summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--tests/options-ipv4.rules52
-rw-r--r--tests/options-most.rules170
2 files changed, 222 insertions, 0 deletions
diff --git a/tests/options-ipv4.rules b/tests/options-ipv4.rules
new file mode 100644
index 00000000..b4adc926
--- /dev/null
+++ b/tests/options-ipv4.rules
@@ -0,0 +1,52 @@
+# Generated by iptables-save v1.4.10 on Mon Jan 31 03:03:38 2011
+*mangle
+:PREROUTING ACCEPT [2461:977932]
+:INPUT ACCEPT [2461:977932]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [1740:367048]
+:POSTROUTING ACCEPT [1740:367048]
+
+# libipt_
+-A INPUT -p ah -m ah --ahspi 1
+-A INPUT -p ah -m ah --ahspi :2
+-A INPUT -p ah -m ah --ahspi 0:3
+-A INPUT -p ah -m ah --ahspi 4:
+-A INPUT -p ah -m ah --ahspi 5:4294967295
+
+-A FORWARD -p tcp -j ECN --ecn-tcp-remove
+-A FORWARD -j LOG --log-prefix "hi" --log-tcp-sequence --log-tcp-options --log-ip-options --log-uid --log-macdecode
+-A FORWARD -j TTL --ttl-inc 1
+-A FORWARD -j TTL --ttl-dec 1
+-A FORWARD -j TTL --ttl-set 1
+-A FORWARD -j ULOG --ulog-prefix "abc" --ulog-cprange 2 --ulog-qthreshold 2
+COMMIT
+# Completed on Mon Jan 31 03:03:38 2011
+# Generated by iptables-save v1.4.10 on Mon Jan 31 03:03:38 2011
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+-A PREROUTING -d 1.2.3.4/32 -i lo -j CLUSTERIP --new --hashmode sourceip --clustermac 01:02:03:04:05:06 --total-nodes 9 --local-node 2 --hash-init 123456789
+-A PREROUTING -i dummy0 -j DNAT --to-destination 1.2.3.4 --random --persistent
+-A PREROUTING -i dummy0 -p tcp -j REDIRECT --to-ports 1-2 --random
+-A POSTROUTING -o dummy0 -p tcp -j MASQUERADE --to-ports 1-2 --random
+-A POSTROUTING -o dummy0 -p tcp -j NETMAP --to 1.0.0.0/8
+-A POSTROUTING -o dummy0 -p tcp -j SNAT --to-source 1.2.3.4-1.2.3.5 --random --persistent
+COMMIT
+# Completed on Mon Jan 31 03:03:38 2011
+# Generated by iptables-save v1.4.10 on Mon Jan 31 03:03:38 2011
+*filter
+:INPUT ACCEPT [76:13548]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [59:11240]
+#-A INPUT -m addrtype --src-type UNICAST --dst-type UNICAST --limit-iface-in
+-A INPUT -p tcp -m ecn --ecn-tcp-ece --ecn-tcp-cwr --ecn-ip-ect 0
+-A INPUT -p tcp -m ecn --ecn-tcp-ece --ecn-tcp-cwr --ecn-ip-ect 1
+-A INPUT -p icmp -m icmp --icmp-type 5/0
+-A INPUT -p icmp -m icmp --icmp-type 5/1
+-A INPUT -p icmp -m icmp --icmp-type 5
+-A INPUT -m realm --realm 0x1 -m ttl --ttl-eq 64 -m ttl --ttl-lt 64 -m ttl --ttl-gt 64
+-A FORWARD -p tcp -j REJECT --reject-with tcp-reset
+COMMIT
+# Completed on Mon Jan 31 03:03:39 2011
diff --git a/tests/options-most.rules b/tests/options-most.rules
new file mode 100644
index 00000000..4cd3a87d
--- /dev/null
+++ b/tests/options-most.rules
@@ -0,0 +1,170 @@
+# Generated by ip6tables-save v1.4.10 on Mon Jan 31 02:19:53 2011
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:matches - -
+:ntarg - -
+:zmatches - -
+-A INPUT -j matches
+-A INPUT -m u32 --u32 "0x0=0x0&&0x0=0x1" -j ntarg
+-A INPUT -j zmatches
+-A INPUT -m conntrack --ctstate INVALID --ctproto 6 --ctorigsrc fe80::/64 --ctorigdst fe80::/64 --ctreplsrc fe80::/64 --ctrepldst fe80::/64 --ctorigsrcport 12 --ctorigdstport 13 --ctreplsrcport 14 --ctrepldstport 15 --ctstatus EXPECTED --ctexpire 1:2 --ctdir REPLY
