public void TestCompare1() { String rule = "-A ATTK_CHECK -m recent --rcheck --name BANNED --seconds 180 --reap --rttl -j ATTACKED"; IpTablesChainSet chains = new IpTablesChainSet(4); Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4)); }
public void TestCompare1() { String rule = "-A ABC -m hashlimit --hashlimit-name aaaaaaaaaaaaaaaaaaaaaa --hashlimit-above 125/second --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-srcmask 32 --hashlimit-dstmask 32 --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-expire 6 --hashlimit-htable-gcinterval 600 -j AVS"; IpTablesChainSet chains = new IpTablesChainSet(4); Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4)); }
public void TestPolyfillArgumentsComparison1() { String rule = "-A INPUT -m unknown --unknown --unknown-2 1111 -p tcp -d 1.1.1.1 -m tcp --dport 80"; IpTablesChainSet chains = new IpTablesChainSet(4); Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4)); }
public void TestSplit() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesChainSet chains = new IpTablesChainSet(4); FeatureSplitter<RuleOutputter, IPAddress> ma = new FeatureSplitter<RuleOutputter,IPAddress>("INPUT", "filter", extractor, setter, nestedGenerator, "_"); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 1 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 2 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -m udp --sport 3 -j ACCEPT", system, chains)); IpTablesRuleSet rules = new IpTablesRuleSet(4,system); ma.Output(system, rules); Assert.AreEqual(3, rules.Chains.Count()); Assert.AreEqual(2, rules.Chains.First().Rules.Count); Assert.AreEqual(2, rules.Chains.Skip(1).First().Rules.Count); Assert.AreEqual(1, rules.Chains.Skip(2).First().Rules.Count); Assert.AreEqual("-A INPUT -s 8.1.1.1 -j QGkTSfSaLIaS4B/kr3WQ -m comment --comment '_|FS|INPUT_8.1.1.1'", rules.Chains.First().Rules.First().GetActionCommand()); Assert.AreEqual("-A INPUT -s 8.1.1.2 -j ciE0aMcfwN36u0sNiC6w -m comment --comment '_|FS|INPUT_8.1.1.2'", rules.Chains.First().Rules.Skip(1).First().GetActionCommand()); Assert.AreEqual("-A QGkTSfSaLIaS4B/kr3WQ -j ACCEPT -m udp --sport 1", rules.Chains.Skip(1).First().Rules.First().GetActionCommand()); }
public void TestCompare2() { String rule = "-A AAAA -t raw -m hashlimit --hashlimit-name synflood_spoofe --hashlimit-above 111/second --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-srcmask 32 --hashlimit-dstmask 32 --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-expire 6 --hashlimit-htable-gcinterval 600 -g AA"; String rule2 = "-A AAAA -t raw -m hashlimit --hashlimit-above 111/sec --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-name synflood_spoofe --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-gcinterval 600 --hashlimit-htable-expire 6 -g AA"; IpTablesChainSet chains = new IpTablesChainSet(4); Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule2, null, chains)); }
public RuleParser(string[] arguments, IpTablesRule ipRule, IpTablesChainSet chains, String defaultTable) { _arguments = arguments; _ipRule = ipRule; _parsers = ModuleRegistry.PreloadDuplicateModules.ToList(); _chains = chains; _tableName = defaultTable; }
public void TestCompareTarget1() { String rule = "-A ABC -j HASHROUTE --hashroute-name aaaaaaaaaaaaaaaaaaaaaa --hashroute-mode dstip,dstport --hashroute-srcmask 32 --hashroute-dstmask 32 --hashroute-htable-size 65000 --hashroute-htable-max 30000 --hashroute-htable-expire 6 --hashroute-htable-gcinterval 600 -j AVS"; IpTablesChainSet chains = new IpTablesChainSet(4); Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4)); Assert.IsFalse(IpTablesRule.Parse(rule, null, chains, 4).GetCommand().Contains("-m HASHROUTE")); }
public RuleParser(string[] arguments, IpTablesRule ipRule, IpTablesChainSet chains, String defaultTable) { _arguments = arguments; _ipRule = ipRule; _parsers.AddRange(_moduleFactory.GetPreloadModules()); _chains = chains; _tableName = defaultTable; }
public void TestDropConnectionLimit() { String rule = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestXmark() { String rule = "-A INPUT -j NFLOG --nflog-group 30"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestDnatSingleSource() { String rule = "-A PREROUTING -t nat -d 1.1.1.1/24 -j DNAT --to-destination 2.2.2.2"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestPolyfillParseAdditionalOptionsAfter() { String rule = "-A INPUT -m unknown --unknown -p tcp -d 1.1.1.1 -m tcp --dport 80"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestCoreSportZeroValue() { String rule = "-A INPUT -p tcp -j DROP -m tcp --sport 0"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(rule, irule1.GetActionCommand()); }
