diff options
| -rwxr-xr-x | tests/iptables.sh | 6 | ||||
| -rw-r--r-- | tests/match_target.t | 8 |
2 files changed, 14 insertions, 0 deletions
diff --git a/tests/iptables.sh b/tests/iptables.sh index 7ea90e0..490d42d 100755 --- a/tests/iptables.sh +++ b/tests/iptables.sh @@ -111,6 +111,12 @@ mangle) $cmd -t mangle -A INPUT -m mark --mark 0x1234 -j LOG --log-prefix "in set mark: " $cmd -t mangle -A INPUT -s 10.255.0.0/16 -j DROP ;; +netiface) + $ipset n test hash:net,iface + $ipset a test 0.0.0.0/0,eth0 + $cmd -A OUTPUT -m set --match-set test dst,dst -j LOG --log-prefix "in set netiface: " + $cmd -A OUTPUT -d 10.255.255.254 -j DROP + ;; stop) $cmd -F $cmd -X diff --git a/tests/match_target.t b/tests/match_target.t index 02a0ea3..59e1643 100644 --- a/tests/match_target.t +++ b/tests/match_target.t @@ -104,4 +104,12 @@ 0 ipset t test 10.255.255.0/24 # Destroy sets and rules 0 ./iptables.sh inet stop +# Create set and rules for 0.0.0.0/0 check in hash:net,iface +0 ./iptables.sh inet netiface +# Send probe packet +0 sendip -p ipv4 -id 10.255.255.254 -is 10.255.255.64 -p udp -ud 80 -us 1025 10.255.255.254 >/dev/null 2>&1 +# Check kernel log that the packet matched the set +0 ./check_klog.sh 10.255.255.64 udp 1025 netiface +# Destroy sets and rules +0 ./iptables.sh inet stop # eof |