• source navigation  • diff markup  • identifier search  • freetext search  • 

Sources/firewall4/tests/03_rules/01_direction

  1 Testing that rule declarations are mapped to the proper chains depending
  2 on src and dest options.
  3 
  4 -- Testcase --
  5 {%
  6         include("./root/usr/share/firewall4/main.uc", {
  7                 getenv: function(varname) {
  8                         switch (varname) {
  9                         case 'ACTION':
 10                                 return 'print';
 11                         }
 12                 }
 13         })
 14 %}
 15 -- End --
 16 
 17 -- File uci/helpers.json --
 18 {}
 19 -- End --
 20 
 21 -- File uci/firewall.json --
 22 {
 23         "rule": [
 24                 {
 25                         ".description": "Neither source, nor dest => should result in an output rule",
 26                         "proto": "any"
 27                 },
 28                 {
 29                         ".description": "Source any, no dest => should result in an input rule",
 30                         "proto": "any",
 31                         "src": "*"
 32                 },
 33                 {
 34                         ".description": "Dest any, no source => should result in an output rule",
 35                         "proto": "any",
 36                         "dest": "*"
 37                 },
 38                 {
 39                         ".description": "Source any, dest any => should result in a forward rule",
 40                         "proto": "any",
 41                         "src": "*",
 42                         "dest": "*"
 43                 }
 44         ]
 45 }
 46 -- End --
 47 
 48 -- Expect stdout --
 49 table inet fw4
 50 flush table inet fw4
 51 
 52 table inet fw4 {
 53         #
 54         # Defines
 55         #
 56 
 57 
 58         #
 59         # User includes
 60         #
 61 
 62         include "/etc/nftables.d/*.nft"
 63 
 64 
 65         #
 66         # Filter rules
 67         #
 68 
 69         chain input {
 70                 type filter hook input priority filter; policy drop;
 71 
 72                 iif "lo" accept comment "!fw4: Accept traffic from loopback"
 73 
 74                 ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows"
 75                 counter comment "!fw4: @rule[1]"
 76         }
 77 
 78         chain forward {
 79                 type filter hook forward priority filter; policy drop;
 80 
 81                 ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows"
 82                 counter comment "!fw4: @rule[3]"
 83         }
 84 
 85         chain output {
 86                 type filter hook output priority filter; policy drop;
 87 
 88                 oif "lo" accept comment "!fw4: Accept traffic towards loopback"
 89 
 90                 ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows"
 91                 counter comment "!fw4: @rule[0]"
 92                 counter comment "!fw4: @rule[2]"
 93         }
 94 
 95         chain prerouting {
 96                 type filter hook prerouting priority filter; policy accept;
 97         }
 98 
 99         chain handle_reject {
100                 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
101                 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
102         }
103 
104 
105         #
106         # NAT rules
107         #
108 
109         chain dstnat {
110                 type nat hook prerouting priority dstnat; policy accept;
111         }
112 
113         chain srcnat {
114                 type nat hook postrouting priority srcnat; policy accept;
115         }
116 
117 
118         #
119         # Raw rules (notrack)
120         #
121 
122         chain raw_prerouting {
123                 type filter hook prerouting priority raw; policy accept;
124         }
125 
126         chain raw_output {
127                 type filter hook output priority raw; policy accept;
128         }
129 
130 
131         #
132         # Mangle rules
133         #
134 
135         chain mangle_prerouting {
136                 type filter hook prerouting priority mangle; policy accept;
137         }
138 
139         chain mangle_postrouting {
140                 type filter hook postrouting priority mangle; policy accept;
141         }
142 
143         chain mangle_input {
144                 type filter hook input priority mangle; policy accept;
145         }
146 
147         chain mangle_output {
148                 type route hook output priority mangle; policy accept;
149         }
150 
151         chain mangle_forward {
152                 type filter hook forward priority mangle; policy accept;
153         }
154 }
155 -- End --

This page was automatically generated by LXR 0.3.1.  •  OpenWrt