diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2016-01-13 09:28:07 +0100 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2016-01-13 09:28:07 +0100 |
commit | 9592763b89d03e988fb46f2fc05c0cdc992534d3 (patch) | |
tree | 9c06d11a2caf27716b74c141afddbdcb90a37d79 /tests | |
parent | 9b0be3d2545bfd0b482883bada1f4f0410b683ef (diff) |
Test added to check 0.0.0.0/0,iface to be matched in hash:net,iface type
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/iptables.sh | 6 | ||||
-rw-r--r-- | tests/match_target.t | 8 |
2 files changed, 14 insertions, 0 deletions
diff --git a/tests/iptables.sh b/tests/iptables.sh index 7ea90e0..490d42d 100755 --- a/tests/iptables.sh +++ b/tests/iptables.sh @@ -111,6 +111,12 @@ mangle) $cmd -t mangle -A INPUT -m mark --mark 0x1234 -j LOG --log-prefix "in set mark: " $cmd -t mangle -A INPUT -s 10.255.0.0/16 -j DROP ;; +netiface) + $ipset n test hash:net,iface + $ipset a test 0.0.0.0/0,eth0 + $cmd -A OUTPUT -m set --match-set test dst,dst -j LOG --log-prefix "in set netiface: " + $cmd -A OUTPUT -d 10.255.255.254 -j DROP + ;; stop) $cmd -F $cmd -X diff --git a/tests/match_target.t b/tests/match_target.t index 02a0ea3..59e1643 100644 --- a/tests/match_target.t +++ b/tests/match_target.t @@ -104,4 +104,12 @@ 0 ipset t test 10.255.255.0/24 # Destroy sets and rules 0 ./iptables.sh inet stop +# Create set and rules for 0.0.0.0/0 check in hash:net,iface +0 ./iptables.sh inet netiface +# Send probe packet +0 sendip -p ipv4 -id 10.255.255.254 -is 10.255.255.64 -p udp -ud 80 -us 1025 10.255.255.254 >/dev/null 2>&1 +# Check kernel log that the packet matched the set +0 ./check_klog.sh 10.255.255.64 udp 1025 netiface +# Destroy sets and rules +0 ./iptables.sh inet stop # eof |