rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0024-test-direct-verify-rule-order-with-multiple-address-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   816cafb698efafb109b21f3173681683c8286521
  2.   SOURCES
  3.   0024-test-direct-verify-rule-order-with-multiple-address-.patch
Blob History Raw
63f414 
From ed0b0a7f967f33729e4ec7472b4229f0317fd92d Mon Sep 17 00:00:00 2001
63f414 
From: Eric Garver <eric@garver.life>
63f414 
Date: Fri, 9 Apr 2021 13:34:31 -0400
63f414 
Subject: [PATCH 24/30] test(direct): verify rule order with multiple address
63f414 
 with -s/-d
63f414
63f414 
Coverage: rhbz 1940928
63f414 
Coverage: rhbz 1949552
63f414 
(cherry picked from commit 80c30dacc066af4d6d71d298b5e47625ecee5bdf)
63f414 
(cherry picked from commit c1262441db90108eb8044053ae1b93f66f0c2839)
63f414 
---
63f414 
 src/tests/regression/regression.at  |  1 +
63f414 
 src/tests/regression/rhbz1940928.at | 52 +++++++++++++++++++++++++++++
63f414 
 2 files changed, 53 insertions(+)
63f414 
 create mode 100644 src/tests/regression/rhbz1940928.at
63f414
63f414 
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
63f414 
index a49bb3b756e7..8156ee608189 100644
63f414 
--- a/src/tests/regression/regression.at
63f414 
+++ b/src/tests/regression/regression.at
63f414 
@@ -39,3 +39,4 @@ m4_include([regression/rhbz1871298.at])
63f414 
 m4_include([regression/rhbz1596304.at])
63f414 
 m4_include([regression/gh703.at])
63f414 
 m4_include([regression/ipset_netmask_allowed.at])
63f414 
+m4_include([regression/rhbz1940928.at])
63f414 
diff --git a/src/tests/regression/rhbz1940928.at b/src/tests/regression/rhbz1940928.at
63f414 
new file mode 100644
63f414 
index 000000000000..0a4367080b5e
63f414 
--- /dev/null
63f414 
+++ b/src/tests/regression/rhbz1940928.at
63f414 
@@ -0,0 +1,52 @@
63f414 
+FWD_START_TEST([direct -s/-d multiple addresses])
63f414 
+AT_KEYWORDS(direct rhbz1940928 rhbz1949552)
63f414 
+CHECK_IPTABLES
63f414 
+
63f414 
+dnl test triggers a limitation in iptables-restore
63f414 
+dnl
63f414 
+AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=no/' ./firewalld.conf])
63f414 
+FWD_RELOAD
63f414 
+
63f414 
+FWD_CHECK([--direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT], 0, [ignore], [ignore])
63f414 
+FWD_CHECK([--direct --add-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore])
63f414 
+FWD_CHECK([--direct --add-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore])
63f414 
+FWD_CHECK([--direct --add-rule ipv4 filter OUTPUT 9 -j DROP], 0, [ignore], [ignore])
63f414 
+
63f414 
+IPTABLES_LIST_RULES_ALWAYS([filter], [m4_if(iptables, FIREWALL_BACKEND, [OUTPUT_direct], [OUTPUT])], 0, [dnl
63f414 
+		ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
63f414 
+		ACCEPT     tcp  --  0.0.0.0/0            10.0.0.0/8
63f414 
+		ACCEPT     tcp  --  0.0.0.0/0            172.16.0.0/16
63f414 
+		ACCEPT     tcp  --  0.0.0.0/0            192.168.0.0/24
63f414 
+		ACCEPT     udp  --  0.0.0.0/0            10.0.0.0/8
63f414 
+		ACCEPT     udp  --  0.0.0.0/0            172.16.0.0/16
63f414 
+		ACCEPT     udp  --  0.0.0.0/0            192.168.0.0/24
63f414 
+		DROP       all  --  0.0.0.0/0            0.0.0.0/0
63f414 
+])
63f414 
+
63f414 
+FWD_CHECK([--direct --add-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore])
63f414 
+
63f414 
+IPTABLES_LIST_RULES_ALWAYS([filter], [m4_if(iptables, FIREWALL_BACKEND, [OUTPUT_direct], [OUTPUT])], 0, [dnl
63f414 
+		ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
63f414 
+		ACCEPT     sctp --  0.0.0.0/0            10.0.0.0/8
63f414 
+		ACCEPT     sctp --  0.0.0.0/0            172.16.0.0/16
63f414 
+		ACCEPT     sctp --  0.0.0.0/0            192.168.0.0/24
63f414 
+		ACCEPT     tcp  --  0.0.0.0/0            10.0.0.0/8
63f414 
+		ACCEPT     tcp  --  0.0.0.0/0            172.16.0.0/16
63f414 
+		ACCEPT     tcp  --  0.0.0.0/0            192.168.0.0/24
63f414 
+		ACCEPT     udp  --  0.0.0.0/0            10.0.0.0/8
63f414 
+		ACCEPT     udp  --  0.0.0.0/0            172.16.0.0/16
63f414 
+		ACCEPT     udp  --  0.0.0.0/0            192.168.0.0/24
63f414 
+		DROP       all  --  0.0.0.0/0            0.0.0.0/0
63f414 
+])
63f414 
+
63f414 
+FWD_CHECK([--direct --remove-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT], 0, [ignore], [ignore])
63f414 
+FWD_CHECK([--direct --remove-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore])
63f414 
+FWD_CHECK([--direct --remove-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore])
63f414 
+FWD_CHECK([--direct --remove-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore])
63f414 
+FWD_CHECK([--direct --remove-rule ipv4 filter OUTPUT 9 -j DROP], 0, [ignore], [ignore])
63f414 
+
63f414 
+
63f414 
+IPTABLES_LIST_RULES_ALWAYS([filter], [m4_if(iptables, FIREWALL_BACKEND, [OUTPUT_direct], [OUTPUT])], 0, [dnl
63f414 
+])
63f414 
+
63f414 
+FWD_END_TEST
63f414 
--
63f414 
2.27.0
63f414

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation