From dd98af599516806e2eb3e1186d0ad52ce7c6b4b5 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 21 Apr 2020 14:10:53 +0200
Subject: [PATCH] tests: shell: Test -F in dump files

While not really useful, iptables-nft-restore shouldn't segfault either.
This tests the problem described in nfbz#1407.

Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit f2ace0cdf25a5911ac84015829d65d6050a5e82d)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 .../tests/shell/testcases/ipt-restore/0012-dash-F_0  | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100755 iptables/tests/shell/testcases/ipt-restore/0012-dash-F_0

diff --git a/iptables/tests/shell/testcases/ipt-restore/0012-dash-F_0 b/iptables/tests/shell/testcases/ipt-restore/0012-dash-F_0
new file mode 100755
index 0000000000000..fd82afa1bc8ce
--- /dev/null
+++ b/iptables/tests/shell/testcases/ipt-restore/0012-dash-F_0
@@ -0,0 +1,12 @@
+#!/bin/bash -e
+
+# make sure -F lines don't cause segfaults
+
+RULESET='*nat
+-F PREROUTING
+-A PREROUTING -j ACCEPT
+-F PREROUTING
+COMMIT'
+
+echo -e "$RULESET" | $XT_MULTI iptables-restore
+echo -e "$RULESET" | $XT_MULTI iptables-restore -n
-- 
2.27.0