1 Ensure that time constraints are properly rendered. 2 3 -- Testcase -- 4 {% 5 include("./root/usr/share/firewall4/main.uc", { 6 getenv: function(varname) { 7 switch (varname) { 8 case 'ACTION': 9 return 'print'; 10 } 11 } 12 }) 13 %} 14 -- End -- 15 16 -- File uci/helpers.json -- 17 {} 18 -- End -- 19 20 -- File uci/firewall.json -- 21 { 22 "rule": [ 23 { 24 ".description": "Check parsing a complete ISO datetime stamp", 25 "name": "Time rule #1", 26 "proto": "all", 27 "start_date": "2022-05-30T21:51:23", 28 "target": "ACCEPT" 29 }, 30 { 31 ".description": "Check parsing a datetime stamp without seconds", 32 "name": "Time rule #2", 33 "proto": "all", 34 "start_date": "2022-05-30T21:51", 35 "target": "ACCEPT" 36 }, 37 { 38 ".description": "Check parsing a datetime stamp without minutes and seconds", 39 "name": "Time rule #3", 40 "proto": "all", 41 "start_date": "2022-05-30T21", 42 "target": "ACCEPT" 43 }, 44 { 45 ".description": "Check parsing a datetime stamp without time", 46 "name": "Time rule #4", 47 "proto": "all", 48 "start_date": "2022-05-30", 49 "target": "ACCEPT" 50 }, 51 { 52 ".description": "Check parsing a datetime stamp without day and time", 53 "name": "Time rule #5", 54 "proto": "all", 55 "start_date": "2022-05", 56 "target": "ACCEPT" 57 }, 58 { 59 ".description": "Check parsing a datetime stamp without month, day and time", 60 "name": "Time rule #6", 61 "proto": "all", 62 "start_date": "2022", 63 "target": "ACCEPT" 64 }, 65 66 { 67 ".description": "Check parsing a complete timestamp", 68 "name": "Time rule #7", 69 "proto": "all", 70 "start_time": "21:51:23", 71 "target": "ACCEPT" 72 }, 73 { 74 ".description": "Check parsing a timestamp without seconds", 75 "name": "Time rule #8", 76 "proto": "all", 77 "start_time": "21:51", 78 "target": "ACCEPT" 79 }, 80 { 81 ".description": "Check parsing a timestamp without minutes and seconds", 82 "name": "Time rule #9", 83 "proto": "all", 84 "start_time": "21", 85 "target": "ACCEPT" 86 }, 87 88 { 89 ".description": "Check emitting datetime ranges", 90 "name": "Time rule #10", 91 "proto": "all", 92 "start_date": "2022-05-30T21:51:23", 93 "stop_date": "2022-06-01T23:51:23", 94 "target": "ACCEPT" 95 }, 96 { 97 ".description": "Check emitting time ranges", 98 "name": "Time rule #11", 99 "proto": "all", 100 "start_time": "21:51:23", 101 "stop_time": "23:51:23", 102 "target": "ACCEPT" 103 }, 104 105 { 106 ".description": "Check parsing weekdays", 107 "name": "Time rule #12", 108 "proto": "all", 109 "weekdays": "Monday tuEsday wed SUN Th", 110 "target": "ACCEPT" 111 }, 112 ] 113 } 114 -- End -- 115 116 -- Expect stdout -- 117 table inet fw4 118 flush table inet fw4 119 120 table inet fw4 { 121 # 122 # Defines 123 # 124 125 126 # 127 # User includes 128 # 129 130 include "/etc/nftables.d/*.nft" 131 132 133 # 134 # Filter rules 135 # 136 137 chain input { 138 type filter hook input priority filter; policy drop; 139 140 iif "lo" accept comment "!fw4: Accept traffic from loopback" 141 142 ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows" 143 } 144 145 chain forward { 146 type filter hook forward priority filter; policy drop; 147 148 ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows" 149 } 150 151 chain output { 152 type filter hook output priority filter; policy drop; 153 154 oif "lo" accept comment "!fw4: Accept traffic towards loopback" 155 156 ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows" 157 meta time >= "2022-05-30 21:51:23" counter accept comment "!fw4: Time rule #1" 158 meta time >= "2022-05-30 21:51:00" counter accept comment "!fw4: Time rule #2" 159 meta time >= "2022-05-30 21:00:00" counter accept comment "!fw4: Time rule #3" 160 meta time >= "2022-05-30 00:00:00" counter accept comment "!fw4: Time rule #4" 161 meta time >= "2022-05-01 00:00:00" counter accept comment "!fw4: Time rule #5" 162 meta time >= "2022-01-01 00:00:00" counter accept comment "!fw4: Time rule #6" 163 meta hour >= "21:51:23" counter accept comment "!fw4: Time rule #7" 164 meta hour >= "21:51:00" counter accept comment "!fw4: Time rule #8" 165 meta hour >= "21:00:00" counter accept comment "!fw4: Time rule #9" 166 meta time "2022-05-30 21:51:23"-"2022-06-01 23:51:23" counter accept comment "!fw4: Time rule #10" 167 meta hour "21:51:23"-"23:51:23" counter accept comment "!fw4: Time rule #11" 168 meta day { "Monday", "Tuesday", "Wednesday", "Sunday", "Thursday" } counter accept comment "!fw4: Time rule #12" 169 } 170 171 chain prerouting { 172 type filter hook prerouting priority filter; policy accept; 173 } 174 175 chain handle_reject { 176 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic" 177 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic" 178 } 179 180 181 # 182 # NAT rules 183 # 184 185 chain dstnat { 186 type nat hook prerouting priority dstnat; policy accept; 187 } 188 189 chain srcnat { 190 type nat hook postrouting priority srcnat; policy accept; 191 } 192 193 194 # 195 # Raw rules (notrack) 196 # 197 198 chain raw_prerouting { 199 type filter hook prerouting priority raw; policy accept; 200 } 201 202 chain raw_output { 203 type filter hook output priority raw; policy accept; 204 } 205 206 207 # 208 # Mangle rules 209 # 210 211 chain mangle_prerouting { 212 type filter hook prerouting priority mangle; policy accept; 213 } 214 215 chain mangle_postrouting { 216 type filter hook postrouting priority mangle; policy accept; 217 } 218 219 chain mangle_input { 220 type filter hook input priority mangle; policy accept; 221 } 222 223 chain mangle_output { 224 type route hook output priority mangle; policy accept; 225 } 226 227 chain mangle_forward { 228 type filter hook forward priority mangle; policy accept; 229 } 230 } 231 -- End --
This page was automatically generated by LXR 0.3.1. • OpenWrt