X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=test%2Ftest-basic1%2Ftests;h=a993e5d46ba12bcd6c32cac9f463ca89d9bdfe0c;hb=2a2b81b41434c232084e39db9f401bd5435d94cf;hp=232037bbe306a3997a1f02addcbfeecb4654140b;hpb=31dc73f1fd74613a6f06b86665c7fec6b1286cdd;p=pve-firewall.git

diff --git a/test/test-basic1/tests b/test/test-basic1/tests
index 232037b..a993e5d 100644
--- a/test/test-basic1/tests
+++ b/test/test-basic1/tests
@@ -1,5 +1,3 @@
-# example test rules
-
 { from => 'ct200', to => 'host', dport => 22, action => 'ACCEPT' }
 { from => 'ct200', to => 'host', dport => 23, action => 'DROP' }
 
@@ -15,7 +13,7 @@
 { from => 'vm100' , to => 'ct200', dport => 22, action => 'ACCEPT' }
 
 { from => 'vm101', to => 'vm100', dport => 22, action => 'DROP' }
-{ from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT' }
+{ from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'vm2vm'}
 
 { from => 'ct201', to => 'ct200', dport => 22, action => 'ACCEPT' }
 { from => 'ct201', to => 'ct200', dport => 23, action => 'DROP' }
@@ -23,6 +21,10 @@
 { from => 'vm110', to => 'vm100', dport => 22, action => 'DROP' }
 { from => 'vm110', to => 'vm100', dport => 443, action => 'ACCEPT' }
 
+{ from => 'vm110', to => 'vm100', dport => 0, proto => 'icmp', action => 'ACCEPT' }
+{ from => 'vm110', to => 'vm100', dport => 'host-unreachable', proto => 'icmp', action => 'ACCEPT' }
+{ from => 'vm110', to => 'vm100', dport => 255, proto => 'icmpv6', action => 'DROP' }
+
 { from => 'outside', to => 'ct200', dport => 22, action => 'ACCEPT' }
 { from => 'outside', to => 'ct200', dport => 23, action => 'DROP' }
 { from => 'outside', to => 'vm100', dport => 22, action => 'DROP' }
@@ -30,11 +32,29 @@
 { from => 'outside', to => 'host', dport => 22, action => 'ACCEPT' }
 { from => 'outside', to => 'host', dport => 23, action => 'DROP' }
 
-{ from => 'host' , to => 'outside', dport => 80, action => 'ACCEPT' }
+{ from => 'host' , to => 'outside', dport => 80, action => 'ACCEPT'}
 { from => 'host' , to => 'outside', dport => 81, action => 'REJECT' }
 { from => 'vm100' , to => 'outside', dport => 80, action => 'ACCEPT' }
 { from => 'vm100' , to => 'outside', dport => 81, action => 'REJECT' }
 { from => 'ct200' , to => 'outside', dport => 80, action => 'ACCEPT' }
 { from => 'ct200' , to => 'outside', dport => 81, action => 'REJECT' }
 
-
+{ from => 'outside', to => 'host', dport => 100, action => 'REJECT' }
+{ from => 'outside', to => 'host', dport => 101, action => 'DROP' }
+
+{ from => 'nfvm', to => 'host', dport => 22, action => 'ACCEPT' }
+{ from => 'nfvm', to => 'host', dport => 80, action => 'DROP' }
+{ from => 'nfvm', to => 'outside', dport => 22, action => 'ACCEPT' }
+{ from => 'nfvm', to => 'outside', dport => 80, action => 'ACCEPT' }
+{ from => 'nfvm', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'nfw2vm'}
+{ from => 'nfvm', to => 'vm100', dport => 80, action => 'DROP' }
+{ from => 'nfvm', to => 'ct200', dport => 22, action => 'ACCEPT' }
+{ from => 'nfvm', to => 'ct200', dport => 80, action => 'DROP' }
+
+{ from => 'ct200', to => 'nfvm', dport => 80, action => 'ACCEPT' }
+{ from => 'vm100', to => 'nfvm', dport => 80, action => 'ACCEPT' }
+{ from => 'outside', to => 'nfvm', dport => 80, action => 'ACCEPT' }
+{ from => 'host', to => 'nfvm', dport => 80, action => 'ACCEPT' }
+
+{ from => 'vmbr0/eth0', to => 'host', dport => 22, action => 'ACCEPT' }
+{ from => 'host' , to => 'vmbr0/eth0', dport => 22, action => 'ACCEPT' }