[pve-firewall.git] / test / README

= A simple simulator to test our iptables rule generation =

== Invocation ==

 # ./fwtester.pl

This scans for subdirectory named test-* an invokes fwtester.pl for each
subdirectory with:

 # ./fwtester.pl test-<name>/tests

== Test directory contents ==

Each test directory can contain the following files:

 * cluster.fw  Cluster wide firewall config
 * host.fw     Host firewall config
 * <VMID>.fw   Firewall config for VMs
 * tests       Test descriptions

== Test description ==

The test description file can contain one or more tests using the following
syntax:

 { from => '<zone>' , to => '<zone>', action => '<DROP|RECECT|ACCEPT>', [ source => '<ip>',] [ dest => '<ip>',] [ proto => '<tcp|udp>',] [ dport => <port>,], [ sport => <port>,] }

The following <zone> definition exist currently:

 * host:              The host itself
 * outside:           The outside world (alias for 'vmbr0/eth0')
 * vm<ID>:            A qemu virtual machine
 * ct<ID>:            An openvz container
 * nfvm:              Non firewalled VM (alias for 'vmbr0/tapXYZ')
 * vmbr<\d+>/<bport>: Unmanaged bridge port


== Test examples ==

 { from => 'outside', to => 'ct200', dport => 22, action => 'ACCEPT' }
 { from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'vm2vm'}

You can assign an 'id' to each test, so that you can run them separately:

 ./fwtester.pl -d test-basic1/tests vm2vm
Commit	Line	Data
e7b37bc3	1	= A simple simulator to test our iptables rule generation =
bee67bf1	2
e7b37bc3	3	== Invocation ==
bee67bf1 DM	4
	5	# ./fwtester.pl
	6
e7b37bc3 TL	7	This scans for subdirectory named test-* an invokes fwtester.pl for each
e7b37bc3 TL	8	subdirectory with:
bee67bf1	9
e7b37bc3	10	# ./fwtester.pl test-<name>/tests
bee67bf1	11
e7b37bc3	12	== Test directory contents ==
bee67bf1 DM	13
	14	Each test directory can contain the following files:
	15
e7b37bc3 TL	16	* cluster.fw Cluster wide firewall config
	17	* host.fw Host firewall config
	18	* <VMID>.fw Firewall config for VMs
	19	* tests Test descriptions
bee67bf1	20
e7b37bc3	21	== Test description ==
bee67bf1	22
e7b37bc3 TL	23	The test description file can contain one or more tests using the following
e7b37bc3 TL	24	syntax:
bee67bf1 DM	25
	26	{ from => '<zone>' , to => '<zone>', action => '<DROP\|RECECT\|ACCEPT>', [ source => '<ip>',] [ dest => '<ip>',] [ proto => '<tcp\|udp>',] [ dport => <port>,], [ sport => <port>,] }
	27
	28	The following <zone> definition exist currently:
	29
e7b37bc3 TL	30	* host: The host itself
	31	* outside: The outside world (alias for 'vmbr0/eth0')
	32	* vm<ID>: A qemu virtual machine
	33	* ct<ID>: An openvz container
	34	* nfvm: Non firewalled VM (alias for 'vmbr0/tapXYZ')
	35	* vmbr<\d+>/<bport>: Unmanaged bridge port
bee67bf1	36
bee67bf1	37
e7b37bc3	38	== Test examples ==
bee67bf1 DM	39
	40	{ from => 'outside', to => 'ct200', dport => 22, action => 'ACCEPT' }
	41	{ from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'vm2vm'}
	42
	43	You can assign an 'id' to each test, so that you can run them separately:
	44
	45	./fwtester.pl -d test-basic1/tests vm2vm