rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/firewalld-0.4.3.2-support_sctp_and_dccp_rhbz#1429808.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   34e49f22c8176a2617842ba1ff40fb85a9aabe65
  2.   SOURCES
  3.   firewalld-0.4.3.2-support_sctp_and_dccp_rhbz#1429808.patch
Blob History Raw
34e49f 
diff -up firewalld-0.4.3.2/doc/xml/firewalld.service.xml.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/doc/xml/firewalld.service.xml
34e49f 
--- firewalld-0.4.3.2/doc/xml/firewalld.service.xml.support_sctp_and_dccp_rhbz#1429808	2016-06-02 14:02:31.000000000 +0200
34e49f 
+++ firewalld-0.4.3.2/doc/xml/firewalld.service.xml	2017-04-13 12:23:16.775979161 +0200
34e49f 
@@ -136,7 +136,7 @@
34e49f 
 	  <term>protocol="<replaceable>string</replaceable>"</term>
34e49f 
           <listitem>
34e49f 
 	    <para>
34e49f 
-              The protocol value can either be <option>tcp</option> or <option>udp</option>.
34e49f 
+              The protocol value can either be <option>tcp</option>, <option>udp</option>, <option>sctp</option> or <option>dccp</option>.
34e49f 
 	    </para>
34e49f 
 	  </listitem>
34e49f 
 	</varlistentry>
34e49f 
@@ -185,7 +185,7 @@
34e49f 
 	  <term>protocol="<replaceable>string</replaceable>"</term>
34e49f 
           <listitem>
34e49f 
 	    <para>
34e49f 
-              The protocol value can either be <option>tcp</option> or <option>udp</option>.
34e49f 
+              The protocol value can either be <option>tcp</option>, <option>udp</option>, <option>sctp</option> or <option>dccp</option>.
34e49f 
 	    </para>
34e49f 
 	  </listitem>
34e49f 
 	</varlistentry>
34e49f 
diff -up firewalld-0.4.3.2/doc/xml/firewalld.zone.xml.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/doc/xml/firewalld.zone.xml
34e49f 
--- firewalld-0.4.3.2/doc/xml/firewalld.zone.xml.support_sctp_and_dccp_rhbz#1429808	2017-04-13 12:23:13.992969009 +0200
34e49f 
+++ firewalld-0.4.3.2/doc/xml/firewalld.zone.xml	2017-04-13 12:26:33.882698141 +0200
34e49f 
@@ -73,24 +73,24 @@
34e49f 
   [ <interface name="<replaceable>string</replaceable>"/> ]
34e49f 
   [ <source address="<replaceable>address</replaceable>[/<replaceable>mask</replaceable>]"|mac="<replaceable>MAC</replaceable>"|ipset="<replaceable>ipset</replaceable>"/> ]
34e49f 
   [ <service name="<replaceable>string</replaceable>"/> ]
34e49f 
-  [ <port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>"/> ]
34e49f 
+  [ <port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/> ]
34e49f 
   [ <protcol value="<replaceable>protocol</replaceable>"/> ]
34e49f 
   [ <icmp-block name="<replaceable>string</replaceable>"/> ]
34e49f 
   [ <icmp-block-inversion/> ]
34e49f 
   [ <masquerade/> ]
34e49f 
-  [ <forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>ipv4address</replaceable>"]/> ]
34e49f 
-  [ <source-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>"/> ]
34e49f 
+  [ <forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>ipv4address</replaceable>"]/> ]
34e49f 
+  [ <source-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/> ]
34e49f 
   [
34e49f 
     <rule [family="<literal>ipv4</literal>|<literal>ipv6</literal>"]>
34e49f 
     [ <source address="<replaceable>address</replaceable>[/<replaceable>mask</replaceable>]"|mac="<replaceable>MAC</replaceable>"|ipset="<replaceable>ipset</replaceable>" [invert="<replaceable>True</replaceable>"]/> ]
34e49f 
     [ <destination address="<replaceable>address</replaceable>[/<replaceable>mask</replaceable>]" [invert="<replaceable>True</replaceable>"]/> ]
34e49f 
     [
34e49f 
       <service name="<replaceable>string</replaceable>"/> |
34e49f 
-      <port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>"/> |
34e49f 
+      <port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/> |
34e49f 
       <protocol value="<replaceable>protocol</replaceable>"/> |
34e49f 
       <icmp-block name="<replaceable>icmptype</replaceable>"/> |
34e49f 
       <masquerade/> |
34e49f 
-      <forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>address</replaceable>"]/>
34e49f 
+      <forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>address</replaceable>"]/>
34e49f 
     ]
34e49f 
     [ <log [prefix="<replaceable>prefixtext</replaceable>"] [level="<literal>emerg</literal>|<literal>alert</literal>|<literal>crit</literal>|<literal>err</literal>|<literal>warn</literal>|<literal>notice</literal>|<literal>info</literal>|<literal>debug</literal>"]> [<limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/>] </log> ]
34e49f 
     [ <audit> [<limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/>] </audit> ]
34e49f 
@@ -248,10 +248,10 @@
34e49f 
 	</varlistentry>
34e49f
34e49f 
 	<varlistentry>
34e49f 
-	  <term>protocol="<literal>tcp</literal>|<literal>udp</literal>"</term>
34e49f 
+	  <term>protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"</term>
34e49f 
           <listitem>
34e49f 
 	    <para>
34e49f 
-	      The protocol can either be <replaceable>tcp</replaceable> or <replaceable>udp</replaceable>.
34e49f 
+	      The protocol can either be <replaceable>tcp</replaceable>, <option>udp</option>, <option>sctp</option> or <option>dccp</option>.
34e49f 
 	    </para>
34e49f 
 	  </listitem>
34e49f 
 	</varlistentry>
34e49f 
@@ -328,10 +328,10 @@
34e49f 
 	  </varlistentry>
34e49f
34e49f 
 	  <varlistentry>
34e49f 
-	    <term>protocol="<literal>tcp</literal>|<literal>udp</literal>"</term>
34e49f 
+	    <term>protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"</term>
34e49f 
             <listitem>
34e49f 
 	      <para>
34e49f 
-		The protocol can either be <replaceable>tcp</replaceable> or <replaceable>udp</replaceable>.
34e49f 
+		The protocol can either be <replaceable>tcp</replaceable>, <option>udp</option>, <option>sctp</option> or <option>dccp</option>.
34e49f 
 	      </para>
34e49f 
 	    </listitem>
34e49f 
 	  </varlistentry>
34e49f 
@@ -381,10 +381,10 @@
34e49f 
 	</varlistentry>
34e49f
34e49f 
 	<varlistentry>
34e49f 
-	  <term>protocol="<literal>tcp</literal>|<literal>udp</literal>"</term>
34e49f 
+	  <term>protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"</term>
34e49f 
           <listitem>
34e49f 
 	    <para>
34e49f 
-	      The protocol can either be <replaceable>tcp</replaceable> or <replaceable>udp</replaceable>.
34e49f 
+	      The protocol can either be <replaceable>tcp</replaceable>, <option>udp</option>, <option>sctp</option> or <option>dccp</option>.
