From 7321922c6682eba8d54dfcb2f41be52b36527608 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Thu, 13 Dec 2018 15:03:37 -0500
Subject: [PATCH] tests/firewall-cmd: fix rich rule priority test

Since we enabled cockpit by default, we need to adjusts these tests.
---
 src/tests/firewall-cmd.at | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at
index baef4d6dc7ef..87e0eea4150e 100644
--- a/src/tests/firewall-cmd.at
+++ b/src/tests/firewall-cmd.at
@@ -956,6 +956,7 @@ FWD_START_TEST([rich rules priority])
         chain filter_IN_public_allow {
         tcp dport 22 ct state new,untracked accept
         ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
+		tcp dport 9090 ct state new,untracked accept
         tcp dport 1122 ct state new,untracked accept
         tcp dport 3333 ct state new,untracked accept
         tcp dport 4444 ct state new,untracked accept
@@ -971,6 +972,7 @@ FWD_START_TEST([rich rules priority])
     ])
     IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
+        ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED
@@ -985,6 +987,7 @@ FWD_START_TEST([rich rules priority])
     IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
         ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
+        ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
         ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED
         ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED
         ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED
@@ -1057,6 +1060,7 @@ FWD_START_TEST([rich rules priority])
         chain filter_IN_public_allow {
         tcp dport 22 ct state new,untracked accept
         ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
+        tcp dport 9090 ct state new,untracked accept
         ct state new,untracked mark 0x00000064 accept
         ct state new,untracked mark 0x00000068 accept
         }
@@ -1173,6 +1177,7 @@ FWD_START_TEST([rich rules priority])
     ])
     IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
+        ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
         ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED mark match 0x64
     ])
     IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
@@ -1215,6 +1220,7 @@ FWD_START_TEST([rich rules priority])
     IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
         ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
+        ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
         ACCEPT all ::/0 ::/0 ctstate NEW,UNTRACKED mark match 0x68
     ])
     IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
@@ -1268,6 +1274,7 @@ FWD_START_TEST([rich rules priority])
         chain filter_IN_public_allow {
         tcp dport 22 ct state new,untracked accept
         ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
+        tcp dport 9090 ct state new,untracked accept
         icmp type echo-request accept
         icmpv6 type echo-request accept
         }
@@ -1308,6 +1315,7 @@ FWD_START_TEST([rich rules priority])
     ])
     IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
+        ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
         ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
     ])
     IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
@@ -1330,6 +1338,7 @@ FWD_START_TEST([rich rules priority])
     IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
         ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
+        ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
         ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128
     ])
     IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
@@ -1387,6 +1396,7 @@ FWD_START_TEST([rich rules priority])
         chain filter_IN_public_allow {
         tcp dport 22 ct state new,untracked accept
         ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
+        tcp dport 9090 ct state new,untracked accept
         }
         }
     ])
@@ -1424,6 +1434,7 @@ FWD_START_TEST([rich rules priority])
     ])
     IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
+        ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ])
     IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl
     ])
@@ -1444,6 +1455,7 @@ FWD_START_TEST([rich rules priority])
     IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
         ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
         ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
+        ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
     ])
     IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl
     ])
@@ -1469,7 +1481,7 @@ FWD_START_TEST([rich rules priority])
         icmp-block-inversion: no
         interfaces:
         sources:
-        services: dhcpv6-client ssh
+        services: cockpit dhcpv6-client ssh
         ports:
         protocols:
         masquerade: no
-- 
2.18.0