+-A INPUT -p tcp -m cluster --cluster-local-nodemask 0x00000001 --cluster-total-nodes 2 --cluster-hash-seed 0x00000001 -m cluster --cluster-local-nodemask 0x00000001 --cluster-total-nodes 2 --cluster-hash-seed 0x00000001 -m comment --comment foo -m connbytes --connbytes 1:2 --connbytes-mode packets --connbytes-dir both -m connlimit --connlimit-upto 1 --connlimit-mask 8 --connlimit-saddr -m connlimit --connlimit-above 1 --connlimit-mask 9 --connlimit-daddr -m connmark --mark 0x99 -m conntrack --ctstate INVALID --ctproto 6 --ctorigsrc fe80::/64 --ctorigdst fe80::/64 --ctreplsrc fe80::/64 --ctrepldst fe80::/64 --ctorigsrcport 12 --ctorigdstport 13 --ctreplsrcport 14 --ctrepldstport 15 --ctstatus EXPECTED --ctexpire 1:2 --ctdir REPLY -m cpu --cpu 2 -m dscp --dscp 0x04 -m dscp --dscp 0x00 -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 5 --hashlimit-mode srcip,dstip --hashlimit-name f1 --hashlimit-htable-size 64 --hashlimit-htable-max 128 --hashlimit-htable-gcinterval 60 --hashlimit-htable-expire 120 --hashlimit-srcmask 24 --hashlimit-dstmask 24 -m hashlimit --hashlimit-above 5/sec --hashlimit-burst 5 --hashlimit-name f1 -m helper --helper ftp -m iprange --src-range ::1-::2 --dst-range ::1-::2 -m ipvs --vaddr fe80::/64 --vport 1 --vdir REPLY --vmethod GATE --vportctl 21 -m length --length 1:2 -m limit --limit 1/sec -m mac --mac-source 01:02:03:04:05:06 -m mark --mark 0x1 -m physdev --physdev-in eth0 -m pkttype --pkt-type unicast -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --mode tunnel --tunnel-dst fe80::/64 --tunnel-src fe80::/64 --next --reqid 2 -m quota --quota 0 -m recent --rcheck --name DEFAULT --rsource -m socket --transparent -m string --string "foobar" --algo kmp --from 1 --to 2 --icase -m time --timestart 01:02:03 --timestop 03:04:05 --monthdays 1,2,3,4,5 --weekdays Mon,Fri,Sun --datestart 2001-02-03T04:05:06 --datestop 2012-09-08T09:06:05 --utc -m tos --tos 0xff/0x01 -m u32 --u32 "0x0=0x0" -m u32 --u32 "0x0=0x0" -m hbh -m hbh -m hl --hl-eq 1
+-A INPUT -m ipv6header --header hop-by-hop --soft
+-A INPUT -p tcp -m cluster --cluster-local-nodemask 0x00000001 --cluster-total-nodes 2 --cluster-hash-seed 0x00000001
+-A INPUT -p tcp -m cluster --cluster-local-nodemask 0x00000001 --cluster-total-nodes 2 --cluster-hash-seed 0x00000001
+-A INPUT -p tcp -m comment --comment foo
+-A INPUT -p tcp -m connbytes --connbytes 1:2 --connbytes-mode packets --connbytes-dir both
+-A INPUT -p tcp -m connlimit --connlimit-upto 1 --connlimit-mask 8 --connlimit-saddr
+-A INPUT -p tcp -m connlimit --connlimit-above 1 --connlimit-mask 9 --connlimit-daddr
+-A INPUT -p tcp -m connmark --mark 0x99
+-A INPUT -p tcp -m conntrack --ctstate INVALID --ctproto 6 --ctorigsrc fe80::/64 --ctorigdst fe80::/64 --ctreplsrc fe80::/64 --ctrepldst fe80::/64 --ctorigsrcport 12 --ctorigdstport 13 --ctreplsrcport 14 --ctrepldstport 15 --ctstatus EXPECTED --ctexpire 1:2 --ctdir REPLY
+-A INPUT -p tcp -m cpu --cpu 2
+-A INPUT -p tcp -m dscp --dscp 0x04
+-A INPUT -p tcp -m dscp --dscp 0x00
+-A INPUT -p tcp -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 5 --hashlimit-mode srcip,dstip --hashlimit-name f1 --hashlimit-htable-size 64 --hashlimit-htable-max 128 --hashlimit-htable-gcinterval 60 --hashlimit-htable-expire 120 --hashlimit-srcmask 24 --hashlimit-dstmask 24
