|
|
79b470 |
From 2439f55f8a44ae3bddde8098f3f6ea67ccfd1d9b Mon Sep 17 00:00:00 2001
|
|
|
79b470 |
Message-Id: <2439f55f8a44ae3bddde8098f3f6ea67ccfd1d9b@dist-git>
|
|
|
79b470 |
From: Laine Stump <laine@redhat.com>
|
|
|
79b470 |
Date: Fri, 15 Jan 2021 22:51:47 -0500
|
|
|
79b470 |
Subject: [PATCH] tests: fix iptables test case commandline options in
|
|
|
79b470 |
virfirewalltest.c
|
|
|
79b470 |
|
|
|
79b470 |
This test was created with all the commandlines erroneously having
|
|
|
79b470 |
"--source-host", which is not a valid iptables option. The correct
|
|
|
79b470 |
name for the option is "--source". However, since the test is just
|
|
|
79b470 |
checking that the generated commandline matches what we told it to
|
|
|
79b470 |
generate (and never actually runs iptables, as that would be a "Really
|
|
|
79b470 |
Bad Idea"(tm)), the test has always succeeded. I only found it because
|
|
|
79b470 |
I made a change to the code that caused the test to incorrectly try to
|
|
|
79b470 |
run iptables during the test, and the error message I received was
|
|
|
79b470 |
"odd" (it complained about the bad option, rather than complaining
|
|
|
79b470 |
that I had insufficient privilege to run the command).
|
|
|
79b470 |
|
|
|
79b470 |
https://bugzilla.redhat.com/1607929
|
|
|
79b470 |
|
|
|
79b470 |
Signed-off-by: Laine Stump <laine@redhat.com>
|
|
|
79b470 |
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
|
|
|
79b470 |
(cherry picked from commit e9693502fb63ce5ddd07d2599daddc563c422eed)
|
|
|
79b470 |
Message-Id: <20210116035151.1066734-5-laine@redhat.com>
|
|
|
79b470 |
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
79b470 |
---
|
|
|
79b470 |
tests/virfirewalltest.c | 168 ++++++++++++++++++++--------------------
|
|
|
79b470 |
1 file changed, 84 insertions(+), 84 deletions(-)
|
|
|
79b470 |
|
|
|
79b470 |
diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c
|
|
|
79b470 |
index 1ec768d302..40e7f4f00b 100644
|
|
|
79b470 |
--- a/tests/virfirewalltest.c
|
|
|
79b470 |
+++ b/tests/virfirewalltest.c
|
|
|
79b470 |
@@ -206,8 +206,8 @@ testFirewallSingleGroup(const void *opaque)
|
|
|
79b470 |
int ret = -1;
|
|
|
79b470 |
const char *actual = NULL;
|
|
|
79b470 |
const char *expected =
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
const struct testFirewallData *data = opaque;
|
|
|
79b470 |
|
|
|
79b470 |
fwDisabled = data->fwDisabled;
|
|
|
79b470 |
@@ -225,12 +225,12 @@ testFirewallSingleGroup(const void *opaque)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
if (virFirewallApply(fw) < 0)
|
|
|
79b470 |
@@ -262,8 +262,8 @@ testFirewallRemoveRule(const void *opaque)
|
|
|
79b470 |
int ret = -1;
|
|
|
79b470 |
const char *actual = NULL;
|
|
|
79b470 |
const char *expected =
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
const struct testFirewallData *data = opaque;
|
|
|
79b470 |
virFirewallRulePtr fwrule;
|
|
|
79b470 |
|
|
|
79b470 |
@@ -282,17 +282,17 @@ testFirewallRemoveRule(const void *opaque)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT", NULL);
|
|
|
79b470 |
- virFirewallRuleAddArg(fw, fwrule, "--source-host");
|
|
|
79b470 |
+ virFirewallRuleAddArg(fw, fwrule, "--source");
|
|
|
79b470 |
virFirewallRemoveRule(fw, fwrule);
|
|
|
79b470 |
|
|
|
79b470 |
fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT", NULL);
|
|
|
79b470 |
- virFirewallRuleAddArg(fw, fwrule, "--source-host");
|
|
|
79b470 |
+ virFirewallRuleAddArg(fw, fwrule, "--source");
|
|
|
79b470 |
virFirewallRuleAddArgFormat(fw, fwrule, "%s", "!192.168.122.1");
|
|
|
79b470 |
virFirewallRuleAddArgList(fw, fwrule, "--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
@@ -325,9 +325,9 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
int ret = -1;
|
|
|
79b470 |
const char *actual = NULL;
|
|
|
79b470 |
const char *expected =
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
|
|
|
79b470 |
const struct testFirewallData *data = opaque;
|
|
|
79b470 |
|
|
|
79b470 |
@@ -346,19 +346,19 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallStartTransaction(fw, 0);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "OUTPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
@@ -416,9 +416,9 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
int ret = -1;
|
|
|
79b470 |
const char *actual = NULL;
|
|
|
79b470 |
const char *expected =
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
|
|
|
79b470 |
const struct testFirewallData *data = opaque;
|
|
|
79b470 |
|
|
|
79b470 |
@@ -439,19 +439,19 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.255",
|
|
|
79b470 |
+ "--source", "192.168.122.255",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallStartTransaction(fw, 0);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "OUTPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
@@ -488,9 +488,9 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
int ret = -1;
|
|
|
79b470 |
const char *actual = NULL;
|
|
|
79b470 |
const char *expected =
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
|
|
|
79b470 |
const struct testFirewallData *data = opaque;
|
|
|
79b470 |
|
|
|
79b470 |
@@ -511,18 +511,18 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
true, NULL, NULL,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.255",
|
|
|
79b470 |
+ "--source", "192.168.122.255",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "OUTPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
@@ -559,8 +559,8 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
int ret = -1;
|
|
|
79b470 |
const char *actual = NULL;
|
|
|
79b470 |
const char *expected =
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n";
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n";
|
|
|
79b470 |
const struct testFirewallData *data = opaque;
|
|
|
79b470 |
|
|
|
79b470 |
fwDisabled = data->fwDisabled;
|
|
|
79b470 |
@@ -580,17 +580,17 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.255",
|
|
|
79b470 |
+ "--source", "192.168.122.255",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
if (virFirewallApply(fw) == 0) {
|
|
|
79b470 |
@@ -623,11 +623,11 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
int ret = -1;
|
|
|
79b470 |
const char *actual = NULL;
|
|
|
79b470 |
const char *expected =
