|
|
136e2c |
From 0d4399979436388b16b8a4c94967b25e6b0d6250 Mon Sep 17 00:00:00 2001
|
|
|
136e2c |
From: Eric Garver <eric@garver.life>
|
|
|
136e2c |
Date: Wed, 17 Apr 2019 17:06:11 -0400
|
|
|
136e2c |
Subject: [PATCH 31/73] test: add test to check for nftables helper objects
|
|
|
136e2c |
|
|
|
136e2c |
Coverage for gh #453.
|
|
|
136e2c |
|
|
|
136e2c |
(cherry picked from commit a8930f0b694c871d9f0f7cdef0696afd81327817)
|
|
|
136e2c |
(cherry picked from commit 34c16a09e0678c1b79dbe897b1c4dfe75a27c308)
|
|
|
136e2c |
---
|
|
|
136e2c |
src/tests/regression.at | 1 +
|
|
|
136e2c |
src/tests/regression/gh453.at | 52 +++++++++++++++++++++++++++++++++++
|
|
|
136e2c |
2 files changed, 53 insertions(+)
|
|
|
136e2c |
create mode 100644 src/tests/regression/gh453.at
|
|
|
136e2c |
|
|
|
136e2c |
diff --git a/src/tests/regression.at b/src/tests/regression.at
|
|
|
136e2c |
index ab11a013897c..8bcb576238e6 100644
|
|
|
136e2c |
--- a/src/tests/regression.at
|
|
|
136e2c |
+++ b/src/tests/regression.at
|
|
|
136e2c |
@@ -18,3 +18,4 @@ m4_include([regression/gh303.at])
|
|
|
136e2c |
m4_include([regression/gh335.at])
|
|
|
136e2c |
m4_include([regression/gh482.at])
|
|
|
136e2c |
m4_include([regression/gh478.at])
|
|
|
136e2c |
+m4_include([regression/gh453.at])
|
|
|
136e2c |
diff --git a/src/tests/regression/gh453.at b/src/tests/regression/gh453.at
|
|
|
136e2c |
new file mode 100644
|
|
|
136e2c |
index 000000000000..44bf98cbda96
|
|
|
136e2c |
--- /dev/null
|
|
|
136e2c |
+++ b/src/tests/regression/gh453.at
|
|
|
136e2c |
@@ -0,0 +1,52 @@
|
|
|
136e2c |
+m4_if(nftables, FIREWALL_BACKEND, [
|
|
|
136e2c |
+FWD_START_TEST([nftables helper objects])
|
|
|
136e2c |
+AT_KEYWORDS(helper gh453)
|
|
|
136e2c |
+
|
|
|
136e2c |
+FWD_CHECK([-q --add-service=ftp])
|
|
|
136e2c |
+NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-ftp-tcp"], 0, [m4_strip([dnl
|
|
|
136e2c |
+ ct helper helper-ftp-tcp {
|
|
|
136e2c |
+ type "ftp" protocol tcp
|
|
|
136e2c |
+ l3proto inet
|
|
|
136e2c |
+ }
|
|
|
136e2c |
+])])
|
|
|
136e2c |
+NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
|
|
136e2c |
+ table inet firewalld {
|
|
|
136e2c |
+ chain filter_IN_public_allow {
|
|
|
136e2c |
+ tcp dport 22 ct state new,untracked accept
|
|
|
136e2c |
+ ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
136e2c |
+ tcp dport 21 ct helper set "helper-ftp-tcp"
|
|
|
136e2c |
+ tcp dport 21 ct state new,untracked accept
|
|
|
136e2c |
+ }
|
|
|
136e2c |
+ }
|
|
|
136e2c |
+])
|
|
|
136e2c |
+
|
|
|
136e2c |
+FWD_CHECK([-q --add-service=sip])
|
|
|
136e2c |
+NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-tcp"], 0, [m4_strip([dnl
|
|
|
136e2c |
+ ct helper helper-sip-tcp {
|
|
|
136e2c |
+ type "sip" protocol tcp
|
|
|
136e2c |
+ l3proto inet
|
|
|
136e2c |
+ }
|
|
|
136e2c |
+])])
|
|
|
136e2c |
+NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-udp"], 0, [m4_strip([dnl
|
|
|
136e2c |
+ ct helper helper-sip-udp {
|
|
|
136e2c |
+ type "sip" protocol udp
|
|
|
136e2c |
+ l3proto inet
|
|
|
136e2c |
+ }
|
|
|
136e2c |
+])])
|
|
|
136e2c |
+NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
|
|
136e2c |
+ table inet firewalld {
|
|
|
136e2c |
+ chain filter_IN_public_allow {
|
|
|
136e2c |
+ tcp dport 22 ct state new,untracked accept
|
|
|
136e2c |
+ ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
136e2c |
+ tcp dport 21 ct helper set "helper-ftp-tcp"
|
|
|
136e2c |
+ tcp dport 21 ct state new,untracked accept
|
|
|
136e2c |
+ tcp dport 5060 ct helper set "helper-sip-tcp"
|
|
|
136e2c |
+ udp dport 5060 ct helper set "helper-sip-udp"
|
|
|
136e2c |
+ tcp dport 5060 ct state new,untracked accept
|
|
|
136e2c |
+ udp dport 5060 ct state new,untracked accept
|
|
|
136e2c |
+ }
|
|
|
136e2c |
+ }
|
|
|
136e2c |
+])
|
|
|
136e2c |
+
|
|
|
136e2c |
+FWD_END_TEST
|
|
|
136e2c |
+])
|
|
|
136e2c |
--
|
|
|
136e2c |
2.20.1
|
|
|
136e2c |
|