diff options
| author | sskaje <sskaje@gmail.com> | 2025-03-30 14:24:25 +0800 |
|---|---|---|
| committer | sskaje <sskaje@gmail.com> | 2025-03-30 14:24:25 +0800 |
| commit | 8f20f0ef786318c5a6f43b8f3aa9133de98a8054 (patch) | |
| tree | 955d85a9262fbd9cb65cdcb05001b5f31835590e /smoketest/scripts/cli/test_policy_route.py | |
| parent | 795154d9009b669f8858ed983c6b7486aaee1125 (diff) | |
| download | vyos-1x-8f20f0ef786318c5a6f43b8f3aa9133de98a8054.tar.gz vyos-1x-8f20f0ef786318c5a6f43b8f3aa9133de98a8054.zip | |
geoip: T5636: add smoketest for pbr geoip
Diffstat (limited to 'smoketest/scripts/cli/test_policy_route.py')
| -rwxr-xr-x | smoketest/scripts/cli/test_policy_route.py | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_policy_route.py b/smoketest/scripts/cli/test_policy_route.py index 53761b7d6..15ddd857e 100755 --- a/smoketest/scripts/cli/test_policy_route.py +++ b/smoketest/scripts/cli/test_policy_route.py @@ -307,5 +307,39 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): self.verify_nftables(nftables6_search, 'ip6 vyos_mangle') + def test_geoip(self): + self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'action', 'drop']) + self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'source', 'geoip', 'country-code', 'se']) + self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'source', 'geoip', 'country-code', 'gb']) + self.cli_set(['policy', 'route', 'smoketest', 'rule', '2', 'action', 'accept']) + self.cli_set(['policy', 'route', 'smoketest', 'rule', '2', 'source', 'geoip', 'country-code', 'de']) + self.cli_set(['policy', 'route', 'smoketest', 'rule', '2', 'source', 'geoip', 'country-code', 'fr']) + self.cli_set(['policy', 'route', 'smoketest', 'rule', '2', 'source', 'geoip', 'inverse-match']) + + self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '1', 'action', 'drop']) + self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '1', 'source', 'geoip', 'country-code', 'se']) + self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '1', 'source', 'geoip', 'country-code', 'gb']) + self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '2', 'action', 'accept']) + self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '2', 'source', 'geoip', 'country-code', 'de']) + self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '2', 'source', 'geoip', 'country-code', 'fr']) + self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '2', 'source', 'geoip', 'inverse-match']) + + self.cli_commit() + + nftables_search = [ + ['ip saddr @GEOIP_CC_route_smoketest_1', 'drop'], + ['ip saddr != @GEOIP_CC_route_smoketest_2', 'accept'], + ] + + # -t prevents 1000+ GeoIP elements being returned + self.verify_nftables(nftables_search, 'ip vyos_mangle', args='-t') + + nftables_search = [ + ['ip6 saddr @GEOIP_CC6_route6_smoketest6_1', 'drop'], + ['ip6 saddr != @GEOIP_CC6_route6_smoketest6_2', 'accept'], + ] + + self.verify_nftables(nftables_search, 'ip6 vyos_mangle', args='-t') + if __name__ == '__main__': unittest.main(verbosity=2) |