source-git / firewalld

Clone
Source Code
GIT

Blame src/tests/features/helpers_custom.at

c8 c8s master
  1.   35e02ce925f6f8c7f5133663b9695102b7da8b74
  2.   src
  3.   tests
  4.   features
  5.   helpers_custom.at
Blob History Raw
Packit a8ec6b 
FWD_START_TEST([customer helpers])
Packit a8ec6b 
AT_KEYWORDS(helpers rhbz1733066 gh514 rhbz1769520)
Packit a8ec6b
Packit a8ec6b 
FWD_CHECK([-q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp"])
Packit a8ec6b 
FWD_CHECK([-q --permanent --helper=ftptest --add-port="2121/tcp"])
Packit a8ec6b
Packit a8ec6b 
FWD_CHECK([-q --permanent --new-service="ftptest"])
Packit a8ec6b 
FWD_CHECK([-q --permanent --service=ftptest --add-module="ftptest"])
Packit a8ec6b 
FWD_CHECK([-q --permanent --service=ftptest --query-module="ftptest"])
Packit a8ec6b 
FWD_CHECK([-q --permanent --service=ftptest --add-port="2121/tcp"])
Packit a8ec6b 
FWD_CHECK([--permanent --info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl
Packit a8ec6b 
ftptest
Packit a8ec6b 
  ports: 2121/tcp
Packit a8ec6b 
  protocols:
Packit a8ec6b 
  source-ports:
Packit a8ec6b 
  modules: ftptest
Packit a8ec6b 
  destination:
Packit a8ec6b 
  includes:
Packit a8ec6b 
  helpers:
Packit a8ec6b 
])])
Packit a8ec6b 
FWD_RELOAD
Packit a8ec6b 
FWD_CHECK([--info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl
Packit a8ec6b 
ftptest
Packit a8ec6b 
  ports: 2121/tcp
Packit a8ec6b 
  protocols:
Packit a8ec6b 
  source-ports:
Packit a8ec6b 
  modules: ftptest
Packit a8ec6b 
  destination:
Packit a8ec6b 
  includes:
Packit a8ec6b 
  helpers:
Packit a8ec6b 
])])
Packit a8ec6b
Packit a8ec6b 
FWD_CHECK([-q --add-service=ftptest])
Packit a8ec6b
Packit a8ec6b 
NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
Packit a8ec6b 
    table inet firewalld {
Packit a8ec6b 
        chain filter_IN_public_allow {
Packit a8ec6b 
            tcp dport 22 ct state new,untracked accept
Packit a8ec6b 
            ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
Packit 35e02c 
            tcp dport 9090 ct state new,untracked accept
Packit a8ec6b 
            tcp dport 2121 ct helper set "helper-ftptest-tcp"
Packit a8ec6b 
            tcp dport 2121 ct state new,untracked accept
Packit a8ec6b 
        }
Packit a8ec6b 
    }
Packit a8ec6b 
])
Packit a8ec6b 
IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
Packit a8ec6b 
    CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp
Packit a8ec6b 
])
Packit a8ec6b 
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
Packit a8ec6b 
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
Packit 35e02c 
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
Packit a8ec6b 
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
Packit a8ec6b 
])
Packit a8ec6b 
IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
Packit a8ec6b 
    CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp
Packit a8ec6b 
])
Packit a8ec6b 
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
Packit a8ec6b 
    ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
Packit a8ec6b 
    ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
Packit 35e02c 
    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
Packit a8ec6b 
    ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
Packit a8ec6b 
])
Packit a8ec6b
Packit a8ec6b 
dnl Same thing as above, but with the new "helper" in service.
Packit a8ec6b 
FWD_CHECK([-q --permanent --service=ftptest --remove-module="ftptest"])
Packit a8ec6b 
FWD_CHECK([-q --permanent --service=ftptest --query-module="ftptest"], 1)
Packit a8ec6b 
FWD_CHECK([-q --permanent --service=ftptest --add-helper="ftptest"])
Packit a8ec6b 
FWD_CHECK([--permanent --info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl
Packit a8ec6b 
ftptest
Packit a8ec6b 
  ports: 2121/tcp
Packit a8ec6b 
  protocols:
Packit a8ec6b 
  source-ports:
Packit a8ec6b 
  modules:
Packit a8ec6b 
  destination:
Packit a8ec6b 
  includes:
Packit a8ec6b 
  helpers: ftptest
Packit a8ec6b 
])])
Packit a8ec6b 
FWD_RELOAD
Packit a8ec6b 
FWD_CHECK([--info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl
Packit a8ec6b 
ftptest
Packit a8ec6b 
  ports: 2121/tcp
Packit a8ec6b 
  protocols:
Packit a8ec6b 
  source-ports:
Packit a8ec6b 
  modules:
Packit a8ec6b 
  destination:
Packit a8ec6b 
  includes:
Packit a8ec6b 
  helpers: ftptest
Packit a8ec6b 
