public void TestCompare1()
        {
            String rule = "-A ATTK_CHECK -m recent --rcheck --name BANNED --seconds 180 --reap --rttl -j ATTACKED";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
        }
        public void TestCompare1()
        {
            String rule = "-A ABC -m hashlimit --hashlimit-name aaaaaaaaaaaaaaaaaaaaaa --hashlimit-above 125/second --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-srcmask 32 --hashlimit-dstmask 32 --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-expire 6 --hashlimit-htable-gcinterval 600 -j AVS";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
        }
Ejemplo n.º 3
0
        public void TestPolyfillArgumentsComparison1()
        {
            String rule = "-A INPUT -m unknown --unknown --unknown-2 1111 -p tcp -d 1.1.1.1 -m tcp --dport 80";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
        }
        public void TestSplit()
        {
            var mock = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesChainSet chains = new IpTablesChainSet(4);

            FeatureSplitter<RuleOutputter, IPAddress> ma = new FeatureSplitter<RuleOutputter,IPAddress>("INPUT", "filter", extractor, setter, nestedGenerator, "_");
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 1 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 2 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -m udp --sport 3 -j ACCEPT", system, chains));

            IpTablesRuleSet rules = new IpTablesRuleSet(4,system);
            ma.Output(system, rules);

            Assert.AreEqual(3, rules.Chains.Count());
            Assert.AreEqual(2, rules.Chains.First().Rules.Count);
            Assert.AreEqual(2, rules.Chains.Skip(1).First().Rules.Count);
            Assert.AreEqual(1, rules.Chains.Skip(2).First().Rules.Count);
            Assert.AreEqual("-A INPUT -s 8.1.1.1 -j QGkTSfSaLIaS4B/kr3WQ -m comment --comment '_|FS|INPUT_8.1.1.1'",
                rules.Chains.First().Rules.First().GetActionCommand());
            Assert.AreEqual("-A INPUT -s 8.1.1.2 -j ciE0aMcfwN36u0sNiC6w -m comment --comment '_|FS|INPUT_8.1.1.2'",
                rules.Chains.First().Rules.Skip(1).First().GetActionCommand());
            Assert.AreEqual("-A QGkTSfSaLIaS4B/kr3WQ -j ACCEPT -m udp --sport 1",
                rules.Chains.Skip(1).First().Rules.First().GetActionCommand());
        }
        public void TestCompare2()
        {
            String rule = "-A AAAA -t raw -m hashlimit --hashlimit-name synflood_spoofe --hashlimit-above 111/second --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-srcmask 32 --hashlimit-dstmask 32 --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-expire 6 --hashlimit-htable-gcinterval 600 -g AA";
            String rule2 = "-A AAAA -t raw -m hashlimit --hashlimit-above 111/sec --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-name synflood_spoofe --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-gcinterval 600 --hashlimit-htable-expire 6 -g AA";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule2, null, chains));
        }
Ejemplo n.º 6
0
 public RuleParser(string[] arguments, IpTablesRule ipRule, IpTablesChainSet chains, String defaultTable)
 {
     _arguments = arguments;
     _ipRule = ipRule;
     _parsers = ModuleRegistry.PreloadDuplicateModules.ToList();
     _chains = chains;
     _tableName = defaultTable;
 }
Ejemplo n.º 7
0
        public void TestCompareTarget1()
        {
            String rule = "-A ABC -j HASHROUTE --hashroute-name aaaaaaaaaaaaaaaaaaaaaa --hashroute-mode dstip,dstport --hashroute-srcmask 32 --hashroute-dstmask 32 --hashroute-htable-size 65000 --hashroute-htable-max 30000 --hashroute-htable-expire 6 --hashroute-htable-gcinterval 600 -j AVS";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
            Assert.IsFalse(IpTablesRule.Parse(rule, null, chains, 4).GetCommand().Contains("-m HASHROUTE"));
        }
Ejemplo n.º 8
0
 public RuleParser(string[] arguments, IpTablesRule ipRule, IpTablesChainSet chains, String defaultTable)
 {
     _arguments = arguments;
     _ipRule = ipRule;
     _parsers.AddRange(_moduleFactory.GetPreloadModules());