+-A INPUT -p tcp -m hashlimit --hashlimit-above 5/sec --hashlimit-burst 5 --hashlimit-name f1
+-A INPUT -p tcp -m helper --helper ftp
+-A INPUT -p tcp -m iprange --src-range ::1-::2 --dst-range ::1-::2
+-A INPUT -p tcp -m length --length 1:2
+-A INPUT -p tcp -m limit --limit 1/sec
+-A INPUT -p tcp -m mac --mac-source 01:02:03:04:05:06
+-A INPUT -p tcp -m mark --mark 0x1
+-A INPUT -p tcp -m physdev --physdev-in eth0
+-A INPUT -p tcp -m pkttype --pkt-type unicast
+-A INPUT -p tcp -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --mode tunnel --tunnel-dst fe80::/64 --tunnel-src fe80::/64 --next --reqid 2
+-A INPUT -p tcp -m quota --quota 0
+-A INPUT -p tcp -m recent --rcheck --name DEFAULT --rsource
+-A INPUT -p tcp -m socket --transparent
+-A INPUT -p tcp -m string --string "foobar" --algo kmp --from 1 --to 2 --icase
+-A INPUT -p tcp -m tos --tos 0xff/0x01
+-A INPUT -p tcp -m u32 --u32 "0x0=0x0" -m u32 --u32 "0x0=0x0"
+-A INPUT -p tcp -m hbh -m hbh -m hl --hl-eq 1 -m ipv6header --header hop-by-hop --soft
+-A INPUT -m ipv6header --header hop-by-hop --soft -m rt --rt-type 2 --rt-segsleft 2 --rt-len 5 -m rt --rt-type 0 --rt-segsleft 2 --rt-len 5 --rt-0-res --rt-0-addrs ::1 --rt-0-not-strict -m rt --rt-type 0 --rt-segsleft 2 --rt-len 5 --rt-0-res --rt-0-addrs ::1,::2 --rt-0-not-strict
+-A INPUT -p tcp -m cpu --cpu 1 -m tcp --sport 1:2 --dport 1:2 --tcp-option 1 --tcp-flags FIN,SYN,RST,ACK SYN -m cpu --cpu 1
+-A INPUT -p dccp -m cpu --cpu 1 -m dccp --sport 1:2 --dport 3:4 -m cpu --cpu 1
+-A INPUT -p udp -m cpu --cpu 1 -m udp --sport 1:2 --dport 3:4 -m cpu --cpu 1
+-A INPUT -p sctp -m cpu --cpu 1 -m sctp --sport 1:2 --dport 3:4 --chunk-types all INIT,SACK -m cpu --cpu 1
+-A INPUT -p esp -m esp --espspi 1:2
+-A INPUT -p tcp -m multiport --dports 1,2 -m multiport --dports 1,2
+-A INPUT -p tcp -m tcpmss --mss 1:2 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN
+-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 4/0
+-A INPUT
+-A INPUT -p mobility
+-A INPUT -p mobility -m mh --mh-type 3
+-A OUTPUT -m owner --socket-exists --uid-owner 1-2 --gid-owner 2-3
+-A matches -m connbytes --connbytes 1 --connbytes-mode bytes --connbytes-dir both
+-A matches
+-A matches -m connbytes --connbytes :2 --connbytes-mode bytes --connbytes-dir both
+-A matches
+-A matches -m connbytes --connbytes 0:3 --connbytes-mode bytes --connbytes-dir both
+-A matches
+-A matches -m connbytes --connbytes 4: --connbytes-mode bytes --connbytes-dir both
+-A matches
+-A matches -m connbytes --connbytes 5:18446744073709551615 --connbytes-mode bytes --connbytes-dir both
+-A matches
+-A matches -m conntrack --ctexpire 1
+-A matches
+-A matches -m conntrack --ctexpire :2
+-A matches
+-A matches -m conntrack --ctexpire 0:3
+-A matches
+-A matches -m conntrack --ctexpire 4:
+-A matches
+-A matches -m conntrack --ctexpire 5:4294967295
+-A matches
+-A matches -p esp -m esp --espspi 1
+-A matches
+-A matches -p esp -m esp --espspi :2
+-A matches
+-A matches -p esp -m esp --espspi 0:3
+-A matches
+-A matches -p esp -m esp --espspi 4:
+-A matches
+-A matches -p esp -m esp --espspi 5:4294967295
+-A matches
+-A matches -m ipvs --vaddr fe80::/64 --vport 1 --vdir REPLY --vmethod GATE --vportctl 21
+-A matches
+-A matches -m length --length 1
+-A matches
+-A matches -m length --length :2
+-A matches
+-A matches -m length --length 0:3
+-A matches
+-A matches -m length --length 4:
+-A matches
+-A matches -m length --length 5:65535
+-A matches
+-A matches -p tcp -m tcpmss --mss 1
+-A matches
+-A matches -p tcp -m tcpmss --mss :2
+-A matches
+-A matches -p tcp -m tcpmss --mss 0:3
+-A matches
+-A matches -p tcp -m tcpmss --mss 4:
+-A matches
+-A matches -p tcp -m tcpmss --mss 5:65535
+-A matches
+-A matches -m time --timestart 01:02:03 --timestop 04:05:06 --monthdays 1,2,3,4,5 --weekdays Mon,Fri,Sun --datestart 2001-02-03T04:05:06 --datestop 2012-09-08T09:06:05 --localtz
+-A matches
+-A matches -m time --timestart 01:02:03 --timestop 04:05:06 --monthdays 1,2,3,4,5 --weekdays Mon,Fri,Sun --datestart 2001-02-03T04:05:06 --datestop 2012-09-08T09:06:05 --kerneltz
+-A matches
+-A matches -m time --timestart 01:02:03 --timestop 04:05:06 --monthdays 1,2,3,4,5 --weekdays Mon,Fri,Sun --datestart 2001-02-03T04:05:06 --datestop 2012-09-08T09:06:05
+-A matches
+-A matches -m time --timestart 02:00:00 --timestop 03:00:00 --datestart 1970-01-01T02:00:00 --datestop 1970-01-01T03:00:00
+-A matches
+-A matches -m ah --ahspi 1
+-A matches
+-A matches -m ah --ahspi :2
+-A matches
+-A matches -m ah --ahspi 0:3
+-A matches
+-A matches -m ah --ahspi 4:
+-A matches
+-A matches -m ah --ahspi 5:4294967295
+-A matches
+-A matches -m frag --fragid 1
+-A matches
+-A matches -m frag --fragid :2
+-A matches
+-A matches -m frag --fragid 0:3
+-A matches
+-A matches -m frag --fragid 4:
+-A matches
+-A matches -m frag --fragid 5:4294967295
+-A matches
+-A matches -m rt --rt-segsleft 1
+-A matches
+-A matches -m rt --rt-segsleft :2
+-A matches
+-A matches -m rt --rt-segsleft 0:3
+-A matches
+-A matches -m rt --rt-segsleft 4:
+-A matches
+-A matches -m rt --rt-segsleft 5:4294967295
+-A matches
+-A ntarg -j NFQUEUE --queue-num 1
+-A ntarg
+-A ntarg -j NFQUEUE --queue-balance 8:99
+-A ntarg
+-A ntarg -j RATEEST --rateest-name RE1 --rateest-interval 250.0ms --rateest-ewmalog 500.0ms
+-A ntarg
+-A ntarg -j RATEEST --rateest-name RE2 --rateest-interval 250.0ms --rateest-ewmalog 500.0ms
+-A ntarg
+#-A zmatches -m rateest --rateest RE1 --rateest-lt --rateest-bps 8bit
+#-A zmatches -m rateest --rateest RE1 --rateest-eq --rateest-bps 8bit
+#-A zmatches -m rateest --rateest RE1 --rateest-gt --rateest-bps 8bit
+#-A zmatches -m rateest --rateest RE1 --rateest-lt --rateest-pps 5
+#-A zmatches -m rateest --rateest RE1 --rateest-eq --rateest-pps 5
+#-A zmatches -m rateest --rateest RE1 --rateest-gt --rateest-pps 5
+#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-lt --rateest-bps2 16bit
+#-A zmatches -m rateest --rateest1 RE1 --rateest-lt --rateest2 RE2 --bytes
+#-A zmatches -m rateest --rateest1 RE1 --rateest-lt --rateest2 RE2 --packets
+#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-eq --rateest-bps2 16bit
+#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-bps1 8bit --rateest-gt --rateest-bps2 16bit
+#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-lt --rateest-pps2 9
+#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-eq --rateest-pps2 9
+#-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-gt --rateest-pps2 9
+COMMIT
+# Completed on Mon Jan 31 02:19:54 2011