mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-25 01:34:11 +03:00
3ba789ccd5
Create a nwfilterxml2firewalltest to exercise the ebiptables_driver.applyNewRules method with a variety of different XML input files. The XML input files are taken from the libvirt-tck nwfilter tests. While the nwfilter tests verify the final state of the iptables chains, this test verifies the set of commands invoked to create the chains. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
72 lines
2.5 KiB
XML
72 lines
2.5 KiB
XML
<filter name='tck-testcase'>
|
|
<uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>
|
|
|
|
<rule action='accept' direction='in'>
|
|
<mac protocolid='0x1234' comment='mac rule'/>
|
|
</rule>
|
|
|
|
<rule action='accept' direction='out'>
|
|
<ip srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
|
|
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
|
|
srcipaddr='10.1.2.3' srcipmask='255.255.255.255'
|
|
dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
|
|
protocol='udp'
|
|
srcportstart='0x123' srcportend='0x234'
|
|
dstportstart='0x3456' dstportend='0x4567'
|
|
dscp='0x32' comment='ip rule'/>
|
|
</rule>
|
|
|
|
<rule action='accept' direction='out'>
|
|
<ipv6 srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:fe'
|
|
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80'
|
|
srcipaddr='::10.1.2.3' srcipmask='22'
|
|
dstipaddr='::10.1.2.3'
|
|
dstipmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000'
|
|
protocol='tcp'
|
|
srcportstart='0x111' srcportend='400'
|
|
dstportstart='0x3333' dstportend='65535' comment='ipv6 rule'/>
|
|
</rule>
|
|
|
|
<rule action='accept' direction='out'>
|
|
<arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
|
|
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
|
|
hwtype='0x12'
|
|
protocoltype='0x56'
|
|
opcode='Request'
|
|
arpsrcmacaddr='1:2:3:4:5:6'
|
|
arpdstmacaddr='a:b:c:d:e:f'
|
|
comment='arp rule'/>
|
|
</rule>
|
|
|
|
<rule action='accept' direction='out'>
|
|
<udp srcmacaddr='1:2:3:4:5:6'
|
|
dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
|
|
dscp='0x22'
|
|
srcportstart='0x123' srcportend='400'
|
|
dstportstart='0x234' dstportend='0x444'
|
|
comment='udp rule'/>
|
|
</rule>
|
|
|
|
<rule action='accept' direction='in'>
|
|
<tcp-ipv6 srcmacaddr='1:2:3:4:5:6'
|
|
srcipaddr='a:b:c::' srcipmask='128'
|
|
dscp='0x39'
|
|
srcportstart='0x20' srcportend='0x21'
|
|
dstportstart='0x100' dstportend='0x1111'
|
|
comment='tcp/ipv6 rule'/>
|
|
</rule>
|
|
|
|
<rule action='accept' direction='in'>
|
|
<udp-ipv6 comment='`ls`;${COLUMNS};$(ls);"test";&'3 spaces''/>
|
|
</rule>
|
|
|
|
<rule action='accept' direction='in'>
|
|
<sctp-ipv6 comment='comment with lone ', `, ", `, \, $x, and two spaces'/>
|
|
</rule>
|
|
|
|
<rule action='accept' direction='in'>
|
|
<ah-ipv6 comment='tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}'/>
|
|
</rule>
|
|
|
|
</filter>
|