diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-05-09 07:22:41 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-09 07:22:41 +0200 |
| commit | 432fd1b5e7b5a1e5b8503bf0dcd106369e323dc7 (patch) | |
| tree | e8d30a3eb65895b955c81e284560c24309a5c65e /smoketest/scripts/cli/test_firewall.py | |
| parent | 2e28d3f68c10dadc87bbff9ff2cc6410798384ae (diff) | |
| parent | 15e55af88e6104608487c1138641fcff54594d89 (diff) | |
| download | vyos-1x-432fd1b5e7b5a1e5b8503bf0dcd106369e323dc7.tar.gz vyos-1x-432fd1b5e7b5a1e5b8503bf0dcd106369e323dc7.zip | |
Merge pull request #1279 from nicolas-fort/T990
Firewall: T990: Add snat and dnat connection status on firewall
Diffstat (limited to 'smoketest/scripts/cli/test_firewall.py')
| -rwxr-xr-x | smoketest/scripts/cli/test_firewall.py | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py index 37e6b9e7a..b8f944575 100755 --- a/smoketest/scripts/cli/test_firewall.py +++ b/smoketest/scripts/cli/test_firewall.py @@ -173,6 +173,45 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase): nftables_output = cmd(f'sudo nft list chain {table} {chain}') self.assertTrue('jump VYOS_STATE_POLICY' in nftables_output) + def test_state_and_status_rules(self): + self.cli_set(['firewall', 'name', 'smoketest', 'default-action', 'drop']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'action', 'accept']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'state', 'established', 'enable']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'state', 'related', 'enable']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '2', 'action', 'reject']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '2', 'state', 'invalid', 'enable']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '3', 'action', 'accept']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '3', 'state', 'new', 'enable']) + + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '3', 'connection-status', 'nat', 'destination']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'action', 'accept']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'state', 'new', 'enable']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'state', 'established', 'enable']) + self.cli_set(['firewall', 'name', 'smoketest', 'rule', '4', 'connection-status', 'nat', 'source']) + + self.cli_set(['interfaces', 'ethernet', 'eth0', 'firewall', 'in', 'name', 'smoketest']) + + self.cli_commit() + + nftables_search = [ + ['iifname "eth0"', 'jump NAME_smoketest'], + ['ct state { established, related }', 'return'], + ['ct state { invalid }', 'reject'], + ['ct state { new }', 'ct status { dnat }', 'return'], + ['ct state { established, new }', 'ct status { snat }', 'return'], + ['smoketest default-action', 'drop'] + ] + + nftables_output = cmd('sudo nft list table ip filter') + + for search in nftables_search: + matched = False + for line in nftables_output.split("\n"): + if all(item in line for item in search): + matched = True + break + self.assertTrue(matched, msg=search) + def test_sysfs(self): for name, conf in sysfs_config.items(): paths = glob(conf['sysfs']) |