     _chains = chains;
     _tableName = defaultTable;
 }
        public void TestDropConnectionLimit()
        {
            String rule = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestXmark()
        {
            String rule = "-A INPUT -j NFLOG --nflog-group 30";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestDnatSingleSource()
        {
            String rule = "-A PREROUTING -t nat -d 1.1.1.1/24 -j DNAT --to-destination 2.2.2.2";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
Ejemplo n.º 12
0
        public void TestPolyfillParseAdditionalOptionsAfter()
        {
            String rule = "-A INPUT -m unknown --unknown -p tcp -d 1.1.1.1 -m tcp --dport 80";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
Ejemplo n.º 13
0
        public void TestCoreSportZeroValue()
        {
            String rule = "-A INPUT -p tcp -j DROP -m tcp --sport 0";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(rule, irule1.GetActionCommand());
        }
        public void TestHelper()
        {
            String rule = "-A INPUT -m helper ! --helper abc -j ACCEPT";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestCoreFragmenting()
        {
            String rule = "-A INPUT ! -f -j test";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestSingleRule()
        {
            String rule = "-A INPUT -p tcp -i eth0 -j SYNPROXY --mss 1460 --wscale 9 --sack-perm --timestamp -m state --state UNTRACKED,INVALID";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestSnatSingleSource()
        {
            String rule = "-A POSTROUTING -t nat -s 1.1.1.1/24 -j SNAT --to-source 2.2.2.2";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void Test2()
        {
            String rule = "-A FORWARD -m set --match-set test src --return-nomatch ! --update-counters --packets-lt 3 ! --bytes-eq 1";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestSet()
        {
            String rule = "-A ATTK_CHECK -m recent --set --name ATTK";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestSmall()
        {
            String rule = "-A INPUT -j ACCEPT -m nfacct --nfacct-name test";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestXmark()
        {
            String rule = "-A INPUT -j NFQUEUE --queue-num 1 --queue-bypass";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestDropFragmentedTcpDnsWithComment()
        {
            String rule = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53 -m comment --comment 'this is a test rule'";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestUpdate()
        {
            String rule = "-A ATTK_CHECK -m recent --update --name ATTK --seconds 180 --hitcount 20 -j ATTACKED";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestLogWithPrefix()
        {
            String rule = "-A INPUT -j LOG --log-prefix 'IPTABLES (Rule ATTACKED): ' --log-level 7";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestCoreDropingUdp()
        {
            String rule = "-A INPUT -p udp -j DROP";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestSourceNotMultiports()
        {
            String rule = "-A INPUT -p tcp -m multiport ! --dports 80,1000:1080";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestNotLength()
        {
            String rule = "-A INPUT -m length ! --length 10 -j ACCEPT";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestXMarkMasked()
        {
            String rule = "-A RETURN_AFWCON -j CONNMARK --set-xmark 0x1/0x1";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void Test1()
        {
            String rule = "-A FORWARD -m set --match-set test src";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
Ejemplo n.º 30
0
        public void TestPolyfillParseMultiple()
        {
            String rule = "-A INPUT -m unknown --unknown -m unknown2";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule, irule.GetActionCommand());
        }
        public void TestComparisonMultiport()
        {
            String rule = "-A INPUT -p tcp -j RETURN -m multiport --dports 79,22 -m comment --comment TCP";

