From: Dietmar Maurer Date: Tue, 20 May 2014 05:38:25 +0000 (+0200) Subject: add tests for default rules X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=318d0f92f05f194da10023dc9b73695a2b459b9a add tests for default rules --- diff --git a/test/test-default-rules1/101.fw b/test/test-default-rules1/101.fw new file mode 100644 index 0000000..5c9000d --- /dev/null +++ b/test/test-default-rules1/101.fw @@ -0,0 +1 @@ +# empty file (enables firewall) \ No newline at end of file diff --git a/test/test-default-rules1/201.fw b/test/test-default-rules1/201.fw new file mode 100644 index 0000000..5c9000d --- /dev/null +++ b/test/test-default-rules1/201.fw @@ -0,0 +1 @@ +# empty file (enables firewall) \ No newline at end of file diff --git a/test/test-default-rules1/cluster.fw b/test/test-default-rules1/cluster.fw new file mode 100644 index 0000000..bc72078 --- /dev/null +++ b/test/test-default-rules1/cluster.fw @@ -0,0 +1,3 @@ +[OPTIONS] + +policy_out: DROP \ No newline at end of file diff --git a/test/test-default-rules1/tests b/test/test-default-rules1/tests new file mode 100644 index 0000000..58c7743 --- /dev/null +++ b/test/test-default-rules1/tests @@ -0,0 +1,37 @@ +{ from => 'outside', to => 'host', action => 'DROP' } +{ from => 'host', to => 'outside', action => 'DROP' } + +# traffic to other node +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 21, action => 'DROP' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 22, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 3128, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 8006, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 5900, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 5999, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 6000, action => 'DROP' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', proto => 'udp', dport => 5404, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', proto => 'udp', dport => 5405, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', proto => 'udp', dport => 5406, action => 'DROP' } + + +# traffic from other node + +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 21, action => 'DROP' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 22, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 3128, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 8006, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 5900, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 5999, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 6000, action => 'DROP' } +{ from => 'outside', to => 'host', source => '172.16.1.3', proto => 'udp', dport => 5404, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', proto => 'udp', dport => 5405, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', proto => 'udp', dport => 5406, action => 'DROP' } + + +{ from => 'host', to => 'ct200', action => 'DROP' } +{ from => 'outside', to => 'ct200', action => 'ACCEPT' } +{ to => 'ct201', action => 'DROP' } +{ from => 'host', to => 'vm100', action => 'DROP' } +{ from => 'outside', to => 'vm100', action => 'ACCEPT' } +{ to => 'vm101', action => 'DROP' } +