run tests on every change, fixed fw options

- Run unit tests on every push/pr.
- Silence gcc warnings, it doesn't seem to work and causes unit tests to
  fail:
  https://github.com/golang/go/issues/6883#issuecomment-383800123
- Improved firewall configuration contraints, to meet with this table:
  https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks#Hooks_by_family_and_chain_type

.github/workflows/go.yml

@@ -36,3 +36,7 @@ jobs:
       run: |
         cd daemon 
         go build -v .
+    - name: Test
+      run: |
+        cd daemon
+        go test ./...

daemon/firewall/nftables/utils.go

@@ -73,11 +73,11 @@ func getChainPriority(family, cType, hook string) (*nftables.ChainPriority, nfta
 		log.Warning("[nftables] invalid nat combination of tables and hooks. chain: %s, hook: %s", cType, hook)
 		return nil, chainType
 	}
-	if family == exprs.NFT_FAMILY_NETDEV && (cType != exprs.NFT_CHAIN_FILTER || (hook != exprs.NFT_HOOK_EGRESS || hook != exprs.NFT_HOOK_INGRESS)) {
+	if family == exprs.NFT_FAMILY_NETDEV && (cType != exprs.NFT_CHAIN_FILTER || hook != exprs.NFT_HOOK_INGRESS) {
 		log.Warning("[nftables] invalid netdev combination of tables and hooks. chain: %s, hook: %s", cType, hook)
 		return nil, chainType
 	}
-	if family == exprs.NFT_FAMILY_ARP && (cType != exprs.NFT_CHAIN_FILTER || (hook != exprs.NFT_HOOK_OUTPUT || hook != exprs.NFT_HOOK_INPUT)) {
+	if family == exprs.NFT_FAMILY_ARP && (cType != exprs.NFT_CHAIN_FILTER || (hook != exprs.NFT_HOOK_OUTPUT && hook != exprs.NFT_HOOK_INPUT)) {
 		log.Warning("[nftables] invalid arp combination of tables and hooks. chain: %s, hook: %s", cType, hook)
 		return nil, chainType
 	}

daemon/netfilter/queue.go

@@ -2,7 +2,7 @@ package netfilter
 
 /*
 #cgo pkg-config: libnetfilter_queue
-#cgo CFLAGS: -Wall -I/usr/include
+#cgo CFLAGS: -I/usr/include
 #cgo LDFLAGS: -L/usr/lib64/ -ldl
 
 #include "queue.h"