1#!/bin/bash 2 3[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; } 4set -e 5 6$XT_MULTI iptables -t raw -P OUTPUT DROP 7 8# make sure iptables-nft-restore can correctly handle basechain policies when 9# they aren't set with --noflush 10# 11$XT_MULTI iptables-restore --noflush <<EOF 12*raw 13:OUTPUT - [0:0] 14:PREROUTING - [0:0] 15:neutron-linuxbri-OUTPUT - [0:0] 16:neutron-linuxbri-PREROUTING - [0:0] 17-I OUTPUT 1 -j neutron-linuxbri-OUTPUT 18-I PREROUTING 1 -j neutron-linuxbri-PREROUTING 19-I neutron-linuxbri-PREROUTING 1 -m physdev --physdev-in brq7425e328-56 -j CT --zone 4097 20-I neutron-linuxbri-PREROUTING 2 -i brq7425e328-56 -j CT --zone 4097 21-I neutron-linuxbri-PREROUTING 3 -m physdev --physdev-in tap7f101a28-1d -j CT --zone 4097 22 23COMMIT 24EOF 25 26$XT_MULTI iptables-save | grep -C2 raw | grep OUTPUT | grep DROP 27if [ $? -ne 0 ]; then 28 exit 1 29fi 30