            IpTablesChainSet chains = new IpTablesChainSet(4);
            IpTablesRule     r1     = IpTablesRule.Parse(rule, null, chains, 4);
            IpTablesRule     r2     = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.IsTrue(r1.Compare(r2));
        }
        public void TestXmark()
        {
            String           rule       = "-A INPUT -p tcp -j MARK --set-xmark 0xFF";
            String           ruleExpect = "-A INPUT -p tcp -j MARK --set-xmark 0xFF";
            IpTablesChainSet chains     = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(ruleExpect, irule.GetActionCommand());
        }
        public void TestCoreFragmentingEquality()
        {
            String           rule   = "-A INPUT ! -f -j test";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
            IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(irule1, irule2);
        }
Ejemplo n.º 34
0
        public void TestDropFragmentedTcpDnsWithCommentEquality()
        {
            String           rule   = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53 -m comment --comment 'this is a test rule'";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
            IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.IsTrue(irule2.Compare(irule1));
        }
        public void TestCoreSportEquality()
        {
            String           rule   = "-A INPUT -p tcp -j DROP -m tcp --sport 1";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
            IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(irule1, irule2);
        }
        public void TestCoreDropingSourceEquality()
        {
            String           rule   = "-A INPUT -s 1.2.3.4 -j DROP";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
            IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(irule1, irule2);
        }
        public void TestDropConnectionLimitEquality()
        {
            String           rule   = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
            IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(irule1, irule2);
        }
        public void TestDropFragmentedTcpDnsEquality()
        {
            String           rule   = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
            IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(irule1, irule2);
        }
Ejemplo n.º 39
0
        public void TestPolyfillArgumentsComparison4()
        {
            String rule =
                "-A INPUT -m unknown --unknown --unknown-2 \'this has spaces & a symbol\' -m unknown2 --unknown2 -p tcp -d 1.1.1.1 -m tcp --dport 80";
            String rule2 =
                "-A INPUT -m unknown2 --unknown2 -m unknown --unknown --unknown-2 \'this has spaces & a symbol\' -p tcp -d 1.1.1.1 -m tcp --dport 80";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule2, null, chains)));
        }
        public void TestRandomRounding()
        {
            String           rule   = "-A CHAIN -t raw -m statistic --mode random --probability 0.03999999911";
            String           rule2  = "-A CHAIN -t raw -m statistic --mode random --probability 0.03999999957";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule  = IpTablesRule.Parse(rule, null, chains, 4);
            IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4);

            Assert.IsTrue(irule.Compare(irule2));
        }
        public void MatchMarkHex()
        {
            String           rule       = "-A INPUT -p tcp -j ACCEPT -m mark --mark 0xc6ff00/0xFFFF00";
            String           ruleExpect = "-A INPUT -p tcp -j ACCEPT -m mark --mark 13041408/0xFFFF00";
            IpTablesChainSet chains     = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(ruleExpect, irule.GetActionCommand());
            Assert.AreEqual(IpTablesRule.Parse(ruleExpect, null, chains, 4), irule);
        }
        public void TestXorMark()
        {
            Int32            mark       = 0;
            String           rule       = "-A INPUT -p tcp -j CONNMARK --xor-mark " + mark;
            String           ruleExpect = "-A INPUT -p tcp -j CONNMARK --set-xmark 0x" + mark.ToString("X") + "/0x0";
            IpTablesChainSet chains     = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(ruleExpect, irule.GetActionCommand());
        }
Ejemplo n.º 43
0
        public void TestDoubleSpace()
        {
            String           rule   = "-A INPUT -j ACCEPT -m nfacct --nfacct-name  \"test\"";
            String           rule2  = "-A INPUT -j ACCEPT -m nfacct --nfacct-name test";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.AreEqual(rule2, irule.GetActionCommand());
            Assert.IsTrue(IpTablesRule.Parse(rule2, null, chains, 4).Compare(irule));
        }
        public void TestSnatRangeSourceAndEquality()
        {
            String           rule   = "-A POSTROUTING -t nat -s 1.1.1.1/24 -j SNAT --to-source 2.2.2.1-2.2.2.250";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains);
            IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(irule1, irule2);
            Assert.AreEqual(rule, irule1.GetActionCommand());
            Assert.AreEqual(rule, irule2.GetActionCommand());
        }
        public void TestDnatRangeSourceAndEquality()
        {
            String           rule   = "-A POSTROUTING -t nat -d 1.1.1.1/24 -j DNAT --to-destination 2.2.2.1-2.2.2.250";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
            IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);

            Assert.IsTrue(irule2.Compare(irule1));
            Assert.AreEqual(rule, irule1.GetActionCommand());
            Assert.AreEqual(rule, irule2.GetActionCommand());
        }
Ejemplo n.º 46
0
        public void TestAddCommentAfter()
        {
            String           rule1  = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53";
            String           rule2  = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53 -m comment --comment 'this is a test rule'";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule1 = IpTablesRule.Parse(rule1, null, chains);

            irule1.SetComment("this is a test rule");

