1 :INPUT,FORWARD,OUTPUT 2 # Backup the connlabel.conf, then add some label maps for test 3 @[ -f /etc/xtables/connlabel.conf ] && mv /etc/xtables/connlabel.conf /tmp/connlabel.conf.bak 4 @mkdir -p /etc/xtables 5 @echo "40 bit40" > /etc/xtables/connlabel.conf 6 @echo "41 bit41" >> /etc/xtables/connlabel.conf 7 @echo "128 bit128" >> /etc/xtables/connlabel.conf 8 -m connlabel --label "bit40";=;OK 9 -m connlabel ! --label "bit40";=;OK 10 -m connlabel --label "bit41" --set;=;OK 11 -m connlabel ! --label "bit41" --set;=;OK 12 -m connlabel --label "bit128";;FAIL 13 @echo > /etc/xtables/connlabel.conf 14 -m connlabel --label "abc";;FAIL 15 @rm -f /etc/xtables/connlabel.conf 16 -m connlabel --label "abc";;FAIL 17 # Restore the original connlabel.conf 18 @[ -f /tmp/connlabel.conf.bak ] && mv /tmp/connlabel.conf.bak /etc/xtables/connlabel.conf 19