34e49f 
 	    </para>
34e49f 
 	  </listitem>
34e49f 
 	</varlistentry>
34e49f 
@@ -405,12 +405,12 @@
34e49f 
   [ <destination address="<replaceable>address</replaceable>[/<replaceable>mask</replaceable>]" [invert="<replaceable>True</replaceable>"]/> ]
34e49f 
   [
34e49f 
     <service name="<replaceable>string</replaceable>"/> |
34e49f 
-    <port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>"/> |
34e49f 
+    <port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/> |
34e49f 
     <protocol value="<replaceable>protocol</replaceable>"/> |
34e49f 
     <icmp-block name="<replaceable>icmptype</replaceable>"/> |
34e49f 
     <masquerade/> |
34e49f 
-    <forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>address</replaceable>"]/> |
34e49f 
-    <source-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>"/> |
34e49f 
+    <forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>address</replaceable>"]/> |
34e49f 
+    <source-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/> |
34e49f 
   ]
34e49f 
   [ <log [prefix="<replaceable>prefixtext</replaceable>"] [level="<literal>emerg</literal>|<literal>alert</literal>|<literal>crit</literal>|<literal>err</literal>|<literal>warn</literal>|<literal>notice</literal>|<literal>info</literal>|<literal>debug</literal>"]/> [<limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/>] </log> ]
34e49f 
   [ <audit> [<limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/>] </audit> ]
34e49f 
diff -up firewalld-0.4.3.2/src/firewall/command.py.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall/command.py
34e49f 
--- firewalld-0.4.3.2/src/firewall/command.py.support_sctp_and_dccp_rhbz#1429808	2017-04-13 12:23:14.019969107 +0200
34e49f 
+++ firewalld-0.4.3.2/src/firewall/command.py	2017-04-13 12:23:16.782979187 +0200
34e49f 
@@ -261,9 +261,10 @@ class FirewallCommand(object):
34e49f 
                                 "portid[-portid]%sprotocol" % separator)
34e49f 
         if not check_port(port):
34e49f 
             raise FirewallError(errors.INVALID_PORT, port)
34e49f 
-        if proto not in [ "tcp", "udp" ]:
34e49f 
+        if proto not in [ "tcp", "udp", "sctp", "dccp" ]:
34e49f 
             raise FirewallError(errors.INVALID_PROTOCOL,
34e49f 
-                                "'%s' not in {'tcp'|'udp'}" % proto)
34e49f 
+                                "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \
34e49f 
+                                proto)
34e49f 
         return (port, proto)
34e49f
34e49f 
     def parse_forward_port(self, value):
34e49f 
@@ -295,9 +296,10 @@ class FirewallCommand(object):
34e49f
34e49f 
         if not check_port(port):
34e49f 
             raise FirewallError(errors.INVALID_PORT, port)
34e49f 
-        if protocol not in [ "tcp", "udp" ]:
34e49f 
+        if protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
34e49f 
             raise FirewallError(errors.INVALID_PROTOCOL,
34e49f 
-                                "'%s' not in {'tcp'|'udp'}" % protocol)
34e49f 
+                                "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \
34e49f 
+                                protocol)
34e49f 
         if toport and not check_port(toport):
34e49f 
             raise FirewallError(errors.INVALID_PORT, toport)
34e49f 
         if toaddr and not check_single_address("ipv4", toaddr):
34e49f 
diff -up firewalld-0.4.3.2/src/firewall-config.glade.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall-config.glade
34e49f 
--- firewalld-0.4.3.2/src/firewall-config.glade.support_sctp_and_dccp_rhbz#1429808	2016-06-29 12:04:52.000000000 +0200
34e49f 
+++ firewalld-0.4.3.2/src/firewall-config.glade	2017-04-13 12:23:16.781979183 +0200
34e49f 
@@ -1144,6 +1144,8 @@
34e49f 
                     <items>
34e49f 
                       <item>tcp</item>
34e49f 
                       <item>udp</item>
34e49f 
+                      <item>sctp</item>
34e49f 
