From 9e980dd50c2972b6f0c81c5dd4f0cf00c398b4b4 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Thu, 15 May 2014 10:27:35 +0200 Subject: [PATCH] add security group tests --- test/test-group1/100.fw | 6 ++++++ test/test-group1/200.fw | 4 ++++ test/test-group1/cluster.fw | 14 ++++++++++++++ test/test-group1/host.fw | 7 +++++++ test/test-group1/tests | 8 ++++++++ 5 files changed, 39 insertions(+) create mode 100644 test/test-group1/100.fw create mode 100644 test/test-group1/200.fw create mode 100644 test/test-group1/cluster.fw create mode 100644 test/test-group1/host.fw create mode 100644 test/test-group1/tests diff --git a/test/test-group1/100.fw b/test/test-group1/100.fw new file mode 100644 index 0000000..bc0af4b --- /dev/null +++ b/test/test-group1/100.fw @@ -0,0 +1,6 @@ +[RULES] + +IN ACCEPT - - - tcp 22 +IN ACCEPT - - - tcp 80 + +GROUP group2 \ No newline at end of file diff --git a/test/test-group1/200.fw b/test/test-group1/200.fw new file mode 100644 index 0000000..aa1dee8 --- /dev/null +++ b/test/test-group1/200.fw @@ -0,0 +1,4 @@ +[RULES] + +IN ACCEPT - - - tcp 22 +IN ACCEPT - - - tcp 80 diff --git a/test/test-group1/cluster.fw b/test/test-group1/cluster.fw new file mode 100644 index 0000000..c520a74 --- /dev/null +++ b/test/test-group1/cluster.fw @@ -0,0 +1,14 @@ +[OPTIONS] + +enable: 1 + +[GROUP group1] + +IN ACCEPT 192.168.2.0/24 - tcp 22 +IN REJECT 192.168.2.0/24 - tcp 80 +OUT REJECT 192.168.2.0/24 - tcp 80 +OUT REJECT - - tcp 443 + +[GROUP group2] + +IN ACCEPT 192.168.3.0/24 - tcp 22 diff --git a/test/test-group1/host.fw b/test/test-group1/host.fw new file mode 100644 index 0000000..71d9236 --- /dev/null +++ b/test/test-group1/host.fw @@ -0,0 +1,7 @@ +[OPTIONS] + +enable: 1 + +[RULES] + +GROUP group1 diff --git a/test/test-group1/tests b/test/test-group1/tests new file mode 100644 index 0000000..d7413cc --- /dev/null +++ b/test/test-group1/tests @@ -0,0 +1,8 @@ +{ from => 'host', source => '192.168.2.1', dport => 22, action => 'ACCEPT' } +{ from => 'host', source => '192.168.2.1', dport => 443, action => 'REJECT' } +{ from => 'host', source => '192.168.2.1', dport => 80, action => 'REJECT' } +{ from => 'host', source => '127.0.0.1', dport => 80, action => 'ACCEPT' } + +{ to => 'host', source => '127.0.0.1', dport => 22, action => 'DROP' } +{ to => 'host', source => '192.168.2.1', dport => 22, action => 'ACCEPT' } +{ to => 'host', source => '192.168.2.1', dport => 80, action => 'REJECT' } -- 2.39.2