public void TestHelper() { String rule = "-A INPUT -m helper ! --helper abc -j ACCEPT"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestCoreFragmenting() { String rule = "-A INPUT ! -f -j test"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestSingleRule() { String rule = "-A INPUT -p tcp -i eth0 -j SYNPROXY --mss 1460 --wscale 9 --sack-perm --timestamp -m state --state UNTRACKED,INVALID"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestSnatSingleSource() { String rule = "-A POSTROUTING -t nat -s 1.1.1.1/24 -j SNAT --to-source 2.2.2.2"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void Test2() { String rule = "-A FORWARD -m set --match-set test src --return-nomatch ! --update-counters --packets-lt 3 ! --bytes-eq 1"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestSet() { String rule = "-A ATTK_CHECK -m recent --set --name ATTK"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestSmall() { String rule = "-A INPUT -j ACCEPT -m nfacct --nfacct-name test"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestXmark() { String rule = "-A INPUT -j NFQUEUE --queue-num 1 --queue-bypass"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestDropFragmentedTcpDnsWithComment() { String rule = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53 -m comment --comment 'this is a test rule'"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestUpdate() { String rule = "-A ATTK_CHECK -m recent --update --name ATTK --seconds 180 --hitcount 20 -j ATTACKED"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestLogWithPrefix() { String rule = "-A INPUT -j LOG --log-prefix 'IPTABLES (Rule ATTACKED): ' --log-level 7"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestCoreDropingUdp() { String rule = "-A INPUT -p udp -j DROP"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestSourceNotMultiports() { String rule = "-A INPUT -p tcp -m multiport ! --dports 80,1000:1080"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestNotLength() { String rule = "-A INPUT -m length ! --length 10 -j ACCEPT"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestXMarkMasked() { String rule = "-A RETURN_AFWCON -j CONNMARK --set-xmark 0x1/0x1"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void Test1() { String rule = "-A FORWARD -m set --match-set test src"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestPolyfillParseMultiple() { String rule = "-A INPUT -m unknown --unknown -m unknown2"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); }
public void TestComparisonMultiport() { String rule = "-A INPUT -p tcp -j RETURN -m multiport --dports 79,22 -m comment --comment TCP"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule r1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule r2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.IsTrue(r1.Compare(r2)); }
public void TestXmark() { String rule = "-A INPUT -p tcp -j MARK --set-xmark 0xFF"; String ruleExpect = "-A INPUT -p tcp -j MARK --set-xmark 0xFF"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(ruleExpect, irule.GetActionCommand()); }
public void TestCoreFragmentingEquality() { String rule = "-A INPUT ! -f -j test"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(irule1, irule2); }
public void TestDropFragmentedTcpDnsWithCommentEquality() { String rule = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53 -m comment --comment 'this is a test rule'"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.IsTrue(irule2.Compare(irule1)); }
public void TestCoreSportEquality() { String rule = "-A INPUT -p tcp -j DROP -m tcp --sport 1"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(irule1, irule2); }
public void TestCoreDropingSourceEquality() { String rule = "-A INPUT -s 1.2.3.4 -j DROP"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(irule1, irule2); }
public void TestDropConnectionLimitEquality() { String rule = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(irule1, irule2); }
public void TestDropFragmentedTcpDnsEquality() { String rule = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(irule1, irule2); }
public void TestPolyfillArgumentsComparison4() { String rule = "-A INPUT -m unknown --unknown --unknown-2 \'this has spaces & a symbol\' -m unknown2 --unknown2 -p tcp -d 1.1.1.1 -m tcp --dport 80"; String rule2 = "-A INPUT -m unknown2 --unknown2 -m unknown --unknown --unknown-2 \'this has spaces & a symbol\' -p tcp -d 1.1.1.1 -m tcp --dport 80"; IpTablesChainSet chains = new IpTablesChainSet(4); Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule2, null, chains))); }
public void TestRandomRounding() { String rule = "-A CHAIN -t raw -m statistic --mode random --probability 0.03999999911"; String rule2 = "-A CHAIN -t raw -m statistic --mode random --probability 0.03999999957"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4); Assert.IsTrue(irule.Compare(irule2)); }
public void MatchMarkHex() { String rule = "-A INPUT -p tcp -j ACCEPT -m mark --mark 0xc6ff00/0xFFFF00"; String ruleExpect = "-A INPUT -p tcp -j ACCEPT -m mark --mark 13041408/0xFFFF00"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(ruleExpect, irule.GetActionCommand()); Assert.AreEqual(IpTablesRule.Parse(ruleExpect, null, chains, 4), irule); }
public void TestXorMark() { Int32 mark = 0; String rule = "-A INPUT -p tcp -j CONNMARK --xor-mark " + mark; String ruleExpect = "-A INPUT -p tcp -j CONNMARK --set-xmark 0x" + mark.ToString("X") + "/0x0"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(ruleExpect, irule.GetActionCommand()); }
public void TestDoubleSpace() { String rule = "-A INPUT -j ACCEPT -m nfacct --nfacct-name \"test\""; String rule2 = "-A INPUT -j ACCEPT -m nfacct --nfacct-name test"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule2, irule.GetActionCommand()); Assert.IsTrue(IpTablesRule.Parse(rule2, null, chains, 4).Compare(irule)); }
