rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0156-test-service-coverage-for-RH-Satellite-6.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   ea8ea4c059f591a770b875bad9e4df4d85ccb2b7
  2.   SOURCES
  3.   0156-test-service-coverage-for-RH-Satellite-6.patch
Blob History Raw
ea8ea4 
From 897057a413460d6cfa5ef3be203347adfdb19307 Mon Sep 17 00:00:00 2001
ea8ea4 
From: Eric Garver <eric@garver.life>
ea8ea4 
Date: Wed, 10 Jun 2020 09:07:16 -0400
ea8ea4 
Subject: [PATCH 156/156] test(service): coverage for RH-Satellite-6
ea8ea4
ea8ea4 
Since we changed a RH-Satellite-6 to use includes, verify that the
ea8ea4 
ports, etc are still correct.
ea8ea4
ea8ea4 
(cherry picked from commit 7beeb958d40cf840c9efc8edd323bf669d15b11b)
ea8ea4 
(cherry picked from commit 668eab33cf0d2cc7f428ec1d1857e61464d306a6)
ea8ea4 
---
ea8ea4 
 src/tests/regression/regression.at  |   1 +
ea8ea4 
 src/tests/regression/rhbz1839781.at | 109 ++++++++++++++++++++++++++++
ea8ea4 
 2 files changed, 110 insertions(+)
ea8ea4 
 create mode 100644 src/tests/regression/rhbz1839781.at
ea8ea4
ea8ea4 
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
ea8ea4 
index f85cdb4c47f7..42f299f16f1a 100644
ea8ea4 
--- a/src/tests/regression/regression.at
ea8ea4 
+++ b/src/tests/regression/regression.at
ea8ea4 
@@ -27,3 +27,4 @@ m4_include([regression/gh509.at])
ea8ea4 
 m4_include([regression/gh567.at])
ea8ea4 
 m4_include([regression/rhbz1779835.at])
ea8ea4 
 m4_include([regression/gh599.at])
ea8ea4 
+m4_include([regression/rhbz1839781.at])
ea8ea4 
diff --git a/src/tests/regression/rhbz1839781.at b/src/tests/regression/rhbz1839781.at
ea8ea4 
new file mode 100644
ea8ea4 
index 000000000000..bc539b0144e7
ea8ea4 
--- /dev/null
ea8ea4 
+++ b/src/tests/regression/rhbz1839781.at
ea8ea4 
@@ -0,0 +1,109 @@
ea8ea4 
+FWD_START_TEST([service RH-Satellite-6])
ea8ea4 
+AT_KEYWORDS(service rhbz1839781)
ea8ea4 
+
ea8ea4 
+FWD_CHECK([--zone trusted --add-interface dummy0], 0, [ignore])
ea8ea4 
+FWD_CHECK([--zone trusted --add-service RH-Satellite-6], 0, [ignore])
ea8ea4 
+
ea8ea4 
+NFT_LIST_RULES([inet], [filter_IN_trusted_allow], 0, [dnl
ea8ea4 
+    table inet firewalld {
ea8ea4 
+        chain filter_IN_trusted_allow {
ea8ea4 
+            tcp dport 53 ct state new,untracked accept
ea8ea4 
+            udp dport 53 ct state new,untracked accept
ea8ea4 
+            udp dport 67-69 ct state new,untracked accept
ea8ea4 
+            tcp dport 80 ct state new,untracked accept
ea8ea4 
+            tcp dport 443 ct state new,untracked accept
ea8ea4 
+            tcp dport 5000 ct state new,untracked accept
ea8ea4 
+            tcp dport 5646-5647 ct state new,untracked accept
ea8ea4 
+            tcp dport 5671 ct state new,untracked accept
ea8ea4 
+            tcp dport 8000 ct state new,untracked accept
ea8ea4 
+            tcp dport 8080 ct state new,untracked accept
ea8ea4 
+            tcp dport 8140 ct state new,untracked accept
ea8ea4 
+            tcp dport 9090 ct state new,untracked accept
ea8ea4 
+        }
ea8ea4 
+    }
ea8ea4 
+])
ea8ea4 
+
ea8ea4 
+IPTABLES_LIST_RULES([filter], [IN_trusted_allow], 0, [dnl
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:69 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5671 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8140 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
ea8ea4 
+])
ea8ea4 
+IP6TABLES_LIST_RULES([filter], [IN_trusted_allow], 0, [dnl
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:53 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT udp ::/0 ::/0 udp dpt:53 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT udp ::/0 ::/0 udp dpts:67:69 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:5000 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:5671 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:8000 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:8080 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:8140 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
ea8ea4 
+])
ea8ea4 
+
ea8ea4 
+FWD_CHECK([--zone trusted --remove-service RH-Satellite-6], 0, [ignore])
ea8ea4 
+FWD_CHECK([--zone trusted --add-service RH-Satellite-6-capsule], 0, [ignore])
ea8ea4 
+
ea8ea4 
+NFT_LIST_RULES([inet], [filter_IN_trusted_allow], 0, [dnl
ea8ea4 
+    table inet firewalld {
ea8ea4 
+        chain filter_IN_trusted_allow {
ea8ea4 
+            tcp dport 53 ct state new,untracked accept
ea8ea4 
+            udp dport 53 ct state new,untracked accept
ea8ea4 
+            udp dport 67-69 ct state new,untracked accept
ea8ea4 
+            tcp dport 80 ct state new,untracked accept
ea8ea4 
+            tcp dport 443 ct state new,untracked accept
ea8ea4 
+            tcp dport 5000 ct state new,untracked accept
ea8ea4 
+            tcp dport 5646-5647 ct state new,untracked accept
ea8ea4 
+            tcp dport 5671 ct state new,untracked accept
ea8ea4 
+            tcp dport 8000 ct state new,untracked accept
ea8ea4 
+            tcp dport 8080 ct state new,untracked accept
ea8ea4 
+            tcp dport 8140 ct state new,untracked accept
ea8ea4 
+            tcp dport 9090 ct state new,untracked accept
ea8ea4 
+            tcp dport 8443 ct state new,untracked accept
ea8ea4 
+        }
ea8ea4 
+    }
ea8ea4 
+])
ea8ea4 
+
ea8ea4 
+IPTABLES_LIST_RULES([filter], [IN_trusted_allow], 0, [dnl
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:69 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5671 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8140 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443 ctstate NEW,UNTRACKED
ea8ea4 
+])
ea8ea4 
+IP6TABLES_LIST_RULES([filter], [IN_trusted_allow], 0, [dnl
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:53 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT udp ::/0 ::/0 udp dpt:53 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT udp ::/0 ::/0 udp dpts:67:69 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:5000 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:5671 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:8000 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:8080 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:8140 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
ea8ea4 
+    ACCEPT tcp ::/0 ::/0 tcp dpt:8443 ctstate NEW,UNTRACKED
ea8ea4 
+])
ea8ea4 
+
ea8ea4 
+FWD_END_TEST
ea8ea4 
--
ea8ea4 
2.25.2
ea8ea4

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation