Blame tests/p_iptables/iptables_add-remove_test.sh
|
Christoph Galuschka |
2f0e58 |
#!/bin/bash
|
|
Christoph Galuschka |
2f0e58 |
# Author: Christoph Galuschka <christoph.galuschka@chello.at>
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
t_Log "Running $0 - verify iptables can insert and delete rules"
|
|
Christoph Galuschka |
2f0e58 |
ACL='INPUT -s 1.2.3.4/32 -d 5.6.7.8/32 -p tcp -m tcp --dport 22 -j ACCEPT'
|
|
Christoph Galuschka |
2f0e58 |
FILE=/var/tmp/iptables_acl
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
# verify we are starting with default firewall
|
|
Christoph Galuschka |
2f0e58 |
/etc/init.d/iptables restart > /dev/null
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
iptables -I ${ACL}
|
|
Christoph Galuschka |
2f0e58 |
iptables-save > ${FILE}
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
# The ACL should be exactly at line 6 after "OUTPUT ACCEPT"
|
|
Christoph Galuschka |
2f0e58 |
head -6 ${FILE} |tail -1 | grep -q "${ACL}"
|
|
Christoph Galuschka |
2f0e58 |
add=$?
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
# removing ACL again
|
|
Christoph Galuschka |
2f0e58 |
iptables -D ${ACL}
|
|
Christoph Galuschka |
2f0e58 |
iptables-save > ${FILE}
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
# ACL should not be found
|
|
Christoph Galuschka |
2f0e58 |
grep -cq "${ACL}" ${FILE}
|
|
Christoph Galuschka |
2f0e58 |
del=$?
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
if [ $add==0 ] && [ $del==1 ]
|
|
Christoph Galuschka |
2f0e58 |
then
|
|
Christoph Galuschka |
2f0e58 |
ret_val=0
|
|
Christoph Galuschka |
2f0e58 |
fi
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
t_CheckExitStatus $ret_val
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
# Cleaning up
|
|
Christoph Galuschka |
2f0e58 |
/bin/rm ${FILE}
|