+                      <item>dccp</item>
34e49f 
                     </items>
34e49f 
                     <signal name="changed" handler="onForwardChanged" swapped="no"/>
34e49f 
                   </object>
34e49f 
@@ -8074,6 +8076,8 @@
34e49f 
                     <items>
34e49f 
                       <item>tcp</item>
34e49f 
                       <item>udp</item>
34e49f 
+                      <item>sctp</item>
34e49f 
+                      <item>dccp</item>
34e49f 
                     </items>
34e49f 
                     <signal name="changed" handler="onPortChanged" swapped="no"/>
34e49f 
                   </object>
34e49f 
@@ -8475,6 +8479,7 @@
34e49f 
                       <item translatable="yes">- Select -</item>
34e49f 
                       <item>ah</item>
34e49f 
                       <item>esp</item>
34e49f 
+                      <item>dccp</item>
34e49f 
                       <item>ddp</item>
34e49f 
                       <item>icmp</item>
34e49f 
                       <item>igmp</item>
34e49f 
diff -up firewalld-0.4.3.2/src/firewall/core/fw.py.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall/core/fw.py
34e49f 
--- firewalld-0.4.3.2/src/firewall/core/fw.py.support_sctp_and_dccp_rhbz#1429808	2017-04-13 12:23:14.022969118 +0200
34e49f 
+++ firewalld-0.4.3.2/src/firewall/core/fw.py	2017-04-13 12:23:16.782979187 +0200
34e49f 
@@ -915,9 +915,10 @@ class Firewall(object):
34e49f 
     def check_tcpudp(self, protocol):
34e49f 
         if not protocol:
34e49f 
             raise FirewallError(errors.MISSING_PROTOCOL)
34e49f 
-        if protocol not in [ "tcp", "udp" ]:
34e49f 
+        if protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
34e49f 
             raise FirewallError(errors.INVALID_PROTOCOL,
34e49f 
-                                "'%s' not in {'tcp'|'udp'}" % protocol)
34e49f 
+                                "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \
34e49f 
+                                protocol)
34e49f
34e49f 
     def check_ip(self, ip):
34e49f 
         if not functions.checkIP(ip):
34e49f 
diff -up firewalld-0.4.3.2/src/firewall/core/fw_test.py.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall/core/fw_test.py
34e49f 
--- firewalld-0.4.3.2/src/firewall/core/fw_test.py.support_sctp_and_dccp_rhbz#1429808	2016-04-19 16:36:12.000000000 +0200
34e49f 
+++ firewalld-0.4.3.2/src/firewall/core/fw_test.py	2017-04-13 12:23:16.783979190 +0200
34e49f 
@@ -421,9 +421,10 @@ class Firewall_test(object):
34e49f 
     def check_tcpudp(self, protocol):
34e49f 
         if not protocol:
34e49f 
             raise FirewallError(errors.MISSING_PROTOCOL)
34e49f 
-        if not protocol in [ "tcp", "udp" ]:
34e49f 
+        if not protocol in [ "tcp", "udp", "sctp", "dccp" ]:
34e49f 
             raise FirewallError(errors.INVALID_PROTOCOL,
34e49f 
-                                "'%s' not in {'tcp'|'udp'}" % protocol)
34e49f 
+                                "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \
34e49f 
+                                protocol)
34e49f
34e49f 
     def check_ip(self, ip):
34e49f 
         if not functions.checkIP(ip):
34e49f 
diff -up firewalld-0.4.3.2/src/firewall/core/io/io_object.py.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall/core/io/io_object.py
34e49f 
--- firewalld-0.4.3.2/src/firewall/core/io/io_object.py.support_sctp_and_dccp_rhbz#1429808	2016-05-30 00:02:39.000000000 +0200
34e49f 
+++ firewalld-0.4.3.2/src/firewall/core/io/io_object.py	2017-04-13 12:23:16.783979190 +0200
34e49f 
@@ -285,9 +285,10 @@ def check_port(port):
34e49f 
                             "'%s' is invalid port range" % port)
34e49f
34e49f 
 def check_tcpudp(protocol):
34e49f 
-    if protocol not in [ "tcp", "udp" ]:
34e49f 
+    if protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
34e49f 
         raise FirewallError(errors.INVALID_PROTOCOL,
34e49f 
-                            "'%s' not from {'tcp'|'udp'}" % protocol)
