1 Testing that /etc/firewall.user is treated specially and requires an extra 2 option to be marked compatible. 3 4 -- Testcase -- 5 {% 6 include("./root/usr/share/firewall4/main.uc", { 7 getenv: function(varname) { 8 switch (varname) { 9 case 'ACTION': 10 return 'print'; 11 } 12 } 13 }) 14 %} 15 -- End -- 16 17 -- File uci/helpers.json -- 18 {} 19 -- End -- 20 21 -- File fs/open~_sys_class_net_eth0_flags.txt -- 22 0x1103 23 -- End -- 24 25 -- File fs/open~_etc_firewall_user.txt -- 26 # dummy 27 -- End -- 28 29 -- File fs/open~_usr_share_miniupnpd_firewall_include.txt -- 30 # dummy 31 -- End -- 32 33 -- File uci/firewall.json -- 34 { 35 "zone": [ 36 { 37 "name": "test", 38 "device": [ "eth0" ], 39 "auto_helper": 0 40 } 41 ], 42 "include": [ 43 { 44 ".description": "By default, this /etc/firewall.user include should be skipped with a warning", 45 "path": "/etc/firewall.user" 46 }, 47 48 { 49 ".description": "This /etc/firewall.user include should be added due to the compatible flag", 50 "path": "/etc/firewall.user", 51 "fw4_compatible": 1 52 }, 53 54 { 55 ".description": "An include of another path should not require a compatible flag", 56 "path": "/usr/share/miniupnpd/firewall.include" 57 } 58 ] 59 } 60 -- End -- 61 62 -- Expect stderr -- 63 [!] Section @include[0] is not marked as compatible with fw4, ignoring section 64 [!] Section @include[0] requires 'option fw4_compatible 1' to be considered compatible 65 -- End -- 66 67 -- Expect stdout -- 68 table inet fw4 69 flush table inet fw4 70 71 table inet fw4 { 72 # 73 # Defines 74 # 75 76 define test_devices = { "eth0" } 77 define test_subnets = { } 78 79 80 # 81 # User includes 82 # 83 84 include "/etc/nftables.d/*.nft" 85 86 87 # 88 # Filter rules 89 # 90 91 chain input { 92 type filter hook input priority filter; policy drop; 93 94 iif "lo" accept comment "!fw4: Accept traffic from loopback" 95 96 ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows" 97 iifname "eth0" jump input_test comment "!fw4: Handle test IPv4/IPv6 input traffic" 98 } 99 100 chain forward { 101 type filter hook forward priority filter; policy drop; 102 103 ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows" 104 iifname "eth0" jump forward_test comment "!fw4: Handle test IPv4/IPv6 forward traffic" 105 } 106 107 chain output { 108 type filter hook output priority filter; policy drop; 109 110 oif "lo" accept comment "!fw4: Accept traffic towards loopback" 111 112 ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows" 113 oifname "eth0" jump output_test comment "!fw4: Handle test IPv4/IPv6 output traffic" 114 } 115 116 chain prerouting { 117 type filter hook prerouting priority filter; policy accept; 118 } 119 120 chain handle_reject { 121 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic" 122 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic" 123 } 124 125 chain input_test { 126 jump drop_from_test 127 } 128 129 chain output_test { 130 jump drop_to_test 131 } 132 133 chain forward_test { 134 jump drop_to_test 135 } 136 137 chain drop_from_test { 138 iifname "eth0" counter drop comment "!fw4: drop test IPv4/IPv6 traffic" 139 } 140 141 chain drop_to_test { 142 oifname "eth0" counter drop comment "!fw4: drop test IPv4/IPv6 traffic" 143 } 144 145 146 # 147 # NAT rules 148 # 149 150 chain dstnat { 151 type nat hook prerouting priority dstnat; policy accept; 152 } 153 154 chain srcnat { 155 type nat hook postrouting priority srcnat; policy accept; 156 } 157 158 159 # 160 # Raw rules (notrack) 161 # 162 163 chain raw_prerouting { 164 type filter hook prerouting priority raw; policy accept; 165 } 166 167 chain raw_output { 168 type filter hook output priority raw; policy accept; 169 } 170 171 172 # 173 # Mangle rules 174 # 175 176 chain mangle_prerouting { 177 type filter hook prerouting priority mangle; policy accept; 178 } 179 180 chain mangle_postrouting { 181 type filter hook postrouting priority mangle; policy accept; 182 } 183 184 chain mangle_input { 185 type filter hook input priority mangle; policy accept; 186 } 187 188 chain mangle_output { 189 type route hook output priority mangle; policy accept; 190 } 191 192 chain mangle_forward { 193 type filter hook forward priority mangle; policy accept; 194 } 195 } 196 -- End --
This page was automatically generated by LXR 0.3.1. • OpenWrt