public void TestSnatRangeSourceAndEquality() { String rule = "-A POSTROUTING -t nat -s 1.1.1.1/24 -j SNAT --to-source 2.2.2.1-2.2.2.250"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(irule1, irule2); Assert.AreEqual(rule, irule1.GetActionCommand()); Assert.AreEqual(rule, irule2.GetActionCommand()); }
public void TestDnatRangeSourceAndEquality() { String rule = "-A POSTROUTING -t nat -d 1.1.1.1/24 -j DNAT --to-destination 2.2.2.1-2.2.2.250"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.IsTrue(irule2.Compare(irule1)); Assert.AreEqual(rule, irule1.GetActionCommand()); Assert.AreEqual(rule, irule2.GetActionCommand()); }
public void TestAddCommentAfter() { String rule1 = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53"; String rule2 = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53 -m comment --comment 'this is a test rule'"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule1, null, chains); irule1.SetComment("this is a test rule"); Assert.AreEqual(rule2, irule1.GetActionCommand()); }
public void TestParse() { String rule1 = "-A PREROUTING -t raw -p tcp -j CT --ctevents new,destroy"; String rule2 = "-A PREROUTING -t raw -p tcp -j CT --ctevents \"destroy, new\""; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule1, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4); irule2.Equals(irule1); Assert.AreEqual(irule1, irule2); }
public void TestRandomRounding3() { String rule = "-A CHAIN -t raw -m statistic --mode random --probability 0.09000000000"; String rule2 = "-A CHAIN -t raw -m statistic --mode random --probability 0.08999999985"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4); Assert.AreEqual(irule.GetActionCommand(), irule2.GetActionCommand()); Assert.IsTrue(irule.Compare(irule2)); }
public void TestLimitComparison() { String rule = "-A INPUT -m limit --limit 100/second --limit-burst 7"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(rule, irule.GetActionCommand()); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(irule2, irule); }
public void TestDifficultCharacters() { String rule = "-A kY9xlwGhPJW6N1QCHoRg -t mangle -p tcp -d 107.1.107.1 -g x_ComPlex -m comment --comment 'ABC||+sPeC14l=|1' -m tcp --dport 81"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(rule, irule.GetActionCommand()); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(irule2, irule); }
public void TestAddChain() { IpTablesRuleSet ruleSet = new IpTablesRuleSet(4, null); String rule = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); ruleSet.AddRule(irule); Assert.AreEqual(1, ruleSet.Chains.Count()); Assert.AreEqual("filter", ruleSet.Chains.First().Table); Assert.AreEqual(1, ruleSet.Chains.First().Rules.Count()); }
public void TestNesting() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesChainSet chains = new IpTablesChainSet(4); FeatureSplitter <MultiportAggregator <IPAddress>, String> ma = new FeatureSplitter <MultiportAggregator <IPAddress>, String>("INPUT", "filter", extractor, setter, nestedGenerator, "_"); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -i eth0 -m udp --sport 1 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -i eth1 -m udp --sport 2 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -i eth0 -m udp --sport 3 -j ACCEPT", system, chains)); IpTablesRuleSet rules = new IpTablesRuleSet(4, system); ma.Output(system, rules); Assert.AreEqual(3, rules.Chains.Count()); Assert.AreEqual(2, rules.Chains.Skip(1).First().Rules.Count); Assert.AreEqual(1, rules.Chains.Skip(2).First().Rules.Count); }
public void TestMultiple() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesChainSet chains = new IpTablesChainSet(4); MultiportAggregator <IPAddress> ma = new MultiportAggregator <IPAddress>("INPUT", "filter", extractSrcIp, extractSrcPort, PortRangeHelpers.SourcePortSetter, setSourceIp, "_"); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 10 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 20 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 30 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 40 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 50 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 60 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 70 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 80 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 90 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 100 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 110 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 120 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 130 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 140 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 150 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 160 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 170 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 180 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 190 -j ACCEPT", system, chains)); IpTablesRuleSet rules = new IpTablesRuleSet(4, system); ma.Output(system, rules); Assert.AreEqual(2, rules.Chains.Count()); Assert.AreEqual(1, rules.Chains.GetChainOrDