Blame tests/p_iptables/iptables_function-check_test.sh
|
Christoph Galuschka |
2f0e58 |
#!/bin/sh
|
|
Christoph Galuschka |
2f0e58 |
# Author: Christoph Galuschka <christoph.galuschka@chello.at>
|
|
Christoph Galuschka |
2f0e58 |
# Athmane Madjoudj <athmanem@gmail.com>
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
t_Log "Running $0 - iptables functional check - deny ping on loopback"
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
ACL='INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -p icmp -m icmp -j REJECT'
|
|
Christoph Galuschka |
2f0e58 |
COUNT='4'
|
|
Christoph Galuschka |
2f0e58 |
DEADTIME='1'
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
# ensure we have the default iptables-setting
|
|
Christoph Galuschka |
2f0e58 |
/etc/init.d/iptables restart > /dev/null
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
# Verify it worked previously
|
|
Christoph Galuschka |
2f0e58 |
ping -q -c $COUNT -i 0.25 127.0.0.1 |grep -qc "${COUNT} received"
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
2f0e58 |
then
|
|
Christoph Galuschka |
2f0e58 |
t_Log "ping to loopback failed prior to test, this should not happen"
|
|
Christoph Galuschka |
2f0e58 |
t_CheckExitStatus 1
|
|
Christoph Galuschka |
2f0e58 |
fi
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
# Applying ACL
|
|
Christoph Galuschka |
2f0e58 |
iptables -I ${ACL}
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
ping -q -c $COUNT -i 0.25 -w $DEADTIME 127.0.0.1
|
|
Christoph Galuschka |
2f0e58 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
2f0e58 |
then
|
|
Christoph Galuschka |
2f0e58 |
t_Log "iptables REJECT works fine"
|
|
Christoph Galuschka |
2f0e58 |
ret_val=0
|
|
Christoph Galuschka |
4a5d56 |
else
|
|
Christoph Galuschka |
4a5d56 |
ret_val=1
|
|
Christoph Galuschka |
2f0e58 |
fi
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
# cleanup
|
|
Christoph Galuschka |
2f0e58 |
/etc/init.d/iptables restart > /dev/null
|
|
Christoph Galuschka |
2f0e58 |
|
|
Christoph Galuschka |
2f0e58 |
t_CheckExitStatus $ret_val
|
|
Christoph Galuschka |
2f0e58 |
|