|
 |
24f428 |
From 9b204ffe814f6e37f83eed328a0225b8ac8156bb Mon Sep 17 00:00:00 2001
|
|
|
24f428 |
From: Eric Garver <e@erig.me>
|
|
|
24f428 |
Date: Mon, 17 Dec 2018 12:42:16 -0500
|
|
|
24f428 |
Subject: [PATCH 15/23] tests/firewall-cmd: Coverage for interface wildcarding
|
|
|
24f428 |
|
|
|
24f428 |
Coverage for rhbz 1644025.
|
|
|
24f428 |
|
|
|
24f428 |
(cherry picked from commit e3f936080ff57884df20b5def241593eecb10364)
|
|
|
24f428 |
---
|
|
|
24f428 |
src/tests/firewall-cmd.at | 28 ++++++++++++++++++++++++++++
|
|
|
24f428 |
1 file changed, 28 insertions(+)
|
|
|
24f428 |
|
|
|
24f428 |
diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at
|
|
|
24f428 |
index 3cb3e8a96ca7..bdd0287ebb01 100644
|
|
|
24f428 |
--- a/src/tests/firewall-cmd.at
|
|
|
24f428 |
+++ b/src/tests/firewall-cmd.at
|
|
|
24f428 |
@@ -115,6 +115,8 @@ FWD_START_TEST([zone interfaces])
|
|
|
24f428 |
])
|
|
|
24f428 |
FWD_CHECK([--permanent --zone=public --remove-interface=perm_dummy], 0, ignore)
|
|
|
24f428 |
FWD_CHECK([--permanent --zone=public --query-interface perm_dummy], 1, ignore)
|
|
|
24f428 |
+ FWD_CHECK([--permanent --zone=trusted --remove-interface=perm_dummy2], 0, ignore)
|
|
|
24f428 |
+ FWD_RELOAD
|
|
|
24f428 |
|
|
|
24f428 |
FWD_CHECK([--add-interface=foo], 0, ignore)
|
|
|
24f428 |
FWD_CHECK([--add-interface=bar --zone=public], 0, ignore)
|
|
|
24f428 |
@@ -128,6 +130,32 @@ FWD_START_TEST([zone interfaces])
|
|
|
24f428 |
FWD_CHECK([--set-default-zone=public], 0, ignore)
|
|
|
24f428 |
FWD_CHECK([--remove-interface=foo], 0, ignore)
|
|
|
24f428 |
FWD_CHECK([--remove-interface=bar], 0, ignore)
|
|
|
24f428 |
+
|
|
|
24f428 |
+ dnl exercise wildcards, rhbz 1644025
|
|
|
24f428 |
+ dnl Note: This feature is undocumented, because it's a possible security
|
|
|
24f428 |
+ dnl risk.
|
|
|
24f428 |
+ FWD_CHECK([--zone=trusted --add-interface=+], 0, ignore)
|
|
|
24f428 |
+ FWD_CHECK([--add-interface=foobar+++], 0, ignore)
|
|
|
24f428 |
+ FWD_CHECK([--add-interface=foobar+], 0, ignore)
|
|
|
24f428 |
+ m4_if(nftables, FIREWALL_BACKEND, [
|
|
|
24f428 |
+ NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl
|
|
|
24f428 |
+ table inet firewalld {
|
|
|
24f428 |
+ chain filter_INPUT_ZONES {
|
|
|
24f428 |
+ iifname "foobar*" goto filter_IN_public
|
|
|
24f428 |
+ iifname "foobar++*" goto filter_IN_public
|
|
|
24f428 |
+ jump filter_IN_trusted
|
|
|
24f428 |
+ iifname "perm_dummy" goto filter_IN_work
|
|
|
24f428 |
+ iifname "perm_dummy2" jump filter_IN_trusted
|
|
|
24f428 |
+ goto filter_IN_public
|
|
|
24f428 |
+ }
|
|
|
24f428 |
+ }
|
|
|
24f428 |
+ ])])
|
|
|
24f428 |
+ FWD_CHECK([--zone=trusted --remove-interface=+], 0, ignore)
|
|
|
24f428 |
+ FWD_CHECK([--remove-interface=foobar+++], 0, ignore)
|
|
|
24f428 |
+ FWD_CHECK([--remove-interface=foobar+], 0, ignore)
|
|
|
24f428 |
+ FWD_CHECK([--permanent --add-interface=foobar+], 0, ignore)
|
|
|
24f428 |
+ FWD_CHECK([--permanent --remove-interface=foobar+], 0, ignore)
|
|
|
24f428 |
+ FWD_RELOAD
|
|
|
24f428 |
FWD_END_TEST([-e '/ERROR: ZONE_CONFLICT: perm_dummy/d'])
|
|
|
24f428 |
|
|
|
24f428 |
FWD_START_TEST([zone sources])
|
|
|
24f428 |
--
|
|
|
24f428 |
2.20.1
|
|
|
24f428 |
|