diff options
author | Christian Breunig <christian@breunig.cc> | 2023-09-28 17:02:33 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-28 17:02:33 +0200 |
commit | 852e9c3328e61f5d0b92a9efca376aec94533f2b (patch) | |
tree | 0aff1a25a0e9ce69b39cc14f609d11c4f547d54f /smoketest/scripts | |
parent | 5bcd00a2ee5ef92470ddc67f7821bb8c8659765d (diff) | |
parent | bdad4e046872e054ec7783b2f04b73a8a690a045 (diff) | |
download | vyos-1x-852e9c3328e61f5d0b92a9efca376aec94533f2b.tar.gz vyos-1x-852e9c3328e61f5d0b92a9efca376aec94533f2b.zip |
Merge pull request #2295 from sever-sever/T5217-synproxy
T5217: Add firewall synproxy
Diffstat (limited to 'smoketest/scripts')
-rwxr-xr-x | smoketest/scripts/cli/test_firewall.py | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py index 4a577562d..67e949f95 100755 --- a/smoketest/scripts/cli/test_firewall.py +++ b/smoketest/scripts/cli/test_firewall.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2022 VyOS maintainers and contributors +# Copyright (C) 2021-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -338,6 +338,31 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase): self.verify_nftables(nftables_search, 'ip vyos_filter') + def test_ipv4_synproxy(self): + tcp_mss = '1460' + tcp_wscale = '7' + dport = '22' + + self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '10', 'action', 'drop']) + self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '10', 'protocol', 'tcp']) + self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '10', 'destination', 'port', dport]) + self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '10', 'synproxy', 'tcp', 'mss', tcp_mss]) + self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '10', 'synproxy', 'tcp', 'window-scale', tcp_wscale]) + + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '10', 'action', 'synproxy']) + + self.cli_commit() + + nftables_search = [ + [f'tcp dport {dport} ct state invalid,untracked', f'synproxy mss {tcp_mss} wscale {tcp_wscale} timestamp sack-perm'] + ] + + self.verify_nftables(nftables_search, 'ip vyos_filter') + + def test_ipv4_mask(self): name = 'smoketest-mask' interface = 'eth0' |