add regression tests for ipfilter

diff --git a/test/test-vm-ipfilter1/100.fw b/test/test-vm-ipfilter1/100.fw
new file mode 100644 (file)
index 0000000..f869f8c
--- /dev/null
+++ b/test/test-vm-ipfilter1/100.fw
@@ -0,0 +1,13 @@
+[options]
+
+enable: 1
+
+[ipset ipfilter-net0]
+1.2.3.4
+1.2.3.5
+
+[ipset ipfilter-net2] # empty, allow nothing
+
+[rules]
+
+IN ACCEPT -p tcp -dport 80
\ No newline at end of file

diff --git a/test/test-vm-ipfilter1/cluster.fw b/test/test-vm-ipfilter1/cluster.fw
new file mode 100644 (file)
index 0000000..b81d757
--- /dev/null
+++ b/test/test-vm-ipfilter1/cluster.fw
@@ -0,0 +1,7 @@
+[options]
+
+enable: 1
+
+[rules]
+
+IN ACCEPT -p tcp -dport 80 -source 1.2.3.0/24
\ No newline at end of file

diff --git a/test/test-vm-ipfilter1/tests b/test/test-vm-ipfilter1/tests
new file mode 100644 (file)
index 0000000..2554704
--- /dev/null
+++ b/test/test-vm-ipfilter1/tests
@@ -0,0 +1,15 @@
+{ from => 'vm100i1', source => '1.2.3.3', dport => 80, action => 'ACCEPT' }
+{ from => 'vm100i1', source => '1.2.3.4', dport => 80, action => 'ACCEPT' }
+{ from => 'vm100i1', source => '1.2.3.5', dport => 80, action => 'ACCEPT' }
+{ from => 'vm100i1', source => '1.2.3.6', dport => 80, action => 'ACCEPT' }
+
+
+{ from => 'vm100', source => '1.2.3.3', dport => 80, action => 'DROP' }
+{ from => 'vm100', source => '1.2.3.4', dport => 80, action => 'ACCEPT' }
+{ from => 'vm100', source => '1.2.3.5', dport => 80, action => 'ACCEPT' }
+{ from => 'vm100', source => '1.2.3.6', dport => 80, action => 'DROP' }
+
+{ from => 'vm100i2', source => '1.2.3.3', dport => 80, action => 'DROP' }
+{ from => 'vm100i2', source => '1.2.3.4', dport => 80, action => 'DROP' }
+{ from => 'vm100i2', source => '1.2.3.5', dport => 80, action => 'DROP' }
+{ from => 'vm100i2', source => '1.2.3.6', dport => 80, action => 'DROP' }