1 =A simple simulator to test our iptables rules=
7 This scans for subdirectory named test-* an invokes fwtester.pl
8 for each subdirectory with:
10 # ./fwtester.pl test-<name>/tests
12 ==Test directory contents==
14 Each test directory can contain the following files:
16 *cluster.fw Cluster wide firewall config
18 *host.fw Host firewall config
20 *<VMID>.fw Firewall config for VMs
22 *tests Test descriptions
26 The test description file can contain one or more tests using
29 { from => '<zone>' , to => '<zone>', action => '<DROP|RECECT|ACCEPT>', [ source => '<ip>',] [ dest => '<ip>',] [ proto => '<tcp|udp>',] [ dport => <port>,], [ sport => <port>,] }
31 The following <zone> definition exist currently:
33 * host: The host itself
35 * outside: The outside world (alias for 'vmbr0/eth0')
37 * vm<ID>: A qemu virtual machine
39 * ct<ID>: An openvz container
41 * nfvm: Non firewalled VM (alias for 'vmbr0/tapXYZ')
43 * vmbr<\d+>/<bport>: Unmanaged bridge port
48 { from => 'outside', to => 'ct200', dport => 22, action => 'ACCEPT' }
49 { from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'vm2vm'}
51 You can assign an 'id' to each test, so that you can run them separately:
53 ./fwtester.pl -d test-basic1/tests vm2vm