From dd6dfcced04fc8a0b14f95a1d01d49f5c677f334 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Mon, 16 Sep 2019 15:47:53 -0400
Subject: [PATCH 103/109] test: helper: coverage for custom helper
(cherry picked from commit 3adabc19a9ac447c3e89a7b344b2e106f44d96f1)
(cherry picked from commit 40d53d4086a69c6c6275b6fa38d33f8c92e719f9)
---
src/tests/features.at | 2 ++
src/tests/features/helpers_custom.at | 40 ++++++++++++++++++++++++++++
src/tests/testsuite.at | 1 +
3 files changed, 43 insertions(+)
create mode 100644 src/tests/features.at
create mode 100644 src/tests/features/helpers_custom.at
diff --git a/src/tests/features.at b/src/tests/features.at
new file mode 100644
index 000000000000..2da3dbad04c2
--- /dev/null
+++ b/src/tests/features.at
@@ -0,0 +1,2 @@
+AT_BANNER([features (FIREWALL_BACKEND)])
+m4_include([features/helpers_custom.at])
diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at
new file mode 100644
index 000000000000..b5f745761407
--- /dev/null
+++ b/src/tests/features/helpers_custom.at
@@ -0,0 +1,40 @@
+FWD_START_TEST([service include])
+AT_KEYWORDS(helpers rhbz1733066)
+
+FWD_CHECK([-q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp"])
+FWD_CHECK([-q --permanent --helper=ftptest --add-port="2121/tcp"])
+
+FWD_CHECK([-q --permanent --new-service="ftptest"])
+FWD_CHECK([-q --permanent --service=ftptest --add-module="nf_conntrack_ftptest"])
+FWD_CHECK([-q --permanent --service=ftptest --add-port="2121/tcp"])
+FWD_RELOAD
+
+FWD_CHECK([-q --add-service=ftptest])
+
+NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
+ table inet firewalld {
+ chain filter_IN_public_allow {
+ tcp dport 22 ct state new,untracked accept
+ ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
+ tcp dport 2121 ct helper set "helper-ftptest-tcp"
+ tcp dport 2121 ct state new,untracked accept
+ }
+ }
+])
+IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
+ CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp
+])
+IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
+])
+IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
+ CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp
+])
+IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
+ ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
+ ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
+ ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
+])
+
+FWD_END_TEST
diff --git a/src/tests/testsuite.at b/src/tests/testsuite.at
index 68d18c9018b8..e83d61d5bf0a 100644
--- a/src/tests/testsuite.at
+++ b/src/tests/testsuite.at
@@ -14,4 +14,5 @@ m4_foreach([FIREWALL_BACKEND], [[iptables]], [
m4_include([firewall-cmd.at])
m4_include([regression.at])
m4_include([python.at])
+ m4_include([features.at])
])
--
2.20.1