diff options
Diffstat (limited to 'tests/iptables.sh')
| -rwxr-xr-x | tests/iptables.sh | 40 |
1 files changed, 21 insertions, 19 deletions
diff --git a/tests/iptables.sh b/tests/iptables.sh index 63b0b92..03d2e09 100755 --- a/tests/iptables.sh +++ b/tests/iptables.sh @@ -3,6 +3,8 @@ # set -x set -e +ipset=${IPSET_BIN:-../src/ipset} + # We play with the following networks: # inet: 10.255.255.0/24 # 10.255.255.0-31 in ip1 @@ -37,14 +39,14 @@ esac case "$2" in start) - ../src/ipset n ip1 hash:ip $family 2>/dev/null - ../src/ipset a ip1 $IP1 2>/dev/null - ../src/ipset n ip2 hash:ip $family 2>/dev/null - ../src/ipset a ip2 $IP2 2>/dev/null - ../src/ipset n ipport hash:ip,port $family 2>/dev/null - ../src/ipset n list list:set 2>/dev/null - ../src/ipset a list ipport 2>/dev/null - ../src/ipset a list ip1 2>/dev/null + $ipset n ip1 hash:ip $family 2>/dev/null + $ipset a ip1 $IP1 2>/dev/null + $ipset n ip2 hash:ip $family 2>/dev/null + $ipset a ip2 $IP2 2>/dev/null + $ipset n ipport hash:ip,port $family 2>/dev/null + $ipset n list list:set 2>/dev/null + $ipset a list ipport 2>/dev/null + $ipset a list ip1 2>/dev/null $cmd -A INPUT ! -s $NET -j ACCEPT $cmd -A INPUT -m set ! --match-set ip1 src \ -m set ! --match-set ip2 src \ @@ -62,10 +64,10 @@ start) cat /dev/null > /var/log/kern.log ;; start_flags) - ../src/ipset n test hash:net $family 2>/dev/null - ../src/ipset a test 10.0.0.0/16 2>/dev/null - ../src/ipset a test 10.0.0.0/24 nomatch 2>/dev/null - ../src/ipset a test 10.0.0.1 2>/dev/null + $ipset n test hash:net $family 2>/dev/null + $ipset a test 10.0.0.0/16 2>/dev/null + $ipset a test 10.0.0.0/24 nomatch 2>/dev/null + $ipset a test 10.0.0.1 2>/dev/null $cmd -A INPUT ! -s 10.0.0.0/16 -j ACCEPT $cmd -A INPUT -m set --match-set test src \ -j LOG --log-prefix "in set test: " @@ -76,10 +78,10 @@ start_flags) cat /dev/null > /var/log/kern.log ;; start_flags_reversed) - ../src/ipset n test hash:net $family 2>/dev/null - ../src/ipset a test 10.0.0.0/16 2>/dev/null - ../src/ipset a test 10.0.0.0/24 nomatch 2>/dev/null - ../src/ipset a test 10.0.0.1 2>/dev/null + $ipset n test hash:net $family 2>/dev/null + $ipset a test 10.0.0.0/16 2>/dev/null + $ipset a test 10.0.0.0/24 nomatch 2>/dev/null + $ipset a test 10.0.0.1 2>/dev/null $cmd -A INPUT ! -s 10.0.0.0/16 -j ACCEPT $cmd -A INPUT -m set --match-set test src --return-nomatch \ -j LOG --log-prefix "in set test-nomatch: " @@ -94,14 +96,14 @@ del) $cmd -A INPUT -j SET --del-set ipport src,src ;; timeout) - ../src/ipset n test hash:ip,port timeout 2 + $ipset n test hash:ip,port timeout 2 $cmd -A INPUT -j SET --add-set test src,src --timeout 10 --exist ;; stop) $cmd -F $cmd -X - ../src/ipset -F 2>/dev/null - ../src/ipset -X 2>/dev/null + $ipset -F 2>/dev/null + $ipset -X 2>/dev/null ;; *) echo "Usage: $0 start|stop" |