summaryrefslogtreecommitdiffstats
path: root/tests/iptables.sh
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2010-06-25 16:30:52 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2010-06-25 16:30:52 +0200
commit780f6384c5c6639da3f5a6ac8d30653e8a26d6c0 (patch)
tree9c8091a4d0a01f0f3216dd5758bf4d07e81cb843 /tests/iptables.sh
parent020936c8c3375e1efe44a3087c891a4b2cbfe044 (diff)
ipset 5: IPv6 port related and manpage fixes, more testsv5.0-pre4
- getting ports for family INET6 fixed - more manpage polishing - tests to check the iptables/ip6tables match and target added
Diffstat (limited to 'tests/iptables.sh')
-rwxr-xr-xtests/iptables.sh72
1 files changed, 72 insertions, 0 deletions
diff --git a/tests/iptables.sh b/tests/iptables.sh
new file mode 100755
index 0000000..935b236
--- /dev/null
+++ b/tests/iptables.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+set -e
+
+# We play with the following networks:
+# inet: 10.255.255.0/24
+# 10.255.255.0-31 in ip1
+# 10.255.255.32-63 in ip2
+# rest in ipport
+# inet6: 1002:1002:1002:1002::/64
+# 1002:1002:1002:1002::1 in ip1
+# 1002:1002:1002:1002::32 in ip2
+# rest in ipport
+
+case "$1" in
+inet)
+ cmd=iptables
+ family=
+ NET=10.255.255.0/24
+ IP1=10.255.255.1
+ IP2=10.255.255.32
+ ;;
+inet6)
+ cmd=ip6tables
+ family="family inet6"
+ NET=1002:1002:1002:1002::/64
+ IP1=1002:1002:1002:1002::1
+ IP2=1002:1002:1002:1002::32
+ ;;
+*)
+ echo "Usage: $0 inet|inet6 start|stop"
+ exit 1
+ ;;
+esac
+
+
+case "$2" in
+start)
+ ../src/ipset n ip1 hash:ip $family 2>/dev/null
+ ../src/ipset a ip1 $IP1 2>/dev/null
+ ../src/ipset n ip2 hash:ip $family 2>/dev/null
+ ../src/ipset a ip2 $IP2 2>/dev/null
+ ../src/ipset n ipport hash:ip,port $family proto any 2>/dev/null
+ ../src/ipset n list list:set 2>/dev/null
+ ../src/ipset a list ipport 2>/dev/null
+ ../src/ipset a list ip1 2>/dev/null
+ $cmd -A INPUT ! -s $NET -j ACCEPT
+ $cmd -A INPUT -m set ! --match-set ip1 src \
+ -m set ! --match-set ip2 src \
+ -j SET --add-set ipport src,src
+ $cmd -A INPUT -m set --match-set ip1 src \
+ -j LOG --log-prefix "in set ip1: "
+ $cmd -A INPUT -m set --match-set ip2 src \
+ -j LOG --log-prefix "in set ip2: "
+ $cmd -A INPUT -m set --match-set ipport src,src \
+ -j LOG --log-prefix "in set ipport: "
+ $cmd -A INPUT -m set --match-set list src,src \
+ -j LOG --log-prefix "in set list: "
+ $cmd -A OUTPUT -d $NET -j DROP
+ cat /dev/null > .foo.err
+ ;;
+stop)
+ $cmd -F
+ $cmd -X
+ ../src/ipset -F 2>/dev/null
+ ../src/ipset -X 2>/dev/null
+ ;;
+*)
+ echo "Usage: $0 start|stop"
+ exit 1
+ ;;
+esac