public void TestSplit()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesChainSet chains = new IpTablesChainSet(4);

            FeatureSplitter <RuleOutputter, IPAddress> ma = new FeatureSplitter <RuleOutputter, IPAddress>("INPUT", "filter", extractor, setter, nestedGenerator, "_");

            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 1 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 2 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -m udp --sport 3 -j ACCEPT", system, chains));

            IpTablesRuleSet rules = new IpTablesRuleSet(4, system);

            ma.Output(system, rules);

            Assert.AreEqual(3, rules.Chains.Count());
            Assert.AreEqual(2, rules.Chains.First().Rules.Count);
            Assert.AreEqual(2, rules.Chains.Skip(1).First().Rules.Count);
            Assert.AreEqual(1, rules.Chains.Skip(2).First().Rules.Count);
            Assert.AreEqual("-A INPUT -s 8.1.1.1 -j QGkTSfSaLIaS4B/kr3WQ -m comment --comment '_|FS|INPUT_8.1.1.1'",
                            rules.Chains.First().Rules.First().GetActionCommand());
            Assert.AreEqual("-A INPUT -s 8.1.1.2 -j ciE0aMcfwN36u0sNiC6w -m comment --comment '_|FS|INPUT_8.1.1.2'",
                            rules.Chains.First().Rules.Skip(1).First().GetActionCommand());
            Assert.AreEqual("-A QGkTSfSaLIaS4B/kr3WQ -j ACCEPT -m udp --sport 1",
                            rules.Chains.Skip(1).First().Rules.First().GetActionCommand());
        }
        public void TestUpdateMiddle()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter());

            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
            }, system);

            List <String> expectedCommands = new List <String>()
            {
                rulesNew.Chains.First().Rules[1].GetActionCommand("-R")
            };

            var sync = new DefaultNetfilterSync <IpTablesRule>(CommentComparer);

            mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands);
        }
        public void TestUpdateMiddle()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());

            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
            }, system);

            List <String> expectedCommands = new List <String>()
            {
                "*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), "COMMIT"
            };

            mock.TestSync(rulesOriginal, rulesNew, CommentComparer);
            CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);
        }
        public void TestAddFromEmpty()
        {
            var             mock          = new MockIptablesSystemFactory();
            var             system        = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
            }, system);

            rulesOriginal.Chains.AddChain("INPUT", "filter", system);

            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -d 1.2.3.4/16 -j DROP"
            }, system);

            List <String> expectedCommands = new List <String> {
                "*filter", rulesNew.Chains.First().Rules[0].GetActionCommand(), "COMMIT"
            };


            using (var client = system.GetTableAdapter(4))
            {
                var sync        = new DefaultNetfilterSync <IpTablesRule>();
                var rulesSynced = rulesOriginal.DeepClone();
                mock.TestSync(client, rulesSynced, rulesNew, sync);
                CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput());

                TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands);
            }
        }
        public void TestDeleteMultiplesMiddle()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());

            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 3"
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 3"
            }, system);

            List <String> expectedCommands = new List <String>()
            {
                "*filter", "-D INPUT 2", "-D INPUT 2", "COMMIT"
            };


            using (var client = system.GetTableAdapter(4))
            {
                var sync        = new DefaultNetfilterSync <IpTablesRule>();
                var rulesSynced = rulesOriginal.DeepClone();
                mock.TestSync(client, rulesSynced, rulesNew, sync);
                CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput());

                TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands);
            }
        }
        public void TestNatDoNothing()
        {
            var             mock          = new MockIptablesSystemFactory();
            var             system        = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
                "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
                "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
            }, system);

            List <String> expectedCommands = new List <String>()
            {
            };


            using (var client = system.GetTableAdapter(4))
            {
                var sync        = new DefaultNetfilterSync <IpTablesRule>();
                var rulesSynced = rulesOriginal.DeepClone();
                mock.TestSync(client, rulesSynced, rulesNew, sync);
                CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput());

                TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands);
            }
        }
Ejemplo n.º 7
0
        public void TestSimpleDoNothing()
        {
            var             mock          = new MockIptablesSystemFactory();
            var             system        = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
            }, system);

            List <String> expectedCommands = new List <String>()
            {
            };

            using (var client = system.GetTableAdapter(4))
            {
                mock.TestSync(client, rulesOriginal, rulesNew);
                CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);
            }
        }
Ejemplo n.º 8
0
        public void TestInsertMiddle()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter());

            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
            }, system);

            List <String> expectedCommands = new List <String>()
            {
                "-D INPUT 2",
                rulesNew.Chains.First().Rules[1].GetActionCommand(),
                rulesNew.Chains.First().Rules[2].GetActionCommand()
            };

            mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands);
        }
        public void TestUpdateMiddle()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());

            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
            }, system);

            List <String> expectedCommands = new List <String>()
            {
                "*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), "COMMIT"
            };


            using (var client = system.GetTableAdapter(4))
            {
                var sync        = new DefaultNetfilterSync <IpTablesRule>();
                var rulesSynced = rulesOriginal.DeepClone();
                mock.TestSync(client, rulesSynced, rulesNew, sync);
                CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput());

                TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands);
            }
        }
Ejemplo n.º 10
0
        public void TestAdd()
        {
            var             mock          = new MockIptablesSystemFactory();
            var             system        = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2",
                "-A INPUT -d 1.2.3.4/16 -j DROP"
            }, system);

            List <String> expectedCommands = new List <String> {
                "*filter", rulesNew.Chains.First().Rules[2].GetActionCommand(), "COMMIT"
            };

            using (var client = system.GetTableAdapter(4))
            {
                mock.TestSync(client, rulesOriginal, rulesNew);
                CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);
            }
        }
        public void TestDeleteAndUpdate()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());

            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID4\""
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 1 -m comment --comment \"ID3\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID4\""
            }, system);


            using (var client = system.GetTableAdapter(4))
            {
                var sync = new DefaultNetfilterSync <IpTablesRule>(CommentComparer);
                mock.TestSync(client, rulesOriginal, rulesNew, sync);
                var commands = (client as IMockIpTablesRestoreGetOutput).GetOutput().ToList();
                Assert.AreEqual(5, commands.Count);
                Assert.True(commands[1].StartsWith("-D INPUT 1"));
                Assert.True(commands[2].StartsWith("-R INPUT 1"));
                Assert.True(commands[3].StartsWith("-R INPUT 2"));
            }
        }
        public void TestQuotes()
        {
            var             mock          = new MockIptablesSystemFactory();
            var             system        = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP",
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP",
                "-A INPUT -m comment --comment 'test space'"
            }, system);

            List <String> expectedCommands = new List <String> {
                "*filter",
                "-A INPUT -m comment --comment \"test space\"", "COMMIT"
            };


            using (var client = system.GetTableAdapter(4))
            {
                var sync        = new DefaultNetfilterSync <IpTablesRule>();
                var rulesSynced = rulesOriginal.DeepClone();
                mock.TestSync(client, rulesSynced, rulesNew, sync);
                CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput());

                TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands);
            }
        }
Ejemplo n.º 13
0
 public void TestParseRule()
 {
     var systemFactory = new MockIptablesSystemFactory();
     var ipUtils       = new IpRouteController(systemFactory);
     var one           = ipUtils.ParseObjectInternal("default via 199.19.225.1 dev eth0", "to");
     var two           = ipUtils.ParseObjectInternal("10.128.1.0/24 dev tap0  proto kernel  scope link  src 10.128.1.201", "to");
 }
        public void TestAddDuplicate()
        {
            var             mock          = new MockIptablesSystemFactory();
            var             system        = new IpTablesSystem(mock, new IPTablesBinaryAdapter());
            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2",
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2",
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
            }, system);

            List <String> expectedCommands = new List <String>()
            {
                rulesNew.Chains.First().Rules[2].GetActionCommand()
            };

            var sync = new DefaultNetfilterSync <IpTablesRule>();

            mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands);
        }
        public void TestDeleteMultiples()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter());

            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5"
            }, system);

            List <String> expectedCommands = new List <String>()
            {
                "-D INPUT 1", "-D INPUT 2"
            };

            var sync = new DefaultNetfilterSync <IpTablesRule>();

            mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands);
        }
Ejemplo n.º 16
0
        public void TestParseRuleAnycastV6()
        {
            var systemFactory = new MockIptablesSystemFactory();
            var ipUtils       = new IpRouteController(systemFactory);
            var one           = ipUtils.ParseObjectInternal("anycast fe80:: dev tap0 table local proto kernel metric 0 pref medium", "to");

            ipUtils.ExportObject(one);
        }
Ejemplo n.º 17
0
        public void TestParseRuleLocal()
        {
            var systemFactory = new MockIptablesSystemFactory();
            var ipUtils       = new IpRouteController(systemFactory);
            var one           = ipUtils.ParseObjectInternal("local default dev lo  table 100  scope host", "to");

            ipUtils.ExportObject(one);
        }
Ejemplo n.º 18
0
        public void TestParseRule()
        {
            var systemFactory = new MockIptablesSystemFactory();
            var ipUtils       = new IpRuleController(systemFactory);
            var one           = ipUtils.ParseObjectInternal("default via 10.17.199.1 dev s4  table 200", "to");
            var two           = ipUtils.ParseObjectInternal("default via 10.17.199.1 dev s4 table 200", "to");

            CollectionAssert.AreEqual(one.Pairs, two.Pairs);
            Assert.AreEqual("default", one.Pairs["to"]);
            Assert.AreEqual("200", one.Pairs["table"]);
        }
Ejemplo n.º 19
0
        public void TestGetRules()
        {
            var systemFactory = new MockIptablesSystemFactory();
            var output        = "32766:   from all lookup main\n32767:  from all lookup default";

            systemFactory.MockOutputs.Add(new KeyValuePair <string, string>("ip", "rule show"), new StreamReader[] { new StreamReader(new MemoryStream(Encoding.ASCII.GetBytes(output))) });
            var ipUtils = new IpRuleController(systemFactory);
            var rules   = ipUtils.GetAll();

            Assert.AreEqual(2, rules.Count);
            Assert.AreEqual("pref 32766 from all lookup main", string.Join(" ", ipUtils.ExportObject(rules[0])));
            Assert.AreEqual("pref 32767 from all lookup default", string.Join(" ", ipUtils.ExportObject(rules[1])));
        }
Ejemplo n.º 20
0
        public void TestDeleteRule()
        {
            var systemFactory = new MockIptablesSystemFactory();
            var ipUtils       = new IpRuleController(systemFactory);

            ipUtils.Delete("from", "1.1.1.1", "lookup", "100");

            var expected = new List <KeyValuePair <String, String> >
            {
                new KeyValuePair <string, string> ("ip", "rule delete from 1.1.1.1 lookup 100")
            };

            CollectionAssert.AreEqual(expected, systemFactory.ExecutionLog);
        }
Ejemplo n.º 21
0
        public void TestDeleteRuleId()
        {
            var      systemFactory = new MockIptablesSystemFactory();
            var      ipUtils       = new IpRuleController(systemFactory);
            IpObject ipObject      = new IpObject();

            ipObject.Pairs.Add("pref", "100");
            ipObject.Pairs.Add("from", "1.1.1.1");
            ipUtils.Delete(ipObject);

            var expected = new List <KeyValuePair <String, String> >
            {
                new KeyValuePair <string, string> ("ip", "rule delete pref 100 from 1.1.1.1")
            };

            CollectionAssert.AreEqual(expected, systemFactory.ExecutionLog);
        }
Ejemplo n.º 22
0
        public void TestAddObjRule()
        {
            var systemFactory = new MockIptablesSystemFactory();
            var ipUtils       = new IpRuleController(systemFactory);
            var obj           = new IpObject();

            obj.Pairs.Add("from", "1.1.1.1");
            obj.Pairs.Add("lookup", "100");
            obj.Singles.Add("not");
            ipUtils.Add(obj);

            var expected = new List <KeyValuePair <String, String> >
            {
                new KeyValuePair <string, string> ("ip", "rule add not from 1.1.1.1 lookup 100")
            };

            CollectionAssert.AreEqual(expected, systemFactory.ExecutionLog);
        }
        public void TestNesting()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesChainSet chains = new IpTablesChainSet(4);

            FeatureSplitter <MultiportAggregator <IPAddress>, String> ma = new FeatureSplitter <MultiportAggregator <IPAddress>, String>("INPUT", "filter", extractor, setter, nestedGenerator, "_");

            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -i eth0 -m udp --sport 1 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -i eth1 -m udp --sport 2 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -i eth0 -m udp --sport 3 -j ACCEPT", system, chains));

            IpTablesRuleSet rules = new IpTablesRuleSet(4, system);

            ma.Output(system, rules);

            Assert.AreEqual(3, rules.Chains.Count());
            Assert.AreEqual(2, rules.Chains.Skip(1).First().Rules.Count);
            Assert.AreEqual(1, rules.Chains.Skip(2).First().Rules.Count);
        }
Ejemplo n.º 24
0
        public void TestMultiple()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesChainSet chains = new IpTablesChainSet(4);