            Assert.AreEqual(rule2, irule1.GetActionCommand());
        }
Ejemplo n.º 47
0
        public void TestParse()
        {
            String           rule1  = "-A PREROUTING -t raw -p tcp -j CT --ctevents new,destroy";
            String           rule2  = "-A PREROUTING -t raw -p tcp -j CT --ctevents \"destroy, new\"";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule1 = IpTablesRule.Parse(rule1, null, chains, 4);
            IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4);

            irule2.Equals(irule1);
            Assert.AreEqual(irule1, irule2);
        }
        public void TestRandomRounding3()
        {
            String           rule   = "-A CHAIN -t raw -m statistic --mode random --probability 0.09000000000";
            String           rule2  = "-A CHAIN -t raw -m statistic --mode random --probability 0.08999999985";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule  = IpTablesRule.Parse(rule, null, chains, 4);
            IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4);


            Assert.AreEqual(irule.GetActionCommand(), irule2.GetActionCommand());
            Assert.IsTrue(irule.Compare(irule2));
        }
Ejemplo n.º 49
0
        public void TestLimitComparison()
        {
            String           rule   = "-A INPUT -m limit --limit 100/second --limit-burst 7";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(rule, irule.GetActionCommand());

            IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(irule2, irule);
        }
Ejemplo n.º 50
0
        public void TestDifficultCharacters()
        {
            String           rule   = "-A kY9xlwGhPJW6N1QCHoRg -t mangle -p tcp -d 107.1.107.1 -g x_ComPlex -m comment --comment 'ABC||+sPeC14l=|1' -m tcp --dport 81";
            IpTablesChainSet chains = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(rule, irule.GetActionCommand());

            IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains);

            Assert.AreEqual(irule2, irule);
        }
Ejemplo n.º 51
0
        public void TestAddChain()
        {
            IpTablesRuleSet  ruleSet = new IpTablesRuleSet(4, null);
            String           rule    = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10";
            IpTablesChainSet chains  = new IpTablesChainSet(4);

            IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);

            ruleSet.AddRule(irule);

            Assert.AreEqual(1, ruleSet.Chains.Count());
            Assert.AreEqual("filter", ruleSet.Chains.First().Table);
            Assert.AreEqual(1, ruleSet.Chains.First().Rules.Count());
        }
        public void TestNesting()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesChainSet chains = new IpTablesChainSet(4);

            FeatureSplitter <MultiportAggregator <IPAddress>, String> ma = new FeatureSplitter <MultiportAggregator <IPAddress>, String>("INPUT", "filter", extractor, setter, nestedGenerator, "_");

            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -i eth0 -m udp --sport 1 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -i eth1 -m udp --sport 2 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -i eth0 -m udp --sport 3 -j ACCEPT", system, chains));

            IpTablesRuleSet rules = new IpTablesRuleSet(4, system);

            ma.Output(system, rules);

            Assert.AreEqual(3, rules.Chains.Count());
            Assert.AreEqual(2, rules.Chains.Skip(1).First().Rules.Count);
            Assert.AreEqual(1, rules.Chains.Skip(2).First().Rules.Count);
        }
Ejemplo n.º 53
0
        public void TestMultiple()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesChainSet chains = new IpTablesChainSet(4);

            MultiportAggregator <IPAddress> ma = new MultiportAggregator <IPAddress>("INPUT", "filter", extractSrcIp, extractSrcPort,
                                                                                     PortRangeHelpers.SourcePortSetter, setSourceIp, "_");

            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 10 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 20 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 30 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 40 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 50 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 60 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 70 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 80 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 90 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 100 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 110 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 120 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 130 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 140 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 150 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 160 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 170 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 180 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 190 -j ACCEPT", system, chains));

            IpTablesRuleSet rules = new IpTablesRuleSet(4, system);

            ma.Output(system, rules);

