summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-07-04 20:55:49 +0200
committerGitHub <noreply@github.com>2022-07-04 20:55:49 +0200
commit26506757c3d0354d6d42101dcccde5613a9b1182 (patch)
tree0df570ec9d41b6932f7674cfca9952a38b818ce1 /smoketest
parent171b224c1cf1303a608725ec74b545902daa243e (diff)
parent884f68b25455c547f7b0e7dea4e543daea99f3c2 (diff)
downloadvyos-1x-26506757c3d0354d6d42101dcccde5613a9b1182.tar.gz
vyos-1x-26506757c3d0354d6d42101dcccde5613a9b1182.zip
Merge pull request #1386 from sarthurdev/geoip_negate
firewall: T4299: Add ability to inverse match country-codes
Diffstat (limited to 'smoketest')
-rwxr-xr-xsmoketest/scripts/cli/test_firewall.py22
1 files changed, 20 insertions, 2 deletions
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index ce06b9074..4de90e1ec 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -69,8 +69,8 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
self.verify_nftables(nftables_search, 'ip filter', inverse=True)
- def verify_nftables(self, nftables_search, table, inverse=False):
- nftables_output = cmd(f'sudo nft list table {table}')
+ def verify_nftables(self, nftables_search, table, inverse=False, args=''):
+ nftables_output = cmd(f'sudo nft {args} list table {table}')
for search in nftables_search:
matched = False
@@ -80,6 +80,24 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
break
self.assertTrue(not matched if inverse else matched, msg=search)
+ def test_geoip(self):
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'action', 'drop'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'source', 'geoip', 'country-code', 'se'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '1', 'source', 'geoip', 'country-code', 'gb'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '2', 'action', 'accept'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '2', 'source', 'geoip', 'country-code', 'de'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '2', 'source', 'geoip', 'country-code', 'fr'])
+ self.cli_set(['firewall', 'name', 'smoketest', 'rule', '2', 'source', 'geoip', 'inverse-match'])
+
+ self.cli_commit()
+
+ nftables_search = [
+ ['ip saddr @GEOIP_CC_smoketest_1', 'drop'],
+ ['ip saddr != @GEOIP_CC_smoketest_2', 'return']
+ ]
+ # -t prevents 1000+ GeoIP elements being returned
+ self.verify_nftables(nftables_search, 'ip filter', args='-t')
+
def test_groups(self):
hostmap_path = ['system', 'static-host-mapping', 'host-name']
example_org = ['192.0.2.8', '192.0.2.10', '192.0.2.11']