| #!/bin/sh |
| |
| |
| |
| t_Log "Running $0 - iptables functional check - deny ping on loopback" |
| |
| if [ "$centos_ver" = "7" ];then |
| t_Log "CentOS $centos_ver uses firewalld and not iptables -> SKIP" |
| t_CheckExitStatus 0 |
| exit 0 |
| fi |
| |
| |
| ACL='INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -p icmp -m icmp -j REJECT' |
| COUNT='4' |
| DEADTIME='1' |
| |
| |
| /etc/init.d/iptables restart > /dev/null |
| |
| |
| ping -q -c $COUNT -i 0.25 127.0.0.1 |grep -qc "${COUNT} received" |
| |
| if [ $? == 1 ] |
| then |
| t_Log "ping to loopback failed prior to test, this should not happen" |
| t_CheckExitStatus 1 |
| fi |
| |
| |
| iptables -I ${ACL} |
| |
| ping -q -c $COUNT -i 0.25 -w $DEADTIME 127.0.0.1 > /dev/null 2>&1 |
| if [ $? == 1 ] |
| then |
| t_Log "iptables REJECT works fine" |
| ret_val=0 |
| else |
| ret_val=1 |
| fi |
| |
| |
| /etc/init.d/iptables restart > /dev/null |
| |
| t_CheckExitStatus $ret_val |
| |