|
 |
c8bceb |
From b276f34f53906b4fbf7ab6111332e2165a5c3f15 Mon Sep 17 00:00:00 2001
|
|
|
c8bceb |
From: Eric Garver <e@erig.me>
|
|
|
c8bceb |
Date: Wed, 5 Dec 2018 09:38:26 -0500
|
|
|
c8bceb |
Subject: [PATCH 13/23] tests/firewall-cmd: remove redundant checks for
|
|
|
c8bceb |
TESTING_FIREWALL_OFFLINE_CMD
|
|
|
c8bceb |
|
|
|
c8bceb |
These checks are now part of the list macros.
|
|
|
c8bceb |
|
|
|
c8bceb |
(cherry picked from commit 158e5db21e99c48bdd4992de46cc92162d3ba626)
|
|
|
c8bceb |
---
|
|
|
c8bceb |
src/tests/firewall-cmd.at | 50 ++++++++++++++++-----------------------
|
|
|
c8bceb |
1 file changed, 21 insertions(+), 29 deletions(-)
|
|
|
c8bceb |
|
|
|
c8bceb |
diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at
|
|
|
c8bceb |
index 82ffa9f52b47..3cb3e8a96ca7 100644
|
|
|
c8bceb |
--- a/src/tests/firewall-cmd.at
|
|
|
c8bceb |
+++ b/src/tests/firewall-cmd.at
|
|
|
c8bceb |
@@ -731,36 +731,30 @@ FWD_START_TEST([direct ebtables])
|
|
|
c8bceb |
FWD_CHECK([--direct --get-chains eb filter | grep mychain], 0, ignore)
|
|
|
c8bceb |
FWD_CHECK([--direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore)
|
|
|
c8bceb |
FWD_CHECK([--direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP], 0, ignore)
|
|
|
c8bceb |
-m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
|
|
|
c8bceb |
EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl
|
|
|
c8bceb |
--p IPv6 -j DROP
|
|
|
c8bceb |
--p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP
|
|
|
c8bceb |
--j RETURN
|
|
|
c8bceb |
-])
|
|
|
c8bceb |
-])
|
|
|
c8bceb |
+ -p IPv6 -j DROP
|
|
|
c8bceb |
+ -p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP
|
|
|
c8bceb |
+ -j RETURN
|
|
|
c8bceb |
+ ])
|
|
|
c8bceb |
FWD_CHECK([--direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore)
|
|
|
c8bceb |
-m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
|
|
|
c8bceb |
EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl
|
|
|
c8bceb |
--p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP
|
|
|
c8bceb |
--j RETURN
|
|
|
c8bceb |
-])
|
|
|
c8bceb |
-])
|
|
|
c8bceb |
+ -p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP
|
|
|
c8bceb |
+ -j RETURN
|
|
|
c8bceb |
+ ])
|
|
|
c8bceb |
|
|
|
c8bceb |
FWD_CHECK([--direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP], 0, ignore)
|
|
|
c8bceb |
FWD_CHECK([--direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP], 0, ignore)
|
|
|
c8bceb |
-m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [dnl
|
|
|
c8bceb |
-m4_if(nftables, FIREWALL_BACKEND, [dnl
|
|
|
c8bceb |
- EBTABLES_LIST_RULES([filter], [INPUT], 0, [dnl
|
|
|
c8bceb |
--p IPv6 -j DROP
|
|
|
c8bceb |
--p IPv6 -j DROP
|
|
|
c8bceb |
-])], [dnl
|
|
|
c8bceb |
- EBTABLES_LIST_RULES([filter], [INPUT_direct], 0, [dnl
|
|
|
c8bceb |
--p IPv6 -j DROP
|
|
|
c8bceb |
--p IPv6 -j DROP
|
|
|
c8bceb |
--j RETURN
|
|
|
c8bceb |
-])
|
|
|
c8bceb |
-])
|
|
|
c8bceb |
-])
|
|
|
c8bceb |
+ m4_if(nftables, FIREWALL_BACKEND, [dnl
|
|
|
c8bceb |
+ EBTABLES_LIST_RULES([filter], [INPUT], 0, [dnl
|
|
|
c8bceb |
+ -p IPv6 -j DROP
|
|
|
c8bceb |
+ -p IPv6 -j DROP
|
|
|
c8bceb |
+ ])], [dnl
|
|
|
c8bceb |
+ EBTABLES_LIST_RULES([filter], [INPUT_direct], 0, [dnl
|
|
|
c8bceb |
+ -p IPv6 -j DROP
|
|
|
c8bceb |
+ -p IPv6 -j DROP
|
|
|
c8bceb |
+ -j RETURN
|
|
|
c8bceb |
+ ])
|
|
|
c8bceb |
+ ])
|
|
|
c8bceb |
|
|
|
c8bceb |
FWD_CHECK([--direct --remove-rules eb filter INPUT], 0, ignore)
|
|
|
c8bceb |
FWD_CHECK([--direct --remove-rules eb filter mychain], 0, ignore)
|
|
|
c8bceb |
@@ -769,12 +763,10 @@ m4_if(nftables, FIREWALL_BACKEND, [dnl
|
|
|
c8bceb |
FWD_CHECK([--permanent --direct --get-chains eb filter | grep mychain], 0, ignore)
|
|
|
c8bceb |
FWD_CHECK([--permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore)
|
|
|
c8bceb |
FWD_RELOAD
|
|
|
c8bceb |
-m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
|
|
|
c8bceb |
EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl
|
|
|
c8bceb |
--p IPv6 -j DROP
|
|
|
c8bceb |
--j RETURN
|
|
|
c8bceb |
-])
|
|
|
c8bceb |
-])
|
|
|
c8bceb |
+ -p IPv6 -j DROP
|
|
|
c8bceb |
+ -j RETURN
|
|
|
c8bceb |
+ ])
|
|
|
c8bceb |
FWD_END_TEST
|
|
|
c8bceb |
|
|
|
c8bceb |
FWD_START_TEST([lockdown])
|
|
|
c8bceb |
--
|
|
|
c8bceb |
2.20.1
|
|
|
c8bceb |
|