diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-01-24 18:14:01 +0100 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-01-24 18:14:01 +0100 |
| commit | d3b9fa094d693f05a747eda21db715a5bbf8dbbc (patch) | |
| tree | 769bba2b579d330d845d7279318e603db7fb8c03 /tests/match_target.t | |
| parent | 15d91179ef61df920bf5e90bab538cb71f36d0f8 (diff) | |
Check ICMP and ICMPv6 with the set match and target in the testsuite
"sendip" needs data otherwise ICMP/ICMPv6 gets truncated...
Diffstat (limited to 'tests/match_target.t')
| -rw-r--r-- | tests/match_target.t | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/tests/match_target.t b/tests/match_target.t index 8c3f3f9..6756be1 100644 --- a/tests/match_target.t +++ b/tests/match_target.t @@ -1,21 +1,43 @@ # Create sets and inet rules which call set match and SET target 0 ./iptables.sh inet start +# Check that 10.255.255.64,tcp:1025 is not in ipport set +1 ipset test ipport 10.255.255.64,tcp:1025 # Send probe packet from 10.255.255.64,tcp:1025 0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that proper sets matched and target worked 0 ./check_klog.sh 10.255.255.64 tcp 1025 ipport list +# Check that 10.255.255.64,tcp:1025 is in ipport set now +0 ipset test ipport 10.255.255.64,tcp:1025 +# Check that 10.255.255.64,udp:1025 is not in ipport set +1 ipset test ipport 10.255.255.64,udp:1025 # Send probe packet from 10.255.255.64,udp:1025 0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1 # Check that proper sets matched and target worked 0 ./check_klog.sh 10.255.255.64 udp 1025 ipport list +# Check that 10.255.255.64,udp:1025 is in ipport set now +0 ipset test ipport 10.255.255.64,udp:1025 +# Check that 10.255.255.1,tcp:1025 is not in ipport set +1 ipset test ipport 10.255.255.1,tcp:1025 # Send probe packet from 10.255.255.1,tcp:1025 0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.1 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that proper sets matched and target worked 0 ./check_klog.sh 10.255.255.1 tcp 1025 ip1 list +# Check that 10.255.255.1,tcp:1025 is not in ipport set +1 ipset test ipport 10.255.255.1,tcp:1025 +# Check that 10.255.255.32,tcp:1025 is not in ipport set +1 ipset test ipport 10.255.255.32,tcp:1025 # Send probe packet from 10.255.255.32,tcp:1025 0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.32 -p tcp -td 80 -ts 1025 127.0.0.1 # Check that proper sets matched and target worked 0 ./check_klog.sh 10.255.255.32 tcp 1025 ip2 +# Check that 10.255.255.32,tcp:1025 is not in ipport set +1 ipset test ipport 10.255.255.32,tcp:1025 +# Check that 10.255.255.64,icmp:host-prohibited is not in ipport set +1 ipset test ipport 10.255.255.64,icmp:host-prohibited +# Send probe packet 10.255.255.64,icmp:host-prohibited +0 sendip -d r10 -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p icmp -ct 3 -cd 10 127.0.0.1 +# Check that 10.255.255.64,icmp:3/10 is in ipport set now +0 ipset test ipport 10.255.255.64,icmp:host-prohibited # Destroy sets and rules 0 ./iptables.sh inet stop # eof |