Imported Upstream version 5.0.2

5 files changed, 39 insertions, 16 deletions

diff --git a/testing/tests/pfkey/nat-rw/evaltest.dat b/testing/tests/pfkey/nat-rw/evaltest.dat
index a0b9c678f..ac09e2d6b 100644
--- a/testing/tests/pfkey/nat-rw/evaltest.dat
+++ b/testing/tests/pfkey/nat-rw/evaltest.dat
@@ -6,7 +6,7 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
 venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
 sun::  ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL::YES
 sun::  ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/pfkey/nat-rw/hosts/sun/etc/iptables.rules b/testing/tests/pfkey/nat-rw/hosts/sun/etc/iptables.rules
new file mode 100644
index 000000000..ae8f9a61e
--- /dev/null
+++ b/testing/tests/pfkey/nat-rw/hosts/sun/etc/iptables.rules
@@ -0,0 +1,24 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/pfkey/nat-rw/posttest.dat b/testing/tests/pfkey/nat-rw/posttest.dat
index 52572ece8..4643a3a7b 100644
--- a/testing/tests/pfkey/nat-rw/posttest.dat
+++ b/testing/tests/pfkey/nat-rw/posttest.dat
@@ -1,8 +1,8 @@
 sun::ipsec stop
 alice::ipsec stop
 venus::ipsec stop
-alice::/etc/init.d/iptables stop 2> /dev/null
-venus::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
+alice::iptables-restore < /etc/iptables.flush
+venus::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
 moon::iptables -t nat -F
 moon::conntrack -F
diff --git a/testing/tests/pfkey/nat-rw/pretest.dat b/testing/tests/pfkey/nat-rw/pretest.dat
index e365ff5c5..d701a1d61 100644
--- a/testing/tests/pfkey/nat-rw/pretest.dat
+++ b/testing/tests/pfkey/nat-rw/pretest.dat
@@ -1,7 +1,6 @@
-alice::/etc/init.d/iptables start 2> /dev/null
-venus::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+alice::iptables-restore < /etc/iptables.rules
+venus::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
 moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
 moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
 alice::ipsec start
diff --git a/testing/tests/pfkey/nat-rw/test.conf b/testing/tests/pfkey/nat-rw/test.conf
index 84317fd70..f515d4bc7 100644
--- a/testing/tests/pfkey/nat-rw/test.conf
+++ b/testing/tests/pfkey/nat-rw/test.conf
@@ -1,21 +1,21 @@
 #!/bin/bash
 #
 # This configuration file provides information on the
-# UML instances used for this test
+# guest instances used for this test
 
-# All UML instances that are required for this test
+# All guest instances that are required for this test
 #
-UMLHOSTS="alice venus moon winnetou sun bob"
+VIRTHOSTS="alice venus moon winnetou sun bob"
 
 # Corresponding block diagram
 #
 DIAGRAM="a-v-m-w-s-b.png"
 
-# UML instances on which tcpdump is to be started
+# Guest instances on which tcpdump is to be started
 #
 TCPDUMPHOSTS="moon"
 
-# UML instances on which IPsec is started
+# Guest instances on which IPsec is started
 # Used for IPsec logging purposes
 #
 IPSECHOSTS="alice venus sun"