            Assert.AreEqual(2, rules.Chains.Count());
            Assert.AreEqual(1, rules.Chains.GetChainOrDefault("INPUT", "filter").Rules.Count);
            Assert.AreEqual("-A INPUT -s 8.1.1.1 -j uXTlO5H/5x9hJe9WK1hw -m comment --comment '_|MA|INPUT_8.1.1.1'",
                            rules.Chains.GetChainOrDefault("INPUT", "filter").Rules.First().GetActionCommand());

            Assert.AreEqual("-A uXTlO5H/5x9hJe9WK1hw -j ACCEPT -m comment --comment '_|uXTlO5H/5x9hJe9WK1hw|1' -m multiport --sports 10,20,30,40,50,60,70,80,90,100,110,120,130,140,150",
                            rules.Chains.GetChainOrDefault("uXTlO5H/5x9hJe9WK1hw", "filter").Rules.First().GetActionCommand());
        }
Ejemplo n.º 54
0
        public void TestSingular()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesChainSet chains = new IpTablesChainSet(4);

            MultiportAggregator <IPAddress> ma = new MultiportAggregator <IPAddress>("INPUT", "filter", extractSrcIp, extractSrcPort,
                                                                                     PortRangeHelpers.SourcePortSetter, setSourceIp, "_", null);

            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 1 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 2 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -m udp --sport 3 -j ACCEPT", system, chains));

            IpTablesRuleSet rules = new IpTablesRuleSet(4, system);

            ma.Output(system, rules);

            Assert.AreEqual(1, rules.Chains.Count());
            Assert.AreEqual(2, rules.Chains.First().Rules.Count);
            Assert.AreEqual("-A INPUT -s 8.1.1.1 -j ACCEPT -m comment --comment '_|uXTlO5H/5x9hJe9WK1hw|1' -m multiport --sports 1:2", rules.Chains.First().Rules.First().GetActionCommand());
            Assert.AreEqual("-A INPUT -s 8.1.1.2 -j ACCEPT -m comment --comment '_|s5FXv5bN+84QgKZzjZ3Q|1' -m multiport --sports 3", rules.Chains.First().Rules.Skip(1).First().GetActionCommand());
        }
Ejemplo n.º 55
0
        public static IpTablesChainSet GetRulesFromOutput(NetfilterSystem system, String output, String table, int ipVersion, bool ignoreErrors = false)
        {
            var    ret    = new IpTablesChainSet(ipVersion);
            String ttable = null;

            foreach (string lineRaw in output.Split(new[] { '\n' }))
            {
                string line = lineRaw.Trim();

                if (String.IsNullOrEmpty(line))
                {
                    continue;
                }

                char          c = line[0];
                IpTablesRule  rule;
                IpTablesChain chain;
                switch (c)
                {
                case '*':
                    ttable = line.Substring(1);
                    break;

                case ':':
                    string[] split = line.Split(new[] { ' ' });
                    ret.AddChain(new IpTablesChain(ttable, split[0].Substring(1), ipVersion, system));
                    break;

                //Byte & packet count
                case '[':
                    int positionEnd = line.IndexOf(']');
                    if (positionEnd == -1)
                    {
                        throw new IpTablesNetException("Parsing error, could not find end of counters");
                    }
                    string[] counters = line.Substring(1, positionEnd - 1).Split(new[] { ':' });
                    line = line.Substring(positionEnd + 1);

                    try
                    {
                        rule = IpTablesRule.Parse(line, system, ret, ttable);
                    }
                    catch
                    {
                        if (ignoreErrors)
                        {
                            continue;
                        }
                        throw;
                    }
                    rule.Counters = new PacketCounters(long.Parse(counters[0]), long.Parse(counters[1]));
                    ret.AddRule(rule);
                    break;


                case '-':
                    rule = IpTablesRule.Parse(line, system, ret, ttable);
                    ret.AddRule(rule);
                    break;

                case '#':
                    break;

                case 'C':
                    if (line == "COMMIT" && ttable == table)
                    {
                        if (ttable == null)
                        {
                            throw new IpTablesNetException("Parsing error");
                        }
                        return(ret);
                    }
                    throw new IpTablesNetException("Unexepected table \"" + table + "\" found \"" + ttable + "\" instead");
                }
            }

            return(null);
        }