Tree - rpms/firewalld - CentOS Git server

rpms / firewalld

Blame SOURCES/0075-test-verify-source-based-zone-dispatch-ordered-by-zo.patch

Blob History Raw

		c8bceb	`From 03f77c540c19159022d265423ca1186a915cab33 Mon Sep 17 00:00:00 2001`
		c8bceb	`From: Eric Garver <eric@garver.life>`
		c8bceb	`Date: Wed, 31 Jul 2019 08:53:51 -0400`
		c8bceb	`Subject: [PATCH 75/79] test: verify source-based zone dispatch ordered by zone`
		c8bceb	`name`
		c8bceb
		c8bceb	`coverage for rhbz 1734765`
		c8bceb
		c8bceb	`(cherry picked from commit 25032eb3a60706f22e1b2c0f34d2be8d0b82c89f)`
		c8bceb	`(cherry picked from commit b052f7bcfeb2d40a58d499ad178f1b620abb178d)`
		c8bceb	`---`
		c8bceb	`src/tests/regression.at \| 1 +`
		c8bceb	`src/tests/regression/rhbz1734765.at \| 154 ++++++++++++++++++++++++++++`
		c8bceb	`2 files changed, 155 insertions(+)`
		c8bceb	`create mode 100644 src/tests/regression/rhbz1734765.at`
		c8bceb
		c8bceb	`diff --git a/src/tests/regression.at b/src/tests/regression.at`
		c8bceb	`index 919fc32f9bfb..6f57a1122925 100644`
		c8bceb	`--- a/src/tests/regression.at`
		c8bceb	`+++ b/src/tests/regression.at`
		c8bceb	`@@ -22,3 +22,4 @@ m4_include([regression/gh453.at])`
		c8bceb	`m4_include([regression/gh258.at])`
		c8bceb	`m4_include([regression/rhbz1715977.at])`
		c8bceb	`m4_include([regression/rhbz1723610.at])`
		c8bceb	`+m4_include([regression/rhbz1734765.at])`
		c8bceb	`diff --git a/src/tests/regression/rhbz1734765.at b/src/tests/regression/rhbz1734765.at`
		c8bceb	`new file mode 100644`
		c8bceb	`index 000000000000..070c43faf756`
		c8bceb	`--- /dev/null`
		c8bceb	`+++ b/src/tests/regression/rhbz1734765.at`
		c8bceb	`@@ -0,0 +1,154 @@`
		c8bceb	`+FWD_START_TEST([zone sources ordered by name])`
		c8bceb	`+AT_KEYWORDS(zone rhbz1734765 rhbz1421222 gh166)`
		c8bceb	`+dnl`
		c8bceb	`+dnl Users depend on firewalld ordering source-based zone dispatch by zone name.`
		c8bceb	`+dnl`
		c8bceb	`+`
		c8bceb	`+FWD_CHECK([-q --permanent --new-zone=foobar_00])`
		c8bceb	`+FWD_CHECK([-q --permanent --new-zone=foobar_05])`
		c8bceb	`+FWD_CHECK([-q --permanent --new-zone=foobar_02])`
		c8bceb	`+FWD_CHECK([-q --permanent --new-zone=foobar_03])`
		c8bceb	`+FWD_CHECK([-q --permanent --new-zone=foobar_01])`
		c8bceb	`+FWD_CHECK([-q --permanent --new-zone=foobar_04])`
		c8bceb	`+FWD_CHECK([-q --permanent --new-zone=foobar_010])`
		c8bceb	`+`
		c8bceb	`+FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1" --add-source="1234:5678::1:1:1"])`
		c8bceb	`+FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="10.1.1.0/24" --add-source="1234:5678::1:1:0/112"])`
		c8bceb	`+FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="10.1.0.0/16" --add-source="1234:5678::1:0:0/96"])`
		c8bceb	`+FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24" --add-source="1234:5678::2:2:0/112"])`
		c8bceb	`+FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16" --add-source="1234:5678::2:0:0/96"])`
		c8bceb	`+FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8" --add-source="1234:5678::0:0:0/80"])`
		c8bceb	`+`
		c8bceb	`+FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0])`
		c8bceb	`+FWD_CHECK([-q --permanent --zone=trusted --add-interface=foobar1])`
		c8bceb	`+`
		c8bceb	`+FWD_RELOAD`
		c8bceb	`+`
		c8bceb	`+FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10" --add-source="1234:5678::10:10:10"])`
		c8bceb	`+FWD_CHECK([-q --zone=public --add-source="20.20.20.20" --add-source="1234:5678::20:20:20"])`