            MultiportAggregator <IPAddress> ma = new MultiportAggregator <IPAddress>("INPUT", "filter", extractSrcIp, extractSrcPort,
                                                                                     PortRangeHelpers.SourcePortSetter, setSourceIp, "_");

            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 10 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 20 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 30 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 40 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 50 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 60 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 70 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 80 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 90 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 100 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 110 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 120 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 130 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 140 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 150 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 160 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 170 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 180 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 190 -j ACCEPT", system, chains));

            IpTablesRuleSet rules = new IpTablesRuleSet(4, system);

            ma.Output(system, rules);

            Assert.AreEqual(2, rules.Chains.Count());
            Assert.AreEqual(1, rules.Chains.GetChainOrDefault("INPUT", "filter").Rules.Count);
            Assert.AreEqual("-A INPUT -s 8.1.1.1 -j uXTlO5H/5x9hJe9WK1hw -m comment --comment '_|MA|INPUT_8.1.1.1'",
                            rules.Chains.GetChainOrDefault("INPUT", "filter").Rules.First().GetActionCommand());

            Assert.AreEqual("-A uXTlO5H/5x9hJe9WK1hw -j ACCEPT -m comment --comment '_|uXTlO5H/5x9hJe9WK1hw|1' -m multiport --sports 10,20,30,40,50,60,70,80,90,100,110,120,130,140,150",
                            rules.Chains.GetChainOrDefault("uXTlO5H/5x9hJe9WK1hw", "filter").Rules.First().GetActionCommand());
        }
Ejemplo n.º 25
0
        public void TestSimpleDoNothing()
        {
            var             mock          = new MockIptablesSystemFactory();
            var             system        = new IpTablesSystem(mock, new IPTablesBinaryAdapter());
            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
            }, system);

            List <String> expectedCommands = new List <String>()
            {
            };

            mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands);
        }
Ejemplo n.º 26
0
        public void TestNatDoNothing()
        {
            var             mock          = new MockIptablesSystemFactory();
            var             system        = new IpTablesSystem(mock, new IPTablesBinaryAdapter());
            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
                "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
                "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
            }, system);

            List <String> expectedCommands = new List <String>()
            {
            };

            mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands);
        }
Ejemplo n.º 27
0
        public void TestSingular()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesChainSet chains = new IpTablesChainSet(4);

            MultiportAggregator <IPAddress> ma = new MultiportAggregator <IPAddress>("INPUT", "filter", extractSrcIp, extractSrcPort,
                                                                                     PortRangeHelpers.SourcePortSetter, setSourceIp, "_", null);

            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 1 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 2 -j ACCEPT", system, chains));
            ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -m udp --sport 3 -j ACCEPT", system, chains));

            IpTablesRuleSet rules = new IpTablesRuleSet(4, system);

            ma.Output(system, rules);

            Assert.AreEqual(1, rules.Chains.Count());
            Assert.AreEqual(2, rules.Chains.First().Rules.Count);
            Assert.AreEqual("-A INPUT -s 8.1.1.1 -j ACCEPT -m comment --comment '_|uXTlO5H/5x9hJe9WK1hw|1' -m multiport --sports 1:2", rules.Chains.First().Rules.First().GetActionCommand());
            Assert.AreEqual("-A INPUT -s 8.1.1.2 -j ACCEPT -m comment --comment '_|s5FXv5bN+84QgKZzjZ3Q|1' -m multiport --sports 3", rules.Chains.First().Rules.Skip(1).First().GetActionCommand());
        }
        public void TestNatDoNothing()
        {
            var             mock          = new MockIptablesSystemFactory();
            var             system        = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
                "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
                "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
            }, system);

            List <String> expectedCommands = new List <String>()
            {
            };

            mock.TestSync(rulesOriginal, rulesNew);
            CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);
        }
Ejemplo n.º 29
0
        public void TestUpdateBegin()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter());

            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\""
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\""
            }, system);

            List <String> expectedCommands = new List <String>()
            {
                rulesNew.Chains.First().Rules[0].GetActionCommand("-R")
            };

            mock.TestSync(rulesOriginal, rulesNew, expectedCommands, CommentComparer);
        }
        public void TestDelete()
        {
            var mock   = new MockIptablesSystemFactory();
            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());

            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
                "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
            }, system);
            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
            {
                "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
            }, system);

            List <String> expectedCommands = new List <String>()
            {
                "*filter", "-D INPUT 2", "COMMIT"
            };

            mock.TestSync(rulesOriginal, rulesNew);
            CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);;
        }