#
# Test state matching in the SOCKET hook.
#
iptables -t skfilter -F
iptables -F

iptables -t skfilter -A SOCKET -p tcp --dport ssh -j ACCEPT
iptables -t skfilter -A SOCKET -m state --state INVALID -j LOG --log-context --log-prefix="skfilter INVALID: "
iptables -t skfilter -A SOCKET -m state --state ESTABLISHED -j LOG --log-context --log-prefix="skfilter ESTABLISHED: "
iptables -t skfilter -A SOCKET -m state --state NEW -j LOG --log-context --log-prefix="skfilter NEW: "
iptables -t skfilter -A SOCKET -m state --state RELATED -j LOG --log-context --log-prefix="skfilter RELATED: "
iptables -t skfilter -A SOCKET -m state --state UNTRACKED -j LOG --log-context --log-prefix="skfilter UNTRACKED: "

iptables -t skfilter -A OUTPUT -p tcp --sport ssh -j ACCEPT
iptables -t skfilter -A OUTPUT -m state --state INVALID -j LOG --log-context --log-prefix="skfilter INVALID: "
iptables -t skfilter -A OUTPUT -m state --state ESTABLISHED -j LOG --log-context --log-prefix="skfilter ESTABLISHED: "
iptables -t skfilter -A OUTPUT -m state --state NEW -j LOG --log-context --log-prefix="skfilter NEW: "
iptables -t skfilter -A OUTPUT -m state --state RELATED -j LOG --log-context --log-prefix="skfilter RELATED: "
iptables -t skfilter -A OUTPUT -m state --state UNTRACKED -j LOG --log-context --log-prefix="skfilter UNTRACKED: "


iptables -t skfilter -L -v