source-git / firewalld

Clone
Source Code
GIT

Blame src/tests/regression/rhbz1514043.at

c8 c8s master
  1.   e9bb8fd5a5f3ac7c2f26d923c7cd08a3ac731189
  2.   src
  3.   tests
  4.   regression
  5.   rhbz1514043.at
Blob History Raw
Packit a8ec6b 
FWD_START_TEST([--set-log-denied does not zero config])
Packit a8ec6b 
AT_KEYWORDS(log_denied rhbz1514043)
Packit a8ec6b
Packit a8ec6b 
FWD_CHECK([-q --set-log-denied=all])
Packit a8ec6b 
FWD_CHECK([-q --permanent --zone=public --add-service=samba])
Packit a8ec6b 
FWD_RELOAD
Packit a8ec6b 
FWD_CHECK([--zone=public --list-all | TRIM | grep ^services], 0, [dnl
Packit Service e9bb8f 
services: dhcpv6-client samba ssh
Packit a8ec6b 
])
Packit a8ec6b
Packit a8ec6b 
dnl check that log denied actually took effect
Packit a8ec6b 
NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl
Packit a8ec6b 
    table inet firewalld {
Packit a8ec6b 
        chain filter_INPUT {
Packit a8ec6b 
            ct state established,related accept
Packit a8ec6b 
            ct status dnat accept
Packit a8ec6b 
            iifname "lo" accept
Packit a8ec6b 
            jump filter_INPUT_ZONES
Packit a8ec6b 
            ct state invalid log prefix "STATE_INVALID_DROP: "
Packit a8ec6b 
            ct state invalid drop
Packit a8ec6b 
            log prefix "FINAL_REJECT: "
Packit a8ec6b 
            reject with icmpx type admin-prohibited
Packit a8ec6b 
        }
Packit a8ec6b 
    }
Packit a8ec6b 
])
Packit a8ec6b 
NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl
Packit a8ec6b 
    table inet firewalld {
Packit a8ec6b 
        chain filter_FORWARD {
Packit a8ec6b 
            ct state established,related accept
Packit a8ec6b 
            ct status dnat accept
Packit a8ec6b 
            iifname "lo" accept
Packit a8ec6b 
            ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 type addr-unreachable
Packit a8ec6b 
            jump filter_FORWARD_IN_ZONES
Packit a8ec6b 
            jump filter_FORWARD_OUT_ZONES
Packit a8ec6b 
            ct state invalid log prefix "STATE_INVALID_DROP: "
Packit a8ec6b 
            ct state invalid drop
Packit a8ec6b 
            log prefix "FINAL_REJECT: "
Packit a8ec6b 
            reject with icmpx type admin-prohibited
Packit a8ec6b 
        }
Packit a8ec6b 
    }
Packit a8ec6b 
])
Packit a8ec6b
Packit a8ec6b 
IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl
Packit a8ec6b 
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT
Packit a8ec6b 
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Packit a8ec6b 
    INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
Packit a8ec6b 
    INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
Packit a8ec6b 
    LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: "
Packit a8ec6b 
    DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
Packit a8ec6b 
    LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FINAL_REJECT: "
Packit a8ec6b 
    REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Packit a8ec6b 
])
Packit a8ec6b 
IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl
Packit a8ec6b 
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT
Packit a8ec6b 
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Packit a8ec6b 
    FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0
Packit a8ec6b 
    FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0
Packit a8ec6b 
    FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
Packit a8ec6b 
    LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: "
Packit a8ec6b 
    DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
Packit a8ec6b 
    LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FINAL_REJECT: "
Packit a8ec6b 
    REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Packit a8ec6b 
])
Packit a8ec6b 
IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl
Packit a8ec6b 
    ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT
Packit a8ec6b 
    ACCEPT all ::/0 ::/0
Packit a8ec6b 
    INPUT_direct all ::/0 ::/0
Packit a8ec6b 
    INPUT_ZONES all ::/0 ::/0
Packit a8ec6b 
    LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: "
Packit a8ec6b 
    DROP all ::/0 ::/0 ctstate INVALID
Packit a8ec6b 
    LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: "
Packit a8ec6b 
    REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited
Packit a8ec6b 
])
Packit a8ec6b 
IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl
Packit a8ec6b 
    ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT
Packit a8ec6b 
    ACCEPT all ::/0 ::/0
Packit a8ec6b 
    FORWARD_direct all ::/0 ::/0
Packit a8ec6b 
    RFC3964_IPv4 all ::/0 ::/0
Packit a8ec6b 
    FORWARD_IN_ZONES all ::/0 ::/0
Packit a8ec6b 
    FORWARD_OUT_ZONES all ::/0 ::/0
Packit a8ec6b 
    LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: "
Packit a8ec6b 
    DROP all ::/0 ::/0 ctstate INVALID
Packit a8ec6b 
    LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: "
Packit a8ec6b 
    REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited
Packit a8ec6b 
])
Packit a8ec6b
Packit a8ec6b 
FWD_END_TEST

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation