public void WriteUdpMatch()
{
var udpMatch = new UdpMatchBuilder().SetSrcPort(200, 300)
.SetDstPort(400, 500).Build();
var rule = new RuleBuilder()
.SetIp4Src("192.168.5.2/23")
.SetIp4Dst("192.168.5/24")
.SetInInterface("eno8")
.SetOutInterface("eno45", true, true)
.SetProto("udp")
.AddMatch(udpMatch)
.Accept();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.FILTER))
{
wr.AppendRule(Chains.FORWARD, rule);
wr.Commit();
var rules = wr.GetRules(Chains.FORWARD);
rule = rules.First();
System.Console.WriteLine(rule);
var match = rule.Matches.First();
Assert.Equal("200:300", match[UdpMatchBuilder.SPORT_OPT]);
Assert.Equal("400:500", match[UdpMatchBuilder.DPORT_OPT]);
var target = rule.Target;
Assert.NotEmpty(rules);
Assert.Equal(TargetTypes.ACCEPT, target.Name);
}
"iptables -F FORWARD".Bash();
udpMatch = new UdpMatchBuilder().SetSrcPort(200, 300).Build();
rule = new RuleBuilder()
.SetIp4Src("192.168.5.2/23")
.SetIp4Dst("192.168.5/24")
.SetInInterface("eno8")
.SetOutInterface("eno45", true, true)
.SetProto("udp")
.AddMatch(udpMatch)
.Accept();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.FILTER))
{
wr.AppendRule(Chains.FORWARD, rule);
wr.Commit();
var rules = wr.GetRules(Chains.FORWARD);
rule = rules.First();
System.Console.WriteLine(rule);
var match = rule.Matches.First();
Assert.Equal("200:300", match[UdpMatchBuilder.SPORT_OPT]);
Assert.False(match.ContainsKey(UdpMatchBuilder.DPORT_OPT));
var target = rule.Target;
Assert.NotEmpty(rules);
Assert.Equal(TargetTypes.ACCEPT, target.Name);
}
}
public void ReplaceTcpMatch()
{
var tcpMatch = new TcpMatchBuilder().SetSrcPort(200, 300)
.SetFlags(new[] { "syn", "fin", "ack" }, new[] { "syn" })
.SetOption(16, true).Build();
var rule = new RuleBuilder()
.SetIp4Src("192.168.5.2/23")
.SetIp4Dst("192.168.5/24")
.SetInInterface("eno8")
.SetOutInterface("eno45", true, true)
.SetProto("tCp")
.AddMatch(tcpMatch)
.Accept();
var tcpMatch2 = new TcpMatchBuilder().SetSrcPort(500, 600)
.SetFlags(new[] { "syn", "fin", "ack" }, new[] { "syn" })
.SetOption(16, true).Build();
var rule2 = new RuleBuilder()
.SetIp4Src("192.168.7.2/23")
.SetIp4Dst("192.168.3/24")
.SetInInterface("eno8")
.SetOutInterface("eno45", true, true)
.SetProto("tCp")
.AddMatch(tcpMatch2)
.Accept();
using (var wr = new IptTransaction(Tables.NAT))
{
wr.AppendRule(Chains.POSTROUTING, rule);
wr.Commit();
var rules = wr.GetRules(Chains.POSTROUTING);
rule = rules.First();
var match = rule.Matches.First();
Assert.Equal("200:300", match[TcpMatchBuilder.SPORT_OPT]);
var target = rule.Target;
Assert.NotEmpty(rules);
Assert.Equal(TargetTypes.ACCEPT, target.Name);
}
using (var wr = new IptTransaction(Tables.NAT))
{
wr.ReplaceRule(Chains.POSTROUTING, 1, rule2);
wr.Commit();
var rules = wr.GetRules(Chains.POSTROUTING);
rule2 = rules.First();
var match = rule2.Matches.First();
Assert.Equal("500:600", match[TcpMatchBuilder.SPORT_OPT]);
var target = rule.Target;
Assert.NotEmpty(rules);
Assert.Equal(TargetTypes.ACCEPT, target.Name);
}
}
public void WriteSNatTarget()
{
var snatTarget = new SNatTargetBuilder().SetSource("192.168.1.1", "192.168.1.10", 200, 300).Build();
var rule = new RuleBuilder()
.SetIp4Src("192.168.3.2/23")
.SetIp4Dst("192.168.3/24")
.SetInInterface("eno8")
.SetOutInterface("eno45", true, true)
.SetProto("tCp")
.SetTarget(snatTarget)
.Build();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.NAT))
{
wr.AppendRule(Chains.POSTROUTING, rule);
wr.Commit();
var rules = wr.GetRules(Chains.POSTROUTING);
rule = rules.First();
var target = rule.Target;
System.Console.WriteLine(rule);
Assert.NotEmpty(rules);
Assert.Equal("192.168.1.1-192.168.1.10:200-300", target[SNatTargetBuilder.TO_SOURCE_OPT]);
Assert.Equal(TargetTypes.SNAT, target.Name);
}
"iptables -t nat -F POSTROUTING".Bash();
snatTarget = new SNatTargetBuilder().SetSource("192.168.10.1", "192.168.10.1", 200, 300).Build();
rule = new RuleBuilder()
.SetIp4Src("192.168.3.2/23")
.SetIp4Dst("192.168.3/24")
.SetInInterface("eno8")
.SetOutInterface("eno45", true, true)
.SetProto("tCp")
.SetTarget(snatTarget)
.Build();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.NAT))
{
wr.AppendRule(Chains.POSTROUTING, rule);
wr.Commit();
var rules = wr.GetRules(Chains.POSTROUTING);
rule = rules.First();
var target = rule.Target;
System.Console.WriteLine(rule);
Assert.NotEmpty(rules);
Assert.Equal("192.168.10.1:200-300", target[SNatTargetBuilder.TO_SOURCE_OPT]);
Assert.Equal(TargetTypes.SNAT, target.Name);
}
}
public void WriteMarkMatch()
{
var markMatch = new MarkMatchBuilder().SetMark(8, 4).Build();
var rule = new RuleBuilder()
.AddMatch(markMatch)
.Accept();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.MANGLE))
{
wr.AppendRule(Chains.INPUT, rule);
wr.Commit();
var rules = wr.GetRules(Chains.INPUT);
rule = rules.First();
System.Console.WriteLine(rule);
var match = rule.Matches.First();
Assert.Equal("8/4", match[MarkMatchBuilder.MARK_OPT]);
var target = rule.Target;
Assert.NotEmpty(rules);
Assert.Equal(TargetTypes.ACCEPT, target.Name);
}
"iptables -t mangle -F INPUT".Bash();
markMatch = new MarkMatchBuilder().SetMark(8).Build();
rule = new RuleBuilder()
.AddMatch(markMatch)
.Accept();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.MANGLE))
{
wr.AppendRule(Chains.INPUT, rule);
wr.Commit();
var rules = wr.GetRules(Chains.INPUT);
rule = rules.First();
System.Console.WriteLine(rule);
var match = rule.Matches.First();
Assert.Equal("8", match[MarkMatchBuilder.MARK_OPT]);
var target = rule.Target;
Assert.NotEmpty(rules);
Assert.Equal(TargetTypes.ACCEPT, target.Name);
}
}
public void WriteMacMatch()
{
var macMatch = new MacMatchBuilder().SetMacaddress("01:02:0F:A4:34:01").Build();
var rule = new RuleBuilder()
.SetProto("icmp")
.AddMatch(macMatch)
.Accept();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.FILTER))
{
wr.AppendRule(Chains.FORWARD, rule);
wr.Commit();
var rules = wr.GetRules(Chains.FORWARD);
rule = rules.First();
System.Console.WriteLine(rule);
var match = rule.Matches.First();
Assert.Equal("01:02:0F:A4:34:01", match[MacMatchBuilder.MAC_SOURCE_OPT]);
var target = rule.Target;
Assert.NotEmpty(rules);
Assert.Equal(TargetTypes.ACCEPT, target.Name);
}
}
public void WriteLimitMatch()
{
var limitMatch = new LimitMatchBuilder().SetLimit("20/m").Build();
var rule = new RuleBuilder()
.SetProto("icmp")
.AddMatch(limitMatch)
.Accept();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.FILTER))
{
wr.AppendRule(Chains.FORWARD, rule);
wr.Commit();
var rules = wr.GetRules(Chains.FORWARD);
rule = rules.First();
System.Console.WriteLine(rule);
var match = rule.Matches.First();
Assert.Equal("20/m", match[LimitMatchBuilder.LIMIT_OPT]);
var target = rule.Target;
Assert.NotEmpty(rules);
Assert.Equal(TargetTypes.ACCEPT, target.Name);
}
}
public void WriteIcmpMatch()
{
var icmpMatch = new IcmpMatchBuilder().SetIcmpType(3, 11).Build();
var rule = new RuleBuilder()
.SetProto("icmp")
.AddMatch(icmpMatch)
.Accept();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.FILTER))
{
wr.AppendRule(Chains.FORWARD, rule);
wr.Commit();
var rules = wr.GetRules(Chains.FORWARD);
rule = rules.First();
System.Console.WriteLine(rule);
var match = rule.Matches.First();
Assert.Equal("TOS-network-unreachable", match[IcmpMatchBuilder.TYPE_OPT]);
var target = rule.Target;
Assert.NotEmpty(rules);
Assert.Equal(TargetTypes.ACCEPT, target.Name);
}
}
public void WriteTtlMatch()
{
var tosMatch = new TtlMatchBuilder()
.SetTtlGreatThan(60)
.Build();
var rule = new RuleBuilder()
.AddMatch(tosMatch)
.Accept();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction())
{
wr.AppendRule(Chains.OUTPUT, rule);
wr.Commit();
var rules = wr.GetRules(Chains.OUTPUT);
rule = rules.First();
System.Console.WriteLine(rule);
var match = rule.Matches.First();
Assert.Equal("60", match[TtlMatchBuilder.TTL_GT_OPT]);
var target = rule.Target;
Assert.NotEmpty(rules);
Assert.Equal(TargetTypes.ACCEPT, target.Name);
}
}
public void WriteMultiportMatch()
{
var multiportMatch = new MultiportMatchBuilder()
.SetDstPorts("12,23,55:77,90").Build();
var rule = new RuleBuilder()
.SetProto("tcp")
.AddMatch(multiportMatch)
.Accept();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction())
{
wr.AppendRule(Chains.INPUT, rule);
wr.Commit();
var rules = wr.GetRules(Chains.INPUT);
rule = rules.First();
System.Console.WriteLine(rule);
var match = rule.Matches.First();
Assert.Equal("12,23,55:77,90", match[MultiportMatchBuilder.DESTINATION_PORT_OPT]);
var target = rule.Target;
Assert.NotEmpty(rules);
Assert.Equal(TargetTypes.ACCEPT, target.Name);
}
}
public void WriteDNatTarget()
{
var dnatTarget = new DNatTargetBuilder().SetDestination("192.168.1.1", "192.168.1.10", 200, 300)
.SetRandom().Build();
var rule = new RuleBuilder()
.SetIp4Src("192.168.3.2/23")
.SetIp4Dst("192.168.3/24")
.SetInInterface("eno8")
.SetOutInterface("eno45", true, true)
.SetProto("tCp")
.SetTarget(dnatTarget)
.Build();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.NAT))
{
wr.AppendRule(Chains.PREROUTING, rule);
wr.Commit();
var rules = wr.GetRules(Chains.PREROUTING);
rule = rules.First();
var target = rule.Target;
System.Console.WriteLine(rule);
Assert.NotEmpty(rules);
Assert.Equal("192.168.1.1-192.168.1.10:200-300", target[DNatTargetBuilder.TO_DESTINATION_OPT]);
Assert.NotNull(target[DNatTargetBuilder.RANDOM_OPT]);
Assert.Equal(TargetTypes.DNAT, target.Name);
}
"iptables -t nat -F PREROUTING".Bash();
dnatTarget = new DNatTargetBuilder().SetDestination("192.168.10.1", "192.168.10.1", 200, 300)
.SetRandom().Build();
rule = new RuleBuilder()
.SetIp4Src("192.168.3.2/23")
.SetIp4Dst("192.168.3/24")
.SetInInterface("eno8")
.SetOutInterface("eno45", true, true)
.SetProto("tCp")
.SetTarget(dnatTarget)
.Build();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.NAT))
{
wr.AppendRule(Chains.PREROUTING, rule);
wr.Commit();
var rules = wr.GetRules(Chains.PREROUTING);
rule = rules.First();
var target = rule.Target;
System.Console.WriteLine(rule);
Assert.NotEmpty(rules);
Assert.Equal("192.168.10.1:200-300", target[DNatTargetBuilder.TO_DESTINATION_OPT]);
Assert.NotNull(target[DNatTargetBuilder.RANDOM_OPT]);
Assert.Equal(TargetTypes.DNAT, target.Name);
}
"iptables -t nat -F PREROUTING".Bash();
dnatTarget = new DNatTargetBuilder().SetDestinationWithProto(200, 300)
.SetRandom().Build();
rule = new RuleBuilder()
.SetIp4Src("192.168.3.2/23")
.SetIp4Dst("192.168.3/24")
.SetInInterface("eno8")
.SetOutInterface("eno45", true, true)
.SetProto("tCp")
.SetTarget(dnatTarget)
.Build();
System.Console.WriteLine(rule);
using (var wr = new IptTransaction(Tables.NAT))
{
wr.AppendRule(Chains.PREROUTING, rule);
wr.Commit();
var rules = wr.GetRules(Chains.PREROUTING);
rule = rules.First();
var target = rule.Target;
System.Console.WriteLine(rule);
Assert.NotEmpty(rules);
Assert.Equal(":200-300", target[DNatTargetBuilder.TO_DESTINATION_OPT]);
Assert.NotNull(target[DNatTargetBuilder.RANDOM_OPT]);
Assert.Equal(TargetTypes.DNAT, target.Name);
}
}