		c8bceb	`+FWD_CHECK([-q --zone=foobar_010 --add-interface=foobar2])`
		c8bceb	`+`
		c8bceb	`+m4_if(nftables, FIREWALL_BACKEND, [dnl`
		c8bceb	`+NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl`
		c8bceb	`+ table inet firewalld {`
		c8bceb	`+ chain filter_INPUT_ZONES {`
		c8bceb	`+ ip saddr 10.1.1.1 goto filter_IN_foobar_00`
		c8bceb	`+ ip6 saddr 1234:5678::1:1:1 goto filter_IN_foobar_00`
		c8bceb	`+ ip saddr 10.1.1.0/24 goto filter_IN_foobar_01`
		c8bceb	`+ ip6 saddr 1234:5678::1:1:0/112 goto filter_IN_foobar_01`
		c8bceb	`+ ip saddr 10.10.10.10 goto filter_IN_foobar_010`
		c8bceb	`+ ip6 saddr 1234:5678::10:10:10 goto filter_IN_foobar_010`
		c8bceb	`+ ip saddr 10.1.0.0/16 goto filter_IN_foobar_02`
		c8bceb	`+ ip6 saddr 1234:5678::1:0:0/96 goto filter_IN_foobar_02`
		c8bceb	`+ ip saddr 10.2.2.0/24 goto filter_IN_foobar_03`
		c8bceb	`+ ip6 saddr 1234:5678::2:2:0/112 goto filter_IN_foobar_03`
		c8bceb	`+ ip saddr 10.2.0.0/16 goto filter_IN_foobar_04`
		c8bceb	`+ ip6 saddr 1234:5678::2:0:0/96 goto filter_IN_foobar_04`
		c8bceb	`+ ip saddr 10.0.0.0/8 goto filter_IN_foobar_05`
		c8bceb	`+ ip6 saddr 1234:5678::/80 goto filter_IN_foobar_05`
		c8bceb	`+ ip saddr 20.20.20.20 goto filter_IN_public`
		c8bceb	`+ ip6 saddr 1234:5678::20:20:20 goto filter_IN_public`
		c8bceb	`+ iifname "foobar2" goto filter_IN_foobar_010`
		c8bceb	`+ iifname "foobar1" goto filter_IN_trusted`
		c8bceb	`+ iifname "foobar0" goto filter_IN_internal`
		c8bceb	`+ goto filter_IN_public`
		c8bceb	`+ }`
		c8bceb	`+ }`
		c8bceb	`+])`
		c8bceb	`+NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl`
		c8bceb	`+ table ip firewalld {`
		c8bceb	`+ chain nat_POSTROUTING_ZONES {`
		c8bceb	`+ ip daddr 10.1.1.1 goto nat_POST_foobar_00`
		c8bceb	`+ ip daddr 10.1.1.0/24 goto nat_POST_foobar_01`
		c8bceb	`+ ip daddr 10.10.10.10 goto nat_POST_foobar_010`
		c8bceb	`+ ip daddr 10.1.0.0/16 goto nat_POST_foobar_02`
		c8bceb	`+ ip daddr 10.2.2.0/24 goto nat_POST_foobar_03`
		c8bceb	`+ ip daddr 10.2.0.0/16 goto nat_POST_foobar_04`
		c8bceb	`+ ip daddr 10.0.0.0/8 goto nat_POST_foobar_05`
		c8bceb	`+ ip daddr 20.20.20.20 goto nat_POST_public`
		c8bceb	`+ oifname "foobar2" goto nat_POST_foobar_010`
		c8bceb	`+ oifname "foobar1" goto nat_POST_trusted`
		c8bceb	`+ oifname "foobar0" goto nat_POST_internal`
		c8bceb	`+ goto nat_POST_public`
		c8bceb	`+ }`
		c8bceb	`+ }`
		c8bceb	`+])`
		c8bceb	`+NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl`
		c8bceb	`+ table ip6 firewalld {`
		c8bceb	`+ chain nat_POSTROUTING_ZONES {`
		c8bceb	`+ ip6 daddr 1234:5678::1:1:1 goto nat_POST_foobar_00`
		c8bceb	`+ ip6 daddr 1234:5678::1:1:0/112 goto nat_POST_foobar_01`
		c8bceb	`+ ip6 daddr 1234:5678::10:10:10 goto nat_POST_foobar_010`
		c8bceb	`+ ip6 daddr 1234:5678::1:0:0/96 goto nat_POST_foobar_02`
		c8bceb	`+ ip6 daddr 1234:5678::2:2:0/112 goto nat_POST_foobar_03`
		c8bceb	`+ ip6 daddr 1234:5678::2:0:0/96 goto nat_POST_foobar_04`
		c8bceb	`+ ip6 daddr 1234:5678::/80 goto nat_POST_foobar_05`
		c8bceb	`+ ip6 daddr 1234:5678::20:20:20 goto nat_POST_public`
		c8bceb	`+ oifname "foobar2" goto nat_POST_foobar_010`
		c8bceb	`+ oifname "foobar1" goto nat_POST_trusted`
		c8bceb	`+ oifname "foobar0" goto nat_POST_internal`
		c8bceb	`+ goto nat_POST_public`
		c8bceb	`+ }`
		c8bceb	`+ }`
		c8bceb	`+])`
		c8bceb	`+], [`
		c8bceb	`+`
		c8bceb	`+IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0,`
		c8bceb	`+ [[IN_foobar_00 all -- 10.1.1.1 0.0.0.0/0 [goto]`
		c8bceb	`+ IN_foobar_01 all -- 10.1.1.0/24 0.0.0.0/0 [goto]`
		c8bceb	`+ IN_foobar_010 all -- 10.10.10.10 0.0.0.0/0 [goto]`
		c8bceb	`+ IN_foobar_02 all -- 10.1.0.0/16 0.0.0.0/0 [goto]`
		c8bceb	`+ IN_foobar_03 all -- 10.2.2.0/24 0.0.0.0/0 [goto]`
		c8bceb	`+ IN_foobar_04 all -- 10.2.0.0/16 0.0.0.0/0 [goto]`
		c8bceb	`+ IN_foobar_05 all -- 10.0.0.0/8 0.0.0.0/0 [goto]`
		c8bceb	`+ IN_public all -- 20.20.20.20 0.0.0.0/0 [goto]`
		c8bceb	`+ IN_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto]`
		c8bceb	`+ IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto]`
		c8bceb	`+ IN_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto]`
		c8bceb	`+ IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]`
		c8bceb	`+]])`
		c8bceb	`+IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0,`
		c8bceb	`+ [[IN_foobar_00 all 1234:5678::1:1:1 ::/0 [goto]`
		c8bceb	`+ IN_foobar_01 all 1234:5678::1:1:0/112 ::/0 [goto]`
		c8bceb	`+ IN_foobar_010 all 1234:5678::10:10:10 ::/0 [goto]`
		c8bceb	`+ IN_foobar_02 all 1234:5678::1:0:0/96 ::/0 [goto]`
		c8bceb	`+ IN_foobar_03 all 1234:5678::2:2:0/112 ::/0 [goto]`
		c8bceb	`+ IN_foobar_04 all 1234:5678::2:0:0/96 ::/0 [goto]`
		c8bceb	`+ IN_foobar_05 all 1234:5678::/80 ::/0 [goto]`
		c8bceb	`+ IN_public all 1234:5678::20:20:20 ::/0 [goto]`
		c8bceb	`+ IN_foobar_010 all ::/0 ::/0 [goto]`
		c8bceb	`+ IN_trusted all ::/0 ::/0 [goto]`
		c8bceb	`+ IN_internal all ::/0 ::/0 [goto]`
		c8bceb	`+ IN_public all ::/0 ::/0 [goto]`
		c8bceb	`+]])`
		c8bceb	`+IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0,`
		c8bceb	`+ [[POST_foobar_00 all -- 0.0.0.0/0 10.1.1.1 [goto]`
		c8bceb	`+ POST_foobar_01 all -- 0.0.0.0/0 10.1.1.0/24 [goto]`
		c8bceb	`+ POST_foobar_010 all -- 0.0.0.0/0 10.10.10.10 [goto]`
		c8bceb	`+ POST_foobar_02 all -- 0.0.0.0/0 10.1.0.0/16 [goto]`
		c8bceb	`+ POST_foobar_03 all -- 0.0.0.0/0 10.2.2.0/24 [goto]`
		c8bceb	`+ POST_foobar_04 all -- 0.0.0.0/0 10.2.0.0/16 [goto]`
		c8bceb	`+ POST_foobar_05 all -- 0.0.0.0/0 10.0.0.0/8 [goto]`
		c8bceb	`+ POST_public all -- 0.0.0.0/0 20.20.20.20 [goto]`
		c8bceb	`+ POST_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto]`
		c8bceb	`+ POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto]`
		c8bceb	`+ POST_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto]`
		c8bceb	`+ POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]`
		c8bceb	`+]])`
		c8bceb	`+IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0,`
		c8bceb	`+ [[POST_foobar_00 all ::/0 1234:5678::1:1:1 [goto]`
		c8bceb	`+ POST_foobar_01 all ::/0 1234:5678::1:1:0/112 [goto]`
		c8bceb	`+ POST_foobar_010 all ::/0 1234:5678::10:10:10 [goto]`
		c8bceb	`+ POST_foobar_02 all ::/0 1234:5678::1:0:0/96 [goto]`
		c8bceb	`+ POST_foobar_03 all ::/0 1234:5678::2:2:0/112 [goto]`
		c8bceb	`+ POST_foobar_04 all ::/0 1234:5678::2:0:0/96 [goto]`
		c8bceb	`+ POST_foobar_05 all ::/0 1234:5678::/80 [goto]`
		c8bceb	`+ POST_public all ::/0 1234:5678::20:20:20 [goto]`
		c8bceb	`+ POST_foobar_010 all ::/0 ::/0 [goto]`
		c8bceb	`+ POST_trusted all ::/0 ::/0 [goto]`
		c8bceb	`+ POST_internal all ::/0 ::/0 [goto]`
		c8bceb	`+ POST_public all ::/0 ::/0 [goto]`
		c8bceb	`+]])`
		c8bceb	`+])`
		c8bceb	`+`
		c8bceb	`+FWD_END_TEST`
		c8bceb	`--`
		c8bceb	`2.20.1`
		c8bceb

rpms / firewalld

Source Code

Blame SOURCES/0075-test-verify-source-based-zone-dispatch-ordered-by-zo.patch