diff options
Diffstat (limited to 'include/tests_firewalls')
| -rw-r--r-- | include/tests_firewalls | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/include/tests_firewalls b/include/tests_firewalls index d794b3f4..85f2b150 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -506,13 +506,13 @@ # Test : FIRE-4540 # Description : Check nftables configuration if HasData "${NFTBINARY}"; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FIRE-4540 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for empty nftables configuration" + Register --test-no FIRE-4540 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Check for empty nftables configuration" if [ ${SKIPTEST} -eq 0 ]; then # Check for empty ruleset - NFT_RULES_LENGTH=$(${NFTBINARY} export json 2> /dev/null | wc -c) - if [ ${NFT_RULES_LENGTH} -le 16 ]; then + NFT_RULES_LENGTH=$(${NFTBINARY} list ruleset --stateless 2> /dev/null | ${EGREPBINARY} -v "table|chain|;$|}$|^$" | ${WCBINARY} -l) + if [ ${NFT_RULES_LENGTH} -le 3 ]; then FIREWALL_EMPTY_RULESET=1 - LogText "Result: this firewall set has 16 rules or less and is considered to be empty" + LogText "Result: this firewall set has 3 rules or less and is considered to be empty" else LogText "Result: found ${NFT_RULES_LENGTH} rules in nftables configuration" fi |