From 318d0f92f05f194da10023dc9b73695a2b459b9a Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Tue, 20 May 2014 07:38:25 +0200 Subject: [PATCH] add tests for default rules --- test/test-default-rules1/101.fw | 1 + test/test-default-rules1/201.fw | 1 + test/test-default-rules1/cluster.fw | 3 +++ test/test-default-rules1/tests | 37 +++++++++++++++++++++++++++++ 4 files changed, 42 insertions(+) create mode 100644 test/test-default-rules1/101.fw create mode 100644 test/test-default-rules1/201.fw create mode 100644 test/test-default-rules1/cluster.fw create mode 100644 test/test-default-rules1/tests diff --git a/test/test-default-rules1/101.fw b/test/test-default-rules1/101.fw new file mode 100644 index 0000000..5c9000d --- /dev/null +++ b/test/test-default-rules1/101.fw @@ -0,0 +1 @@ +# empty file (enables firewall) \ No newline at end of file diff --git a/test/test-default-rules1/201.fw b/test/test-default-rules1/201.fw new file mode 100644 index 0000000..5c9000d --- /dev/null +++ b/test/test-default-rules1/201.fw @@ -0,0 +1 @@ +# empty file (enables firewall) \ No newline at end of file diff --git a/test/test-default-rules1/cluster.fw b/test/test-default-rules1/cluster.fw new file mode 100644 index 0000000..bc72078 --- /dev/null +++ b/test/test-default-rules1/cluster.fw @@ -0,0 +1,3 @@ +[OPTIONS] + +policy_out: DROP \ No newline at end of file diff --git a/test/test-default-rules1/tests b/test/test-default-rules1/tests new file mode 100644 index 0000000..58c7743 --- /dev/null +++ b/test/test-default-rules1/tests @@ -0,0 +1,37 @@ +{ from => 'outside', to => 'host', action => 'DROP' } +{ from => 'host', to => 'outside', action => 'DROP' } + +# traffic to other node +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 21, action => 'DROP' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 22, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 3128, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 8006, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 5900, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 5999, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', dport => 6000, action => 'DROP' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', proto => 'udp', dport => 5404, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', proto => 'udp', dport => 5405, action => 'ACCEPT' } +{ from => 'host', to => 'outside', dest => '172.16.1.3', proto => 'udp', dport => 5406, action => 'DROP' } + + +# traffic from other node + +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 21, action => 'DROP' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 22, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 3128, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 8006, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 5900, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 5999, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', dport => 6000, action => 'DROP' } +{ from => 'outside', to => 'host', source => '172.16.1.3', proto => 'udp', dport => 5404, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', proto => 'udp', dport => 5405, action => 'ACCEPT' } +{ from => 'outside', to => 'host', source => '172.16.1.3', proto => 'udp', dport => 5406, action => 'DROP' } + + +{ from => 'host', to => 'ct200', action => 'DROP' } +{ from => 'outside', to => 'ct200', action => 'ACCEPT' } +{ to => 'ct201', action => 'DROP' } +{ from => 'host', to => 'vm100', action => 'DROP' } +{ from => 'outside', to => 'vm100', action => 'ACCEPT' } +{ to => 'vm101', action => 'DROP' } + -- 2.39.2