])])
Packit a8ec6b
Packit a8ec6b 
FWD_CHECK([-q --add-service=ftptest])
Packit a8ec6b
Packit a8ec6b 
NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
Packit a8ec6b 
    table inet firewalld {
Packit a8ec6b 
        chain filter_IN_public_allow {
Packit a8ec6b 
            tcp dport 22 ct state new,untracked accept
Packit a8ec6b 
            ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
Packit 35e02c 
            tcp dport 9090 ct state new,untracked accept
Packit a8ec6b 
            tcp dport 2121 ct helper set "helper-ftptest-tcp"
Packit a8ec6b 
            tcp dport 2121 ct state new,untracked accept
Packit a8ec6b 
        }
Packit a8ec6b 
    }
Packit a8ec6b 
])
Packit a8ec6b 
IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
Packit a8ec6b 
    CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp
Packit a8ec6b 
])
Packit a8ec6b 
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
Packit a8ec6b 
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
Packit 35e02c 
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
Packit a8ec6b 
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
Packit a8ec6b 
])
Packit a8ec6b 
IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
Packit a8ec6b 
    CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp
Packit a8ec6b 
])
Packit a8ec6b 
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
Packit a8ec6b 
    ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
Packit a8ec6b 
    ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
Packit 35e02c 
    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
Packit a8ec6b 
    ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
Packit a8ec6b 
])
Packit a8ec6b
Packit a8ec6b 
dnl again, but with both "module" and "helper"
Packit a8ec6b 
FWD_CHECK([-q --permanent --service=ftptest --add-module="ftptest"])
Packit a8ec6b 
FWD_CHECK([-q --permanent --service=ftptest --remove-helper="ftptest"])
Packit a8ec6b 
FWD_CHECK([-q --permanent --service=ftptest --add-helper="ftp"])
Packit a8ec6b 
FWD_CHECK([-q --permanent --service=ftptest --add-port="21/tcp"])
Packit a8ec6b 
FWD_RELOAD
Packit a8ec6b
Packit a8ec6b 
FWD_CHECK([-q --add-service=ftptest])
Packit a8ec6b
Packit a8ec6b 
NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
Packit a8ec6b 
    table inet firewalld {
Packit a8ec6b 
        chain filter_IN_public_allow {
Packit a8ec6b 
            tcp dport 22 ct state new,untracked accept
Packit a8ec6b 
            ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
Packit 35e02c 
            tcp dport 9090 ct state new,untracked accept
Packit a8ec6b 
            tcp dport 21 ct helper set "helper-ftp-tcp"
Packit a8ec6b 
            tcp dport 2121 ct helper set "helper-ftptest-tcp"
Packit a8ec6b 
            tcp dport 2121 ct state new,untracked accept
Packit a8ec6b 
            tcp dport 21 ct state new,untracked accept
Packit a8ec6b 
        }
Packit a8ec6b 
    }
Packit a8ec6b 
])
Packit a8ec6b 
IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
Packit a8ec6b 
    CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp
Packit a8ec6b 
    CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp
Packit a8ec6b 
])
Packit a8ec6b 
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
Packit a8ec6b 
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
Packit 35e02c 
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
Packit a8ec6b 
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
Packit a8ec6b 
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED
Packit a8ec6b 
])
Packit a8ec6b 
IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
Packit a8ec6b 
    CT tcp ::/0 ::/0 tcp dpt:21 CT helper ftp
Packit a8ec6b 
    CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp
Packit a8ec6b 
])
Packit a8ec6b 
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
Packit a8ec6b 
    ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
Packit a8ec6b 
    ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
Packit 35e02c 
    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
Packit a8ec6b 
    ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
Packit a8ec6b 
    ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED
Packit a8ec6b 
])
Packit a8ec6b
Packit a8ec6b 
FWD_END_TEST

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation