From eb4ffe5404cce4e222dc3f591a15eb39b1045e14 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 15 May 2014 12:53:48 +0200
Subject: [PATCH] add ipset regression tests

---
 test/test-ipset1/cluster.fw | 23 +++++++++++++++++++++++
 test/test-ipset1/host.fw    |  8 ++++++++
 test/test-ipset1/tests      | 17 +++++++++++++++++
 3 files changed, 48 insertions(+)
 create mode 100644 test/test-ipset1/cluster.fw
 create mode 100644 test/test-ipset1/host.fw
 create mode 100644 test/test-ipset1/tests

diff --git a/test/test-ipset1/cluster.fw b/test/test-ipset1/cluster.fw
new file mode 100644
index 0000000..5fbb139
--- /dev/null
+++ b/test/test-ipset1/cluster.fw
@@ -0,0 +1,23 @@
+[ALIASES]
+
+myserveralias 10.2.0.111
+mynetworkalias 10.3.0.0/24
+
+[ipset myipset]
+
+192.168.0.1 
+172.16.0.10
+192.168.1.0/24
+mynetworkalias
+myserveralias
+
+[ipset dmzhosts]
+10.10.10.0/24
+10.10.11.1
+
+#global ipset blacklist
+[ipset blacklist]
+
+10.0.0.8
+192.168.0.0/24
+
diff --git a/test/test-ipset1/host.fw b/test/test-ipset1/host.fw
new file mode 100644
index 0000000..4d7200e
--- /dev/null
+++ b/test/test-ipset1/host.fw
@@ -0,0 +1,8 @@
+
+
+[RULES]
+
+IN REJECT - +myipset +dmzhosts tcp 22
+
+IN ACCEPT - +myipset - tcp 22
+
diff --git a/test/test-ipset1/tests b/test/test-ipset1/tests
new file mode 100644
index 0000000..0b6aeca
--- /dev/null
+++ b/test/test-ipset1/tests
@@ -0,0 +1,17 @@
+
+# blacklisted
+{ from => 'outside', to => 'host', source => '192.168.0.1', dest => '1.2.3.4', dport => 22, action => 'DROP' }
+# accept in myipset
+{ from => 'outside', to => 'host', source => '172.16.0.10', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }
+{ from => 'outside', to => 'host', source => '192.168.1.10', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }
+# network alias inside myipset
+{ from => 'outside', to => 'host', source => '10.3.0.1', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }
+# server alias inside myipset
+{ from => 'outside', to => 'host', source => '10.2.0.111', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' }
+
+# not inside myipset
+{ from => 'outside', to => 'host', source => '10.2.0.112', dest => '1.2.3.4', dport => 22, action => 'DROP' }
+
+# reject dmzhosts if from myipset
+{ from => 'outside', to => 'host', source => '172.16.0.10', dest => '10.10.10.1', dport => 22, action => 'REJECT' }
+{ from => 'outside', to => 'host', source => '172.16.0.10', dest => '10.10.11.1', dport => 22, action => 'REJECT' }
-- 
2.39.2