34e49f 
+                            "'%s' not from {'tcp'|'udp'|'sctp'|'dccp'}" % \
34e49f 
+                            protocol)
34e49f
34e49f 
 def check_protocol(protocol):
34e49f 
     if not functions.checkProtocol(protocol):
34e49f 
diff -up firewalld-0.4.3.2/src/firewall/core/rich.py.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall/core/rich.py
34e49f 
--- firewalld-0.4.3.2/src/firewall/core/rich.py.support_sctp_and_dccp_rhbz#1429808	2016-05-19 17:30:27.000000000 +0200
34e49f 
+++ firewalld-0.4.3.2/src/firewall/core/rich.py	2017-04-13 12:23:16.783979190 +0200
34e49f 
@@ -561,7 +561,7 @@ class Rich_Rule(object):
34e49f 
         elif type(self.element) == Rich_Port:
34e49f 
             if not functions.check_port(self.element.port):
34e49f 
                 raise FirewallError(errors.INVALID_PORT, self.element.port)
34e49f 
-            if self.element.protocol not in [ "tcp", "udp" ]:
34e49f 
+            if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
34e49f 
                 raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol)
34e49f
34e49f 
         # protocol
34e49f 
@@ -589,7 +589,7 @@ class Rich_Rule(object):
34e49f 
         elif type(self.element) == Rich_ForwardPort:
34e49f 
             if not functions.check_port(self.element.port):
34e49f 
                 raise FirewallError(errors.INVALID_PORT, self.element.port)
34e49f 
-            if self.element.protocol not in [ "tcp", "udp" ]:
34e49f 
+            if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
34e49f 
                 raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol)
34e49f 
             if self.element.to_port == "" and self.element.to_address == "":
34e49f 
                 raise FirewallError(errors.INVALID_PORT, self.element.to_port)
34e49f 
@@ -609,7 +609,7 @@ class Rich_Rule(object):
34e49f 
         elif type(self.element) == Rich_SourcePort:
34e49f 
             if not functions.check_port(self.element.port):
34e49f 
                 raise FirewallError(errors.INVALID_PORT, self.element.port)
34e49f 
-            if self.element.protocol not in [ "tcp", "udp" ]:
34e49f 
+            if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
34e49f 
                 raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol)
34e49f
34e49f 
         # other element and not empty?
34e49f 
diff -up firewalld-0.4.3.2/src/tests/firewall-cmd_test.sh.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/tests/firewall-cmd_test.sh
34e49f 
--- firewalld-0.4.3.2/src/tests/firewall-cmd_test.sh.support_sctp_and_dccp_rhbz#1429808	2017-04-13 12:23:14.015969093 +0200
34e49f 
+++ firewalld-0.4.3.2/src/tests/firewall-cmd_test.sh	2017-04-13 12:23:16.784979194 +0200
34e49f 
@@ -339,6 +339,15 @@ assert_good " --query-port=111-222/udp -
34e49f 
 assert_good "--remove-port 111-222/udp"
34e49f 
 assert_bad  " --query-port=111-222/udp"
34e49f
34e49f 
+assert_good "   --add-port=5000/sctp"
34e49f 
+assert_good " --query-port=5000/sctp --zone=${default_zone}"
34e49f 
+assert_good "--remove-port 5000/sctp"
34e49f 
+assert_bad  " --query-port=5000/sctp"
34e49f 
+assert_good "   --add-port=222/dccp"
34e49f 
+assert_good " --query-port=222/dccp --zone=${default_zone}"
34e49f 
+assert_good "--remove-port 222/dccp"
34e49f 
+assert_bad  " --query-port=222/dccp"
34e49f 
+
34e49f 
 assert_bad  "--permanent    --add-port=666" # no protocol
34e49f 
 assert_bad  "--permanent    --add-port=666/dummy" # bad protocol
34e49f 
 assert_good "--permanent    --add-port=666/tcp"
34e49f 
@@ -348,6 +357,15 @@ assert_good "--permanent  --query-port=1
34e49f 
 assert_good "--permanent --remove-port 111-222/udp"
34e49f 
 assert_bad  "--permanent  --query-port=111-222/udp"
34e49f
34e49f 
+assert_good "--permanent    --add-port=5000/sctp"
34e49f 
+assert_good "--permanent  --query-port=5000/sctp --zone=${default_zone}"
34e49f 
+assert_good "--permanent --remove-port 5000/sctp"
34e49f 
