diff options
Diffstat (limited to 'iptables/tests/shell/testcases/ipt-save')
-rwxr-xr-x | iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 | 13 | ||||
-rw-r--r-- | iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml | 925 |
2 files changed, 938 insertions, 0 deletions
diff --git a/iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 b/iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 new file mode 100755 index 00000000..50c0cae8 --- /dev/null +++ b/iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 @@ -0,0 +1,13 @@ +#!/bin/bash + +case "$(basename $XT_MULTI)" in + xtables-legacy-multi) + ;; + *) + echo "skip $XT_MULTI" + exit 0 + ;; +esac + +dump=$(dirname $0)/dumps/fedora27-iptables +diff -u -Z <(cat ${dump}.xml) <($XT_MULTI iptables-xml <$dump) diff --git a/iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml b/iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml new file mode 100644 index 00000000..400be032 --- /dev/null +++ b/iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml @@ -0,0 +1,925 @@ +<iptables-rules version="1.0"> +<!-- # Completed on Sat Feb 17 10:50:33 2018 --> +<!-- # Generated by iptables*-save v1.6.1 on Sat Feb 17 10:50:33 2018 --> + <table name="mangle" > + <chain name="PREROUTING" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="1" byte-count="2" > + <actions> + <call > + <PREROUTING_direct /> + </call> + </actions> + + </rule> + + <rule packet-count="3" byte-count="4" > + <actions> + <call > + <PREROUTING_ZONES_SOURCE /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PREROUTING_ZONES /> + </call> + </actions> + + </rule> + + </chain> + <chain name="INPUT" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <INPUT_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="FORWARD" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="OUTPUT" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <OUTPUT_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="POSTROUTING" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <o >virbr0</o> + <p >udp</p> + </match> + <udp > + <dport >68</dport> + </udp> + </conditions> + <actions> + <CHECKSUM > + <checksum-fill /> + </CHECKSUM> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <POSTROUTING_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="PREROUTING_ZONES" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >wlp58s0</i> + </match> + </conditions> + <actions> + <goto > + <PRE_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <goto > + <PRE_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + </chain> + <chain name="PRE_FedoraWorkstation" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_log /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_deny /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_allow /> + </call> + </actions> + + </rule> + + </chain> + <chain name="FORWARD_direct" packet-count="0" byte-count="0" /> + <chain name="INPUT_direct" packet-count="0" byte-count="0" /> + <chain name="OUTPUT_direct" packet-count="0" byte-count="0" /> + <chain name="POSTROUTING_direct" packet-count="0" byte-count="0" /> + <chain name="PREROUTING_ZONES_SOURCE" packet-count="0" byte-count="0" /> + <chain name="PREROUTING_direct" packet-count="0" byte-count="0" /> + <chain name="PRE_FedoraWorkstation_allow" packet-count="0" byte-count="0" /> + <chain name="PRE_FedoraWorkstation_deny" packet-count="0" byte-count="0" /> + <chain name="PRE_FedoraWorkstation_log" packet-count="0" byte-count="0" /> + </table> +<!-- # Completed on Sat Feb 17 10:50:33 2018 --> +<!-- # Generated by iptables*-save v1.6.1 on Sat Feb 17 10:50:33 2018 --> + <table name="raw" > + <chain name="PREROUTING" policy="ACCEPT" packet-count="1681" byte-count="2620433" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PREROUTING_direct /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PREROUTING_ZONES_SOURCE /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PREROUTING_ZONES /> + </call> + </actions> + + </rule> + + </chain> + <chain name="OUTPUT" policy="ACCEPT" packet-count="1619" byte-count="171281" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <OUTPUT_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="PREROUTING_ZONES" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >wlp58s0</i> + </match> + </conditions> + <actions> + <goto > + <PRE_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <goto > + <PRE_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + </chain> + <chain name="PRE_FedoraWorkstation" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_log /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_deny /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_allow /> + </call> + </actions> + + </rule> + + </chain> + <chain name="PRE_FedoraWorkstation_allow" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >udp</p> + </match> + <udp > + <dport >137</dport> + </udp> + </conditions> + <actions> + <CT > + <helper >netbios-ns</helper> + </CT> + </actions> + + </rule> + + </chain> + <chain name="OUTPUT_direct" packet-count="0" byte-count="0" /> + <chain name="PREROUTING_ZONES_SOURCE" packet-count="0" byte-count="0" /> + <chain name="PREROUTING_direct" packet-count="0" byte-count="0" /> + <chain name="PRE_FedoraWorkstation_deny" packet-count="0" byte-count="0" /> + <chain name="PRE_FedoraWorkstation_log" packet-count="0" byte-count="0" /> + </table> +<!-- # Completed on Sat Feb 17 10:50:33 2018 --> +<!-- # Generated by iptables*-save v1.6.1 on Sat Feb 17 10:50:33 2018 --> + <table name="filter" > + <chain name="INPUT" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="5" byte-count="6" > + <conditions> + <match > + <i >virbr0</i> + <p >udp</p> + </match> + <udp > + <dport >53</dport> + </udp> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="123456789" > + <conditions> + <match > + <i >virbr0</i> + <p >tcp</p> + </match> + <tcp > + <dport >53</dport> + </tcp> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >virbr0</i> + <p >udp</p> + </match> + <udp > + <dport >67</dport> + </udp> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >virbr0</i> + <p >tcp</p> + </match> + <tcp > + <dport >67</dport> + </tcp> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <conntrack > + <ctstate >RELATED,ESTABLISHED</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >lo</i> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <INPUT_direct /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <INPUT_ZONES_SOURCE /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <INPUT_ZONES /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <conntrack > + <ctstate >INVALID</ctstate> + </conntrack> + </conditions> + <actions> + <DROP /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <REJECT > + <reject-with >icmp-host-prohibited</reject-with> + </REJECT> + </actions> + + </rule> + + </chain> + <chain name="FORWARD" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <d >192.168.122.0/24</d> + <o >virbr0</o> + </match> + <conntrack > + <ctstate >RELATED,ESTABLISHED</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <s >192.168.122.0/24</s> + <i >virbr0</i> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >virbr0</i> + <o >virbr0</o> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <o >virbr0</o> + </match> + </conditions> + <actions> + <REJECT > + <reject-with >icmp-port-unreachable</reject-with> + </REJECT> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >virbr0</i> + </match> + </conditions> + <actions> + <REJECT > + <reject-with >icmp-port-unreachable</reject-with> + </REJECT> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <conntrack > + <ctstate >RELATED,ESTABLISHED</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >lo</i> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_direct /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_IN_ZONES_SOURCE /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_IN_ZONES /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_OUT_ZONES_SOURCE /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_OUT_ZONES /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <conntrack > + <ctstate >INVALID</ctstate> + </conntrack> + </conditions> + <actions> + <DROP /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <REJECT > + <reject-with >icmp-host-prohibited</reject-with> + </REJECT> + </actions> + + </rule> + + </chain> + <chain name="OUTPUT" policy="ACCEPT" packet-count="1619" byte-count="171281" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <o >virbr0</o> + <p >udp</p> + </match> + <udp > + <dport >68</dport> + </udp> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <OUTPUT_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="FORWARD_IN_ZONES" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >wlp58s0</i> + </match> + </conditions> + <actions> + <goto > + <FWDI_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <goto > + <FWDI_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + </chain> + <chain name="FORWARD_OUT_ZONES" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <o >wlp58s0</o> + </match> + </conditions> + <actions> + <goto > + <FWDO_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <goto > + <FWDO_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + </chain> + <chain name="FWDI_FedoraWorkstation" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDI_FedoraWorkstation_log /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDI_FedoraWorkstation_deny /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDI_FedoraWorkstation_allow /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >icmp</p> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + </chain> + <chain name="FWDO_FedoraWorkstation" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDO_FedoraWorkstation_log /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDO_FedoraWorkstation_deny /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDO_FedoraWorkstation_allow /> + </call> + </actions> + + </rule> + + </chain> + <chain name="INPUT_ZONES" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >wlp58s0</i> + </match> + </conditions> + <actions> + <goto > + <IN_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <goto > + <IN_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + </chain> + <chain name="IN_FedoraWorkstation" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <IN_FedoraWorkstation_log /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <IN_FedoraWorkstation_deny /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <IN_FedoraWorkstation_allow /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >icmp</p> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + </chain> + <chain name="IN_FedoraWorkstation_allow" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >udp</p> + </match> + <udp > + <dport >137</dport> + </udp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >udp</p> + </match> + <udp > + <dport >138</dport> + </udp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >tcp</p> + </match> + <tcp > + <dport >22</dport> + </tcp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <d >224.0.0.251/32</d> + <p >udp</p> + </match> + <udp > + <dport >5353</dport> + </udp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >udp</p> + </match> + <udp > + <dport >1025:65535</dport> + </udp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="7" byte-count="8" > + <conditions> + <match > + <p >tcp</p> + </match> + <tcp > + <dport >1025:65535</dport> + </tcp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + </chain> + <chain name="FORWARD_IN_ZONES_SOURCE" packet-count="0" byte-count="0" /> + <chain name="FORWARD_OUT_ZONES_SOURCE" packet-count="0" byte-count="0" /> + <chain name="FORWARD_direct" packet-count="0" byte-count="0" /> + <chain name="FWDI_FedoraWorkstation_allow" packet-count="0" byte-count="0" /> + <chain name="FWDI_FedoraWorkstation_deny" packet-count="0" byte-count="0" /> + <chain name="FWDI_FedoraWorkstation_log" packet-count="0" byte-count="0" /> + <chain name="FWDO_FedoraWorkstation_allow" packet-count="0" byte-count="0" /> + <chain name="FWDO_FedoraWorkstation_deny" packet-count="0" byte-count="0" /> + <chain name="FWDO_FedoraWorkstation_log" packet-count="0" byte-count="0" /> + <chain name="INPUT_ZONES_SOURCE" packet-count="0" byte-count="0" /> + <chain name="INPUT_direct" packet-count="0" byte-count="0" /> + <chain name="IN_FedoraWorkstation_deny" packet-count="0" byte-count="0" /> + <chain name="IN_FedoraWorkstation_log" packet-count="0" byte-count="0" /> + <chain name="OUTPUT_direct" packet-count="0" byte-count="0" /> + </table> +<!-- # Completed on Sat Feb 17 10:50:33 2018 --> +</iptables-rules> |