1#!/bin/bash 2 3# iptables may print match/target specific help texts 4# help output should work for unprivileged users 5 6run() { 7 echo "running: $*" >&2 8 runuser -u nobody -- "$@" 9} 10 11grep_or_rc() { 12 declare -g rc 13 grep -q "$*" && return 0 14 echo "missing in output: $*" >&2 15 return 1 16} 17 18out=$(run $XT_MULTI iptables --help) 19let "rc+=$?" 20grep_or_rc "iptables -h (print this help information)" <<< "$out" 21let "rc+=$?" 22 23out=$(run $XT_MULTI iptables -m limit --help) 24let "rc+=$?" 25grep_or_rc "limit match options:" <<< "$out" 26let "rc+=$?" 27 28out=$(run $XT_MULTI iptables -p tcp --help) 29let "rc+=$?" 30grep_or_rc "tcp match options:" <<< "$out" 31let "rc+=$?" 32 33out=$(run $XT_MULTI iptables -j DNAT --help) 34let "rc+=$?" 35grep_or_rc "DNAT target options:" <<< "$out" 36let "rc+=$?" 37 38# TEE has no revision 0 39out=$(run $XT_MULTI iptables -j TEE --help) 40let "rc+=$?" 41grep_or_rc "TEE target options:" <<< "$out" 42let "rc+=$?" 43 44out=$(run $XT_MULTI iptables -p tcp -j DNAT --help) 45let "rc+=$?" 46grep_or_rc "tcp match options:" <<< "$out" 47let "rc+=$?" 48out=$(run $XT_MULTI iptables -p tcp -j DNAT --help) 49let "rc+=$?" 50grep_or_rc "DNAT target options:" <<< "$out" 51let "rc+=$?" 52 53 54run $XT_MULTI iptables -L 2>&1 | \ 55 grep_or_rc "Permission denied" 56let "rc+=$?" 57 58run $XT_MULTI iptables -A FORWARD -p tcp --dport 123 2>&1 | \ 59 grep_or_rc "Permission denied" 60let "rc+=$?" 61 62run $XT_MULTI iptables -A FORWARD -j DNAT --to-destination 1.2.3.4 2>&1 | \ 63 grep_or_rc "Permission denied" 64let "rc+=$?" 65 66exit $rc 67