+assert_bad  "--permanent  --query-port=5000/sctp"
34e49f 
+assert_good "--permanent    --add-port=222/dccp"
34e49f 
+assert_good "--permanent  --query-port=222/dccp --zone=${default_zone}"
34e49f 
+assert_good "--permanent --remove-port 222/dccp"
34e49f 
+assert_bad  "--permanent  --query-port=222/dccp"
34e49f 
+
34e49f 
 assert_good "   --add-port=80/tcp --add-port 443-444/udp"
34e49f 
 assert_good " --query-port=80/tcp --zone=${default_zone}"
34e49f 
 assert_good " --query-port=443-444/udp"
34e49f 
@@ -488,6 +506,10 @@ assert_good "   --add-forward-port=port=
34e49f 
 assert_good " --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=${default_zone}"
34e49f 
 assert_good "--remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
34e49f 
 assert_bad  " --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
34e49f 
+assert_good "   --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
34e49f 
+assert_good " --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=${default_zone}"
34e49f 
+assert_good "--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
34e49f 
+assert_bad  " --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
34e49f
34e49f 
 assert_bad  "--permanent         --add-forward-port=666" # no protocol
34e49f 
 assert_good "--permanent    --add-forward-port=port=11:proto=tcp:toport=22 --zone=${default_zone}"
34e49f 
@@ -499,6 +521,10 @@ assert_good "--permanent    --add-forwar
34e49f 
 assert_good "--permanent  --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
34e49f 
 assert_good "--permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
34e49f 
 assert_bad  "--permanent  --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
34e49f 
+assert_good "--permanent    --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
34e49f 
+assert_good "--permanent  --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=${default_zone}"
34e49f 
+assert_good "--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
34e49f 
+assert_bad  "--permanent  --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
34e49f
34e49f 
 assert_good "   --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200"
34e49f 
 assert_good " --query-forward-port=port=100:proto=tcp:toport=200"
34e49f 
@@ -598,6 +624,18 @@ assert_good "--permanent --icmptype=${my
34e49f 
 assert_good "--permanent --icmptype=${myicmp} --remove-destination=ipv4"
34e49f 
 assert_bad "--permanent --icmptype=${myicmp} --query-destination=ipv4"
34e49f
34e49f 
+# test sctp and dccp ports
34e49f 
+assert_good "--permanent --service=${myservice} --add-port=666/sctp"
34e49f 
+assert_good "--permanent --service=${myservice} --remove-port=666/sctp"
34e49f 
+assert_good "--permanent --service=${myservice} --remove-port 666/sctp"
34e49f 
+assert_bad  "--permanent --service=${myservice} --query-port=666/sctp"
34e49f 
+assert_good "--permanent --service=${myservice} --add-port=999/dccp"
34e49f 
+assert_good "--permanent --service=${myservice} --remove-port=999/dccp"
34e49f 
+assert_good "--permanent --service=${myservice} --remove-port 999/dccp"
34e49f 
+assert_bad  "--permanent --service=${myservice} --query-port=999/dccp"
34e49f 
+assert_good "--permanent --service=${myservice} --add-port=666/sctp"
34e49f 
+assert_good "--permanent --service=${myservice} --add-port=999/dccp"
34e49f 
+
34e49f 
 # add them to zone
34e49f 
 assert_good "--permanent --zone=${myzone} --add-service=${myservice}"
34e49f 
 assert_good "--permanent --zone=${myzone} --add-icmp-block=${myicmp}"
34e49f 
@@ -886,7 +924,9 @@ good_rules=(
34e49f 
  'rule family="ipv4" source address="192.168.1.0/24" masquerade'
34e49f 
  'rule family="ipv4" destination address="192.168.1.0/24" masquerade' # masquerade & destination
34e49f 
  'rule family="ipv6" masquerade'
34e49f 
- 'rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"')
34e49f 
+ 'rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"'
34e49f 
+ 'rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"'
34e49f 
