add tests for host interface match

[pve-firewall.git] / test / test-basic1 / tests

diff --git a/test/test-basic1/tests b/test/test-basic1/tests
index 5066fe5edefdfa535c3acead5029a1147a1905f7..149cb67b2bc443caacd42b3c96e839593acbab9b 100644 (file)
--- a/test/test-basic1/tests
+++ b/test/test-basic1/tests
@@ -15,7 +15,7 @@
 { from => 'vm100' , to => 'ct200', dport => 22, action => 'ACCEPT' }
 
 { from => 'vm101', to => 'vm100', dport => 22, action => 'DROP' }
-{ from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT' }
+{ from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'vm2vm'}
 
 { from => 'ct201', to => 'ct200', dport => 22, action => 'ACCEPT' }
 { from => 'ct201', to => 'ct200', dport => 23, action => 'DROP' }
@@ -23,4 +23,20 @@
 { from => 'vm110', to => 'vm100', dport => 22, action => 'DROP' }
 { from => 'vm110', to => 'vm100', dport => 443, action => 'ACCEPT' }
 
+{ from => 'outside', to => 'ct200', dport => 22, action => 'ACCEPT' }
+{ from => 'outside', to => 'ct200', dport => 23, action => 'DROP' }
+{ from => 'outside', to => 'vm100', dport => 22, action => 'DROP' }
+{ from => 'outside', to => 'vm100', dport => 443, action => 'ACCEPT' }
+{ from => 'outside', to => 'host', dport => 22, action => 'ACCEPT' }
+{ from => 'outside', to => 'host', dport => 23, action => 'DROP' }
+
+{ from => 'host' , to => 'outside', dport => 80, action => 'ACCEPT'}
+{ from => 'host' , to => 'outside', dport => 81, action => 'REJECT' }
+{ from => 'vm100' , to => 'outside', dport => 80, action => 'ACCEPT' }
+{ from => 'vm100' , to => 'outside', dport => 81, action => 'REJECT' }
+{ from => 'ct200' , to => 'outside', dport => 80, action => 'ACCEPT' }
+{ from => 'ct200' , to => 'outside', dport => 81, action => 'REJECT' }
+
+{ from => 'outside', to => 'host', dport => 100, action => 'REJECT' }
+{ from => 'outside', to => 'host', dport => 101, action => 'DROP' }