From dd6dfcced04fc8a0b14f95a1d01d49f5c677f334 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Mon, 16 Sep 2019 15:47:53 -0400 Subject: [PATCH 103/109] test: helper: coverage for custom helper (cherry picked from commit 3adabc19a9ac447c3e89a7b344b2e106f44d96f1) (cherry picked from commit 40d53d4086a69c6c6275b6fa38d33f8c92e719f9) --- src/tests/features.at | 2 ++ src/tests/features/helpers_custom.at | 40 ++++++++++++++++++++++++++++ src/tests/testsuite.at | 1 + 3 files changed, 43 insertions(+) create mode 100644 src/tests/features.at create mode 100644 src/tests/features/helpers_custom.at diff --git a/src/tests/features.at b/src/tests/features.at new file mode 100644 index 000000000000..2da3dbad04c2 --- /dev/null +++ b/src/tests/features.at @@ -0,0 +1,2 @@ +AT_BANNER([features (FIREWALL_BACKEND)]) +m4_include([features/helpers_custom.at]) diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at new file mode 100644 index 000000000000..b5f745761407 --- /dev/null +++ b/src/tests/features/helpers_custom.at @@ -0,0 +1,40 @@ +FWD_START_TEST([service include]) +AT_KEYWORDS(helpers rhbz1733066) + +FWD_CHECK([-q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp"]) +FWD_CHECK([-q --permanent --helper=ftptest --add-port="2121/tcp"]) + +FWD_CHECK([-q --permanent --new-service="ftptest"]) +FWD_CHECK([-q --permanent --service=ftptest --add-module="nf_conntrack_ftptest"]) +FWD_CHECK([-q --permanent --service=ftptest --add-port="2121/tcp"]) +FWD_RELOAD + +FWD_CHECK([-q --add-service=ftptest]) + +NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl + table inet firewalld { + chain filter_IN_public_allow { + tcp dport 22 ct state new,untracked accept + ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept + tcp dport 2121 ct helper set "helper-ftptest-tcp" + tcp dport 2121 ct state new,untracked accept + } + } +]) +IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl + CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp +]) +IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED +]) +IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl + CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp +]) +IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED + ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED + ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED +]) + +FWD_END_TEST diff --git a/src/tests/testsuite.at b/src/tests/testsuite.at index 68d18c9018b8..e83d61d5bf0a 100644 --- a/src/tests/testsuite.at +++ b/src/tests/testsuite.at @@ -14,4 +14,5 @@ m4_foreach([FIREWALL_BACKEND], [[iptables]], [ m4_include([firewall-cmd.at]) m4_include([regression.at]) m4_include([python.at]) + m4_include([features.at]) ]) -- 2.20.1