 +1,5 @@
ip6tables \
+-w \
-A FJ-vnet0 \
-p udplite \
-m mac \
@@ -11,6 +12,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p udplite \
--destination f:e:d::c:b:a/127 \
@@ -21,6 +23,7 @@ ip6tables \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p udplite \
-m mac \
@@ -33,6 +36,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p udplite \
--destination a:b:c::/128 \
@@ -42,6 +46,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p udplite \
-m mac \
@@ -53,6 +58,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p udplite \
--destination a:b:c::/128 \
@@ -62,6 +68,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FJ-vnet0 \
-p udplite \
--destination ::10.1.2.3/128 \
@@ -71,6 +78,7 @@ ip6tables \
--state ESTABLISHED \
-j RETURN
ip6tables \
+-w \
-A FP-vnet0 \
-p udplite \
-m mac \
@@ -82,6 +90,7 @@ ip6tables \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
+-w \
-A HJ-vnet0 \
-p udplite \
--destination ::10.1.2.3/128 \
diff --git a/tests/nwfilterxml2firewalldata/udplite-linux.args b/tests/nwfilterxml2firewalldata/udplite-linux.args
index 53bc667459..8f3a9e8f24 100644
--- a/tests/nwfilterxml2firewalldata/udplite-linux.args
+++ b/tests/nwfilterxml2firewalldata/udplite-linux.args
@@ -1,4 +1,5 @@
iptables \
+-w \
-A FJ-vnet0 \
-p udplite \
-m mac \
@@ -10,6 +11,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udplite \
--source 10.1.2.3/32 \
@@ -19,6 +21,7 @@ iptables \
--state ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udplite \
-m mac \
@@ -30,6 +33,7 @@ iptables \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udplite \
--destination 10.1.2.3/22 \
@@ -39,6 +43,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udplite \
-m mac \
@@ -50,6 +55,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udplite \
--destination 10.1.2.3/22 \
@@ -59,6 +65,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FJ-vnet0 \
-p udplite \
--destination 10.1.2.3/22 \
@@ -68,6 +75,7 @@ iptables \
--state ESTABLISHED \
-j RETURN
iptables \
+-w \
-A FP-vnet0 \
-p udplite \
-m mac \
@@ -79,6 +87,7 @@ iptables \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
+-w \
-A HJ-vnet0 \
-p udplite \
--destination 10.1.2.3/22 \
diff --git a/tests/nwfilterxml2firewalldata/vlan-linux.args b/tests/nwfilterxml2firewalldata/vlan-linux.args
index 0a8204c4dc..a93c09cfbd 100644
--- a/tests/nwfilterxml2firewalldata/vlan-linux.args
+++ b/tests/nwfilterxml2firewalldata/vlan-linux.args
@@ -1,4 +1,5 @@
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-d 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -7,6 +8,7 @@ ebtables \
--vlan-id 291 \
-j CONTINUE
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -15,6 +17,7 @@ ebtables \
--vlan-id 291 \
-j CONTINUE
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-d 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -23,6 +26,7 @@ ebtables \
--vlan-id 1234 \
-j RETURN
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -31,6 +35,7 @@ ebtables \
--vlan-id 1234 \
-j RETURN
ebtables \
+--concurrent \
-t nat \
-A libvirt-P-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -39,6 +44,7 @@ ebtables \
--vlan-id 291 \
-j DROP
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
@@ -47,6 +53,7 @@ ebtables \
--vlan-encap 2054 \
-j DROP
ebtables \
+--concurrent \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
diff --git a/tests/nwfilterxml2firewalltest.c b/tests/nwfilterxml2firewalltest.c
index f3fbacce59..7427108e39 100644
--- a/tests/nwfilterxml2firewalltest.c
+++ b/tests/nwfilterxml2firewalltest.c
@@ -58,90 +58,90 @@ struct _virNWFilterInst {
static const char *commonRules[] = {
/* Dropping ebtables rules */
- "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
- "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0\n"
- "ebtables -t nat -L libvirt-J-vnet0\n"
- "ebtables -t nat -L libvirt-P-vnet0\n"
- "ebtables -t nat -F libvirt-J-vnet0\n"
- "ebtables -t nat -X libvirt-J-vnet0\n"
- "ebtables -t nat -F libvirt-P-vnet0\n"
- "ebtables -t nat -X libvirt-P-vnet0\n",
+ "ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -L libvirt-P-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -F libvirt-P-vnet0\n"
+ "ebtables --concurrent -t nat -X libvirt-P-vnet0\n",
/* Creating ebtables chains */
- "ebtables -t nat -N libvirt-J-vnet0\n"
- "ebtables -t nat -N libvirt-P-vnet0\n",
+ "ebtables --concurrent -t nat -N libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -N libvirt-P-vnet0\n",
/* Dropping iptables rules */
- "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n"
- "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n"
- "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n"
- "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n"
- "iptables -F FP-vnet0\n"
- "iptables -X FP-vnet0\n"
- "iptables -F FJ-vnet0\n"
- "iptables -X FJ-vnet0\n"
- "iptables -F HJ-vnet0\n"
- "iptables -X HJ-vnet0\n",
+ "iptables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n"
+ "iptables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n"
+ "iptables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n"
+ "iptables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n"
+ "iptables -w -F FP-vnet0\n"
+ "iptables -w -X FP-vnet0\n"
+ "iptables -w -F FJ-vnet0\n"
+ "iptables -w -X FJ-vnet0\n"
+ "iptables -w -F HJ-vnet0\n"
+ "iptables -w -X HJ-vnet0\n",
/* Creating iptables chains */
- "iptables -N libvirt-in\n"
- "iptables -N libvirt-out\n"
- "iptables -N libvirt-in-post\n"
- "iptables -N libvirt-host-in\n"
- "iptables -D FORWARD -j libvirt-in\n"
- "iptables -D FORWARD -j libvirt-out\n"
- "iptables -D FORWARD -j libvirt-in-post\n"
- "iptables -D INPUT -j libvirt-host-in\n"
- "iptables -I FORWARD 1 -j libvirt-in\n"
- "iptables -I FORWARD 2 -j libvirt-out\n"
- "iptables -I FORWARD 3 -j libvirt-in-post\n"
- "iptables -I INPUT 1 -j libvirt-host-in\n"
- "iptables -N FP-vnet0\n"
- "iptables -N FJ-vnet0\n"
- "iptables -N HJ-vnet0\n"
- "iptables -A libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n"
- "iptables -A libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n"
- "iptables -A libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n"
- "iptables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
- "iptables -A libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n",
+ "iptables -w -N libvirt-in\n"
+ "iptables -w -N libvirt-out\n"
+ "iptables -w -N libvirt-in-post\n"
+ "iptables -w -N libvirt-host-in\n"
+ "iptables -w -D FORWARD -j libvirt-in\n"
+ "iptables -w -D FORWARD -j libvirt-out\n"
+ "iptables -w -D FORWARD -j libvirt-in-post\n"
+ "iptables -w -D INPUT -j libvirt-host-in\n"
+ "iptables -w -I FORWARD 1 -j libvirt-in\n"
+ "iptables -w -I FORWARD 2 -j libvirt-out\n"
+ "iptables -w -I FORWARD 3 -j libvirt-in-post\n"
+ "iptables -w -I INPUT 1 -j libvirt-host-in\n"
+ "iptables -w -N FP-vnet0\n"
+ "iptables -w -N FJ-vnet0\n"
+ "iptables -w -N HJ-vnet0\n"
+ "iptables -w -A libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n"
+ "iptables -w -A libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n"
+ "iptables -w -A libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n"
+ "iptables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
+ "iptables -w -A libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n",
/* Dropping ip6tables rules */
- "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n"
- "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n"
- "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n"
- "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n"
- "ip6tables -F FP-vnet0\n"
- "ip6tables -X FP-vnet0\n"
- "ip6tables -F FJ-vnet0\n"
- "ip6tables -X FJ-vnet0\n"
- "ip6tables -F HJ-vnet0\n"
- "ip6tables -X HJ-vnet0\n",
+ "ip6tables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n"
+ "ip6tables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n"
+ "ip6tables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n"
+ "ip6tables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n"
+ "ip6tables -w -F FP-vnet0\n"
+ "ip6tables -w -X FP-vnet0\n"
+ "ip6tables -w -F FJ-vnet0\n"
+ "ip6tables -w -X FJ-vnet0\n"
+ "ip6tables -w -F HJ-vnet0\n"
+ "ip6tables -w -X HJ-vnet0\n",
/* Creating ip6tables chains */
- "ip6tables -N libvirt-in\n"
- "ip6tables -N libvirt-out\n"
- "ip6tables -N libvirt-in-post\n"
- "ip6tables -N libvirt-host-in\n"
- "ip6tables -D FORWARD -j libvirt-in\n"
- "ip6tables -D FORWARD -j libvirt-out\n"
- "ip6tables -D FORWARD -j libvirt-in-post\n"
- "ip6tables -D INPUT -j libvirt-host-in\n"
- "ip6tables -I FORWARD 1 -j libvirt-in\n"
- "ip6tables -I FORWARD 2 -j libvirt-out\n"
- "ip6tables -I FORWARD 3 -j libvirt-in-post\n"
- "ip6tables -I INPUT 1 -j libvirt-host-in\n"
- "ip6tables -N FP-vnet0\n"
- "ip6tables -N FJ-vnet0\n"
- "ip6tables -N HJ-vnet0\n"
- "ip6tables -A libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n"
- "ip6tables -A libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n"
- "ip6tables -A libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n"
- "ip6tables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
