From e99ca3826841c7cc4b11acd5eafbd0ec07242027 Mon Sep 17 00:00:00 2001
From: Roman Dodin <dodin.roman@gmail.com>
Date: Sat, 18 Jan 2025 00:48:16 +0100
Subject: [PATCH] remove testing if the fwd rules are gone, since they are not
 cleaned up

---
 docs/manual/kinds/bridge.md              | 13 ++++++++-
 tests/01-smoke/03-bridges-and-host.robot | 36 ++++--------------------
 2 files changed, 18 insertions(+), 31 deletions(-)

diff --git a/docs/manual/kinds/bridge.md b/docs/manual/kinds/bridge.md
index 589c02691..0ba71db5b 100644
--- a/docs/manual/kinds/bridge.md
+++ b/docs/manual/kinds/bridge.md
@@ -75,6 +75,17 @@ iptables -I FORWARD -i br-clab -j ACCEPT
 iptables -I FORWARD -o br-clab -j ACCEPT
 ```
 
-This will ensure that traffic is forwarded when passing this particular bridge. Note, that once you destroy the lab, the rule will stay, if you wish to remove it, you will have to do it manually.
+This will ensure that traffic is forwarded when passing this particular bridge.
+
+/// warning
+Once you destroy the lab, the rules in the FORWARD chain will stay, if you wish to remove it, you will have to do it manually. For example the with the following script (for v4 family):
+
+```
+sudo iptables -vL FORWARD --line-numbers -n | \
+grep "set by containerlab" | awk '{print $1}' \
+| sort -r | xargs -I {} sudo iptables -D FORWARD {}
+```
+
+///
 
 Check out ["External bridge"](../../lab-examples/ext-bridge.md) lab for a ready-made example on how to use bridges.
diff --git a/tests/01-smoke/03-bridges-and-host.robot b/tests/01-smoke/03-bridges-and-host.robot
index 8a7777227..ac17e07f3 100644
--- a/tests/01-smoke/03-bridges-and-host.robot
+++ b/tests/01-smoke/03-bridges-and-host.robot
@@ -105,36 +105,6 @@ Verify ip6tables allow rule is set
     Should Match Regexp    ${ipt}    oifname.*${bridge-name}.*accept
     Should Match Regexp    ${ipt}    iifname.*${bridge-name}.*accept
 
-Destroy ${lab-name} lab
-    ${rc}    ${output} =    Run And Return Rc And Output
-    ...    sudo -E ${CLAB_BIN} --runtime ${runtime} destroy -t ${CURDIR}/${lab-file} --cleanup
-    Log    ${output}
-    Should Be Equal As Integers    ${rc}    0
-
-Verify iptables allow rule are gone
-    [Documentation]    Checking if iptables allow rule is removed once the lab is destroyed
-    Skip If    '${runtime}' != 'docker'
-    ${ipt} =    Run
-    ...    sudo iptables -vnL FORWARD
-    Log    ${ipt}
-    Should Not Contain    ${ipt}    ${bridge-name}
-
-Verify ip6tables allow rule are gone
-    [Documentation]    Checking if ip6tables allow rule is removed once the lab is destroyed
-    Skip If    '${runtime}' != 'docker'
-
-    # Add check for ip6tables availability
-    ${rc}    ${output} =    Run And Return Rc And Output    which nft
-    Skip If    ${rc} != 0    nft command not found
-
-    ${rc}    ${output} =    Run And Return Rc And Output    sudo nft list tables
-    Skip If    'ip6 filter' not in '''${output}'''    ip6 filter chain not found
-
-    ${ipt} =    Run
-    ...    sudo nft list chain ip6 filter FORWARD
-    Log    ${ipt}
-    Should Not Contain    ${ipt}    ${bridge-name}
-
 *** Keywords ***
 Setup
     # ensure the bridge we about to create is deleted first
@@ -144,5 +114,11 @@ Setup
     Run    sudo ctr -n clab image rm docker.io/library/alpine:3
 
 Cleanup
+    Destroy ${lab-name} lab
+    ${rc}    ${output} =    Run And Return Rc And Output
+    ...    sudo -E ${CLAB_BIN} --runtime ${runtime} destroy -t ${CURDIR}/${lab-file} --cleanup
+    Log    ${output}
+    Should Be Equal As Integers    ${rc}    0
+    
     Run    sudo ip l del ${bridge-name}
     Run    sudo ip l del ${host-link-name}