Proxmox/pve-firewall
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-firewall.git synced 2025-03-06 00:58:15 +03:00
Code Releases Activity

add tests for management ipset

Browse Source
This commit is contained in:
Dietmar Maurer 2014-05-21 06:48:23 +02:00
parent eb399cef48
commit d4cae1d697
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
test/test-ipset1/cluster.fw
View File

@ -3,6 +3,10 @@
myserveralias 10.2.0.111
mynetworkalias 10.3.0.0/24
[ipset management]
192.168.128.2
[ipset myipset]
192.168.0.1

8
test/test-ipset1/tests
View File

@ -1,4 +1,3 @@
# blacklisted
{ from => 'outside', to => 'host', source => '192.168.0.1', dest => '1.2.3.4', dport => 22, action => 'DROP' }
# accept in myipset
@ -15,3 +14,10 @@
# reject dmzhosts if from myipset
{ from => 'outside', to => 'host', source => '172.16.0.10', dest => '10.10.10.1', dport => 22, action => 'REJECT' }
{ from => 'outside', to => 'host', source => '172.16.0.10', dest => '10.10.11.1', dport => 22, action => 'REJECT' }
# management ipset
{ from => 'outside', to => 'host', source => '192.168.128.1', dport => 8006, action => 'DROP' }
{ from => 'outside', to => 'host', source => '192.168.128.1', dport => 22, action => 'DROP' }
{ from => 'outside', to => 'host', source => '192.168.128.2', dport => 8006, action => 'ACCEPT' }
{ from => 'outside', to => 'host', source => '192.168.128.2', dport => 22, action => 'ACCEPT' }