From bee67bf13217cdde79f36ffcdb8e4b84f9ed21c6 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 14 May 2014 15:32:55 +0200
Subject: [PATCH] add README for fwtester.pl

---
 test/README              | 49 ++++++++++++++++++++++++++++++++++++++++
 test/test-basic1/host.fw |  1 -
 test/test-basic1/tests   |  2 --
 3 files changed, 49 insertions(+), 3 deletions(-)
 create mode 100644 test/README

diff --git a/test/README b/test/README
new file mode 100644
index 0000000..71801d4
--- /dev/null
+++ b/test/README
@@ -0,0 +1,49 @@
+=A simple simulator to test our iptables rules=
+
+==Invovation==
+
+ # ./fwtester.pl
+
+This scans for subdirectory named test-* an invokes fwtester.pl 
+for each subdirectory with:
+
+ # ./fwtester.pl test-<name>/tests 
+
+==Test directory contents==
+
+Each test directory can contain the following files:
+
+*cluster.fw  Cluster wide firewall config
+  
+*host.fw     Host firewall config
+
+*<VMID>.fw   Firewall config for VMs     
+
+*tests	     Test descriptions
+
+==Test description==
+
+The test description file can contain one or more tests using
+the following syntax:
+
+ { from => '<zone>' , to => '<zone>', action => '<DROP|RECECT|ACCEPT>', [ source => '<ip>',] [ dest => '<ip>',] [ proto => '<tcp|udp>',] [ dport => <port>,], [ sport => <port>,] }
+
+The following <zone> definition exist currently:
+
+* host:     The host itself
+
+* outside:  The outside world (vmbr0 port eth0)
+
+* vm<ID>:   A qemu virtual machine
+
+* ct<ID>:   An openvz container
+
+==Test examples==
+
+ { from => 'outside', to => 'ct200', dport => 22, action => 'ACCEPT' }
+ { from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'vm2vm'}
+
+You can assign an 'id' to each test, so that you can run them separately:
+
+ ./fwtester.pl -d test-basic1/tests vm2vm
+
diff --git a/test/test-basic1/host.fw b/test/test-basic1/host.fw
index 14c5f7b..1021ee0 100644
--- a/test/test-basic1/host.fw
+++ b/test/test-basic1/host.fw
@@ -5,7 +5,6 @@ enable: 1
 [RULES]
 
 OUT REJECT - - - tcp 81
-#IN ACCEPT tesitif - - tcp 22
 IN ACCEPT - - - tcp 22
 IN REJECT vmbr0 - - tcp 100
 IN REJECT vmbr1 - - tcp 101
diff --git a/test/test-basic1/tests b/test/test-basic1/tests
index 149cb67..477853b 100644
--- a/test/test-basic1/tests
+++ b/test/test-basic1/tests
@@ -1,5 +1,3 @@
-# example test rules
-
 { from => 'ct200', to => 'host', dport => 22, action => 'ACCEPT' }
 { from => 'ct200', to => 'host', dport => 23, action => 'DROP' }
 
-- 
2.39.2