From 2fe4d077efd9e4801f03848b3ae0aa9925079ac1 Mon Sep 17 00:00:00 2001 From: Alvaro Neira Date: Tue, 21 Oct 2014 16:15:46 +0200 Subject: test: update and add the reject tests for ip, ip6, bridge and inet. Signed-off-by: Alvaro Neira Ayuso Signed-off-by: Pablo Neira Ayuso --- tests/regression/inet/reject.t | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 tests/regression/inet/reject.t (limited to 'tests/regression/inet') diff --git a/tests/regression/inet/reject.t b/tests/regression/inet/reject.t new file mode 100644 index 00000000..2f5aef3a --- /dev/null +++ b/tests/regression/inet/reject.t @@ -0,0 +1,32 @@ +*inet;test-inet +:input;type filter hook input priority 0 + +# The output is specific for inet family +reject with icmp type host-unreachable;ok;meta nfproto ipv4 reject with icmp type host-unreachable +reject with icmp type net-unreachable;ok;meta nfproto ipv4 reject with icmp type net-unreachable +reject with icmp type prot-unreachable;ok;meta nfproto ipv4 reject with icmp type prot-unreachable +reject with icmp type port-unreachable;ok;meta nfproto ipv4 reject +reject with icmp type net-prohibited;ok;meta nfproto ipv4 reject with icmp type net-prohibited +reject with icmp type host-prohibited;ok;meta nfproto ipv4 reject with icmp type host-prohibited +reject with icmp type admin-prohibited;ok;meta nfproto ipv4 reject with icmp type admin-prohibited + +reject with icmpv6 type no-route;ok;meta nfproto ipv6 reject with icmpv6 type no-route +reject with icmpv6 type admin-prohibited;ok;meta nfproto ipv6 reject with icmpv6 type admin-prohibited +reject with icmpv6 type addr-unreachable;ok;meta nfproto ipv6 reject with icmpv6 type addr-unreachable +reject with icmpv6 type port-unreachable;ok;meta nfproto ipv6 reject + +reject with tcp reset;ok;meta l4proto 6 reject with tcp reset + +reject;ok +reject with icmpx type host-unreachable;ok +reject with icmpx type no-route;ok +reject with icmpx type admin-prohibited;ok +reject with icmpx type port-unreachable;ok;reject + +meta nfproto ipv4 reject with icmp type host-unreachable;ok +meta nfproto ipv6 reject with icmpv6 type no-route;ok + +meta nfproto ipv6 reject with icmp type host-unreachable;fail +meta nfproto ipv4 ip protocol icmp reject with icmpv6 type no-route;fail +meta nfproto ipv6 ip protocol icmp reject with icmp type host-unreachable;fail +meta l4proto udp reject with tcp reset;fail -- cgit v1.2.3