+ 'rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"')
34e49f
34e49f 
 for (( i=0;i<${#good_rules[@]};i++)); do
34e49f 
   rule=${good_rules[${i}]}
34e49f 
diff -up firewalld-0.4.3.2/src/tests/firewall-offline-cmd_test.sh.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/tests/firewall-offline-cmd_test.sh
34e49f 
--- firewalld-0.4.3.2/src/tests/firewall-offline-cmd_test.sh.support_sctp_and_dccp_rhbz#1429808	2017-04-13 12:23:14.015969093 +0200
34e49f 
+++ firewalld-0.4.3.2/src/tests/firewall-offline-cmd_test.sh	2017-04-13 12:23:16.784979194 +0200
34e49f 
@@ -332,6 +332,15 @@ assert_good " --query-port=111-222/udp -
34e49f 
 assert_good "--remove-port 111-222/udp"
34e49f 
 assert_bad  " --query-port=111-222/udp"
34e49f
34e49f 
+assert_good "   --add-port=5000/sctp"
34e49f 
+assert_good " --query-port=5000/sctp --zone=${default_zone}"
34e49f 
+assert_good "--remove-port 5000/sctp"
34e49f 
+assert_bad  " --query-port=5000/sctp"
34e49f 
+assert_good "   --add-port=222/dccp"
34e49f 
+assert_good " --query-port=222/dccp --zone=${default_zone}"
34e49f 
+assert_good "--remove-port 222/dccp"
34e49f 
+assert_bad  " --query-port=222/dccp"
34e49f 
+
34e49f 
 assert_good "   --add-port=80/tcp --add-port 443-444/udp"
34e49f 
 assert_good " --query-port=80/tcp --zone=${default_zone}"
34e49f 
 assert_good " --query-port=443-444/udp"
34e49f 
@@ -409,6 +418,10 @@ assert_good "   --add-forward-port=port=
34e49f 
 assert_good " --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=${default_zone}"
34e49f 
 assert_good "--remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
34e49f 
 assert_bad  " --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
34e49f 
+assert_good "   --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
34e49f 
+assert_good " --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=${default_zone}"
34e49f 
+assert_good "--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
34e49f 
+assert_bad  " --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
34e49f
34e49f 
 assert_good "   --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200"
34e49f 
 assert_good " --query-forward-port=port=100:proto=tcp:toport=200"
34e49f 
@@ -495,6 +508,18 @@ assert_good "--icmptype=${myicmp} --quer
34e49f 
 assert_good "--icmptype=${myicmp} --remove-destination=ipv4"
34e49f 
 assert_bad "--icmptype=${myicmp} --query-destination=ipv4"
34e49f
34e49f 
+# test sctp and dccp ports
34e49f 
+assert_good "--service=${myservice} --add-port=666/sctp"
34e49f 
+assert_good "--service=${myservice} --remove-port=666/sctp"
34e49f 
+assert_good "--service=${myservice} --remove-port 666/sctp"
34e49f 
+assert_bad  "--service=${myservice} --query-port=666/sctp"
34e49f 
+assert_good "--service=${myservice} --add-port=999/dccp"
34e49f 
+assert_good "--service=${myservice} --remove-port=999/dccp"
34e49f 
+assert_good "--service=${myservice} --remove-port 999/dccp"
34e49f 
+assert_bad  "--service=${myservice} --query-port=999/dccp"
34e49f 
+assert_good "--service=${myservice} --add-port=666/sctp"
34e49f 
+assert_good "--service=${myservice} --add-port=999/dccp"
34e49f 
+
34e49f 
 # add them to zone
34e49f 
 assert_good "--zone=${myzone} --add-service=${myservice}"
34e49f 
 assert_good "--zone=${myzone} --add-icmp-block=${myicmp}"
34e49f 
@@ -668,7 +693,9 @@ good_rules=(
34e49f 
  'rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirect" level="info" limit value="4/m"'
34e49f 
  'rule family="ipv4" source address="192.168.1.0/24" masquerade'
34e49f 
  'rule family="ipv6" masquerade'
34e49f 
- 'rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"')
34e49f 
+ 'rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"'
34e49f 
+ 'rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"'
34e49f 
+ 'rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"')
34e49f
34e49f 
 for (( i=0;i<${#good_rules[@]};i++)); do
34e49f 
   rule=${good_rules[${i}]}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation