fwtester: add new zone 'nfwm' to simulate a non-firewalled VM

[pve-firewall.git] / test / test-basic1 / tests

diff --git a/test/test-basic1/tests b/test/test-basic1/tests
index 477853ba87f8d83022ce98a507e31c959d85e3dc..2b762de9d68c26199e7d3436160c5a4461b1541a 100644 (file)
--- a/test/test-basic1/tests
+++ b/test/test-basic1/tests
@@ -38,3 +38,16 @@
 { from => 'outside', to => 'host', dport => 100, action => 'REJECT' }
 { from => 'outside', to => 'host', dport => 101, action => 'DROP' }
 
+{ from => 'nfvm', to => 'host', dport => 22, action => 'ACCEPT' }
+{ from => 'nfvm', to => 'host', dport => 80, action => 'DROP' }
+{ from => 'nfvm', to => 'outside', dport => 22, action => 'ACCEPT' }
+{ from => 'nfvm', to => 'outside', dport => 80, action => 'ACCEPT' }
+{ from => 'nfvm', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'nfw2vm'}
+{ from => 'nfvm', to => 'vm100', dport => 80, action => 'DROP' }
+{ from => 'nfvm', to => 'ct200', dport => 22, action => 'ACCEPT' }
+{ from => 'nfvm', to => 'ct200', dport => 80, action => 'DROP' }
+
+{ from => 'ct200', to => 'nfvm', dport => 80, action => 'ACCEPT' }
+{ from => 'vm100', to => 'nfvm', dport => 80, action => 'ACCEPT' }
+{ from => 'outside', to => 'nfvm', dport => 80, action => 'ACCEPT' }
+{ from => 'host', to => 'nfvm', dport => 80, action => 'ACCEPT' }