rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0042-test-rich-icmptypes-with-one-family.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   fa246d5a62652d5995f5491346d90675227c0901
  2.   SOURCES
  3.   0042-test-rich-icmptypes-with-one-family.patch
Blob History Raw
1ae9b3 
From 210a2580e405a852b5b64da99e6fead6a0d9e069 Mon Sep 17 00:00:00 2001
1ae9b3 
From: Eric Garver <eric@garver.life>
1ae9b3 
Date: Tue, 4 Aug 2020 11:59:04 -0400
1ae9b3 
Subject: [PATCH 42/45] test(rich): icmptypes with one family
1ae9b3
1ae9b3 
Coverage for rhbz 1855140.
1ae9b3
1ae9b3 
(cherry picked from commit 87ec14dddd742ff5fd8cce04e68c8bf9db8237e9)
1ae9b3 
(cherry picked from commit d5e74f5c4feb4a6ce060c2ded30f67a0fbe44865)
1ae9b3 
---
1ae9b3 
 src/tests/regression/regression.at  |  1 +
1ae9b3 
 src/tests/regression/rhbz1855140.at | 35 +++++++++++++++++++++++++++++
1ae9b3 
 2 files changed, 36 insertions(+)
1ae9b3 
 create mode 100644 src/tests/regression/rhbz1855140.at
1ae9b3
1ae9b3 
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
1ae9b3 
index 5c8aae7e64d3..d7b4d56239d1 100644
1ae9b3 
--- a/src/tests/regression/regression.at
1ae9b3 
+++ b/src/tests/regression/regression.at
1ae9b3 
@@ -33,3 +33,4 @@ m4_include([regression/rhbz1843398.at])
1ae9b3 
 m4_include([regression/rhbz1689429.at])
1ae9b3 
 m4_include([regression/rhbz1483921.at])
1ae9b3 
 m4_include([regression/rhbz1541077.at])
1ae9b3 
+m4_include([regression/rhbz1855140.at])
1ae9b3 
diff --git a/src/tests/regression/rhbz1855140.at b/src/tests/regression/rhbz1855140.at
1ae9b3 
new file mode 100644
1ae9b3 
index 000000000000..8059e29fe71a
1ae9b3 
--- /dev/null
1ae9b3 
+++ b/src/tests/regression/rhbz1855140.at
1ae9b3 
@@ -0,0 +1,35 @@
1ae9b3 
+FWD_START_TEST([rich rule icmptypes with one family])
1ae9b3 
+AT_KEYWORDS(rich icmp rhbz1855140)
1ae9b3 
+
1ae9b3 
+FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="echo-request" accept'], 0, ignore)
1ae9b3 
+FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="neighbour-advertisement" accept'], 0, ignore)
1ae9b3 
+FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="timestamp-request" accept'], 0, ignore)
1ae9b3 
+FWD_RELOAD
1ae9b3 
+NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
1ae9b3 
+    table inet firewalld {
1ae9b3 
+        chain filter_IN_public_allow {
1ae9b3 
+            tcp dport 22 ct state new,untracked accept
1ae9b3 
+            ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
1ae9b3 
+            tcp dport 9090 ct state new,untracked accept
1ae9b3 
+            icmp type echo-request accept
1ae9b3 
+            icmpv6 type echo-request accept
1ae9b3 
+            icmpv6 type nd-neighbor-advert accept
1ae9b3 
+            icmp type timestamp-request accept
1ae9b3 
+        }
1ae9b3 
+    }
1ae9b3 
+])
1ae9b3 
+IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
1ae9b3 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
1ae9b3 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
1ae9b3 
+    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
1ae9b3 
+    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 13
1ae9b3 
+])
1ae9b3 
+IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
1ae9b3 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
1ae9b3 
+    ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
1ae9b3 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
1ae9b3 
+    ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128
1ae9b3 
+    ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 136
1ae9b3 
+])
1ae9b3 
+
1ae9b3 
+FWD_END_TEST
1ae9b3 
--
1ae9b3 
2.27.0
1ae9b3

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation