[pve-firewall.git] / test / test-ipset1 / tests

# blacklisted
{ from => 'outside', to => 'host', source => '192.168.0.1', dest => '1.2.3.4', dport => 22, action => 'DROP' }
# accept in myipset
{ from => 'outside', to => 'host', source => '172.16.0.10', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }
{ from => 'outside', to => 'host', source => '192.168.1.10', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }
# network alias inside myipset
{ from => 'outside', to => 'host', source => '10.3.0.1', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }
# server alias inside myipset
{ from => 'outside', to => 'host', source => '10.2.0.111', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }

# not inside myipset
{ from => 'outside', to => 'host', source => '10.2.0.112', dest => '1.2.3.4', dport => 22, action => 'DROP' }

# reject dmzhosts if from myipset
{ from => 'outside', to => 'host', source => '172.16.0.10', dest => '10.10.10.1', dport => 22, action => 'REJECT' }
{ from => 'outside', to => 'host', source => '172.16.0.10', dest => '10.10.11.1', dport => 22, action => 'REJECT' }

# management ipset
{ from => 'outside', to => 'host', source => '192.168.128.1', dport => 8006, action => 'DROP' }
{ from => 'outside', to => 'host', source => '192.168.128.1', dport => 22, action => 'DROP' }
{ from => 'outside', to => 'host', source => '192.168.128.2', dport => 8006, action => 'ACCEPT' }
{ from => 'outside', to => 'host', source => '192.168.128.2', dport => 22, action => 'ACCEPT' }
Commit	Line	Data
eb4ffe54 DM	1	# blacklisted
	2	{ from => 'outside', to => 'host', source => '192.168.0.1', dest => '1.2.3.4', dport => 22, action => 'DROP' }
	3	# accept in myipset
	4	{ from => 'outside', to => 'host', source => '172.16.0.10', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }
	5	{ from => 'outside', to => 'host', source => '192.168.1.10', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }
	6	# network alias inside myipset
	7	{ from => 'outside', to => 'host', source => '10.3.0.1', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }
	8	# server alias inside myipset
	9	{ from => 'outside', to => 'host', source => '10.2.0.111', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }
	10
	11	# not inside myipset
	12	{ from => 'outside', to => 'host', source => '10.2.0.112', dest => '1.2.3.4', dport => 22, action => 'DROP' }
	13
	14	# reject dmzhosts if from myipset
	15	{ from => 'outside', to => 'host', source => '172.16.0.10', dest => '10.10.10.1', dport => 22, action => 'REJECT' }
	16	{ from => 'outside', to => 'host', source => '172.16.0.10', dest => '10.10.11.1', dport => 22, action => 'REJECT' }
d4cae1d6 DM	17
	18	# management ipset
	19	{ from => 'outside', to => 'host', source => '192.168.128.1', dport => 8006, action => 'DROP' }
	20	{ from => 'outside', to => 'host', source => '192.168.128.1', dport => 22, action => 'DROP' }
	21	{ from => 'outside', to => 'host', source => '192.168.128.2', dport => 8006, action => 'ACCEPT' }
	22	{ from => 'outside', to => 'host', source => '192.168.128.2', dport => 22, action => 'ACCEPT' }
	23