- "ip6tables -A libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n",
+ "ip6tables -w -N libvirt-in\n"
+ "ip6tables -w -N libvirt-out\n"
+ "ip6tables -w -N libvirt-in-post\n"
+ "ip6tables -w -N libvirt-host-in\n"
+ "ip6tables -w -D FORWARD -j libvirt-in\n"
+ "ip6tables -w -D FORWARD -j libvirt-out\n"
+ "ip6tables -w -D FORWARD -j libvirt-in-post\n"
+ "ip6tables -w -D INPUT -j libvirt-host-in\n"
+ "ip6tables -w -I FORWARD 1 -j libvirt-in\n"
+ "ip6tables -w -I FORWARD 2 -j libvirt-out\n"
+ "ip6tables -w -I FORWARD 3 -j libvirt-in-post\n"
+ "ip6tables -w -I INPUT 1 -j libvirt-host-in\n"
+ "ip6tables -w -N FP-vnet0\n"
+ "ip6tables -w -N FJ-vnet0\n"
+ "ip6tables -w -N HJ-vnet0\n"
+ "ip6tables -w -A libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n"
+ "ip6tables -w -A libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n"
+ "ip6tables -w -A libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n"
+ "ip6tables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n"
+ "ip6tables -w -A libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n",
/* Inserting ebtables rules */
- "ebtables -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
- "ebtables -t nat -A POSTROUTING -o vnet0 -j libvirt-P-vnet0\n",
+ "ebtables --concurrent -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n"
+ "ebtables --concurrent -t nat -A POSTROUTING -o vnet0 -j libvirt-P-vnet0\n",
};
diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c
index 872ee3ed17..bf1d325017 100644
--- a/tests/virfirewalltest.c
+++ b/tests/virfirewalltest.c
@@ -149,15 +149,17 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
*error = g_dbus_error_new_for_dbus_error("org.firewalld.error",
"something bad happened");
} else {
- if (nargs == 1 &&
+ if (nargs == 2 &&
STREQ(type, "ipv4") &&
- STREQ(args[0], "-L")) {
+ STREQ(args[0], "-w") &&
+ STREQ(args[1], "-L")) {
reply = g_variant_new("(s)", TEST_FILTER_TABLE_LIST);
- } else if (nargs == 3 &&
+ } else if (nargs == 4 &&
STREQ(type, "ipv4") &&
- STREQ(args[0], "-t") &&
- STREQ(args[1], "nat") &&
- STREQ(args[2], "-L")) {
+ STREQ(args[0], "-w") &&
+ STREQ(args[1], "-t") &&
+ STREQ(args[2], "nat") &&
+ STREQ(args[3], "-L")) {
reply = g_variant_new("(s)", TEST_NAT_TABLE_LIST);
} else {
reply = g_variant_new("(s)", "success");
@@ -184,8 +186,8 @@ testFirewallSingleGroup(const void *opaque)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -236,8 +238,8 @@ testFirewallRemoveRule(const void *opaque)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
virFirewallRulePtr fwrule;
@@ -295,10 +297,10 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
- IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
+ IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -382,10 +384,10 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -450,10 +452,10 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -517,8 +519,8 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n";
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -577,11 +579,11 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -657,10 +659,10 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -740,14 +742,14 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.127 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.127 --jump REJECT\n"
+ IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"
+ IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -882,12 +884,14 @@ testFirewallQueryHook(const char *const*args,
void *opaque G_GNUC_UNUSED)
{
if (STREQ(args[0], IPTABLES_PATH) &&
- STREQ(args[1], "-L")) {
+ STREQ(args[1], "-w") &&
+ STREQ(args[2], "-L")) {
*output = g_strdup(TEST_FILTER_TABLE_LIST);
} else if (STREQ(args[0], IPTABLES_PATH) &&
- STREQ(args[1], "-t") &&
- STREQ(args[2], "nat") &&
- STREQ(args[3], "-L")) {
+ STREQ(args[1], "-w") &&
+ STREQ(args[2], "-t") &&
+ STREQ(args[3], "nat") &&
+ STREQ(args[4], "-L")) {
*output = g_strdup(TEST_NAT_TABLE_LIST);
}
}
@@ -930,15 +934,15 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
- IPTABLES_PATH " -L\n"
- IPTABLES_PATH " -t nat -L\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.130 --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.128 --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
+ IPTABLES_PATH " -w -L\n"
+ IPTABLES_PATH " -w -t nat -L\n"
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.130 --jump REJECT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.128 --jump REJECT\n"
+ IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
expectedLineNum = 0;
--
2.28.0
More information about the libvir-list
mailing list