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -D INPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -D INPUT --source 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
const struct testFirewallData *data = opaque;
|
|
|
79b470 |
|
|
|
79b470 |
fwDisabled = data->fwDisabled;
|
|
|
79b470 |
@@ -647,34 +647,34 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.255",
|
|
|
79b470 |
+ "--source", "192.168.122.255",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallStartRollback(fw, 0);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-D", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-D", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.255",
|
|
|
79b470 |
+ "--source", "192.168.122.255",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-D", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
if (virFirewallApply(fw) == 0) {
|
|
|
79b470 |
@@ -707,10 +707,10 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
int ret = -1;
|
|
|
79b470 |
const char *actual = NULL;
|
|
|
79b470 |
const char *expected =
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -D INPUT --source 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
const struct testFirewallData *data = opaque;
|
|
|
79b470 |
|
|
|
79b470 |
fwDisabled = data->fwDisabled;
|
|
|
79b470 |
@@ -730,38 +730,38 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallStartRollback(fw, 0);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-D", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallStartTransaction(fw, 0);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.255",
|
|
|
79b470 |
+ "--source", "192.168.122.255",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallStartRollback(fw, 0);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-D", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.255",
|
|
|
79b470 |
+ "--source", "192.168.122.255",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-D", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
if (virFirewallApply(fw) == 0) {
|
|
|
79b470 |
@@ -794,14 +794,14 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
int ret = -1;
|
|
|
79b470 |
const char *actual = NULL;
|
|
|
79b470 |
const char *expected =
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.127 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.127 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -D INPUT --source 192.168.122.127 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -D INPUT --source 192.168.122.255 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
const struct testFirewallData *data = opaque;
|
|
|
79b470 |
|
|
|
79b470 |
fwDisabled = data->fwDisabled;
|
|
|
79b470 |
@@ -821,14 +821,14 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallStartRollback(fw, 0);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-D", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
|
|
|
79b470 |
@@ -836,24 +836,24 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.127",
|
|
|
79b470 |
+ "--source", "192.168.122.127",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallStartRollback(fw, 0);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-D", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.127",
|
|
|
79b470 |
+ "--source", "192.168.122.127",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-D", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
|
|
|
79b470 |
@@ -861,24 +861,24 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.255",
|
|
|
79b470 |
+ "--source", "192.168.122.255",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallStartRollback(fw, VIR_FIREWALL_ROLLBACK_INHERIT_PREVIOUS);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-D", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.255",
|
|
|
79b470 |
+ "--source", "192.168.122.255",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-D", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
if (virFirewallApply(fw) == 0) {
|
|
|
79b470 |
@@ -962,7 +962,7 @@ testFirewallQueryCallback(virFirewallPtr fw,
|
|
|
79b470 |
size_t i;
|
|
|
79b470 |
virFirewallAddRule(fw, layer,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.129",
|
|
|
79b470 |
+ "--source", "!192.168.122.129",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
for (i = 0; lines[i] != NULL; i++) {
|
|
|
79b470 |
@@ -990,15 +990,15 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
int ret = -1;
|
|
|
79b470 |
const char *actual = NULL;
|
|
|
79b470 |
const char *expected =
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.127 --jump REJECT\n"
|
|
|
79b470 |
IPTABLES_PATH " -w -L\n"
|
|
|
79b470 |
IPTABLES_PATH " -w -t nat -L\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.130 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.128 --jump REJECT\n"
|
|
|
79b470 |
- IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.130 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source '!192.168.122.129' --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source '!192.168.122.129' --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source 192.168.122.128 --jump REJECT\n"
|
|
|
79b470 |
+ IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n";
|
|
|
79b470 |
const struct testFirewallData *data = opaque;
|
|
|
79b470 |
|
|
|
79b470 |
expectedLineNum = 0;
|
|
|
79b470 |
@@ -1020,14 +1020,14 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.1",
|
|
|
79b470 |
+ "--source", "192.168.122.1",
|
|
|
79b470 |
"--jump", "ACCEPT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallStartTransaction(fw, 0);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.127",
|
|
|
79b470 |
+ "--source", "192.168.122.127",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
@@ -1043,7 +1043,7 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.130",
|
|
|
79b470 |
+ "--source", "192.168.122.130",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
|
|
|
79b470 |
@@ -1051,12 +1051,12 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "192.168.122.128",
|
|
|
79b470 |
+ "--source", "192.168.122.128",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
|
|
|
79b470 |
"-A", "INPUT",
|
|
|
79b470 |
- "--source-host", "!192.168.122.1",
|
|
|
79b470 |
+ "--source", "!192.168.122.1",
|
|
|
79b470 |
"--jump", "REJECT", NULL);
|
|
|
79b470 |
|
|
|
79b470 |
if (virFirewallApply(fw) < 0)
|
|
|
79b470 |
--
|
|
|
79b470 |
2.30.0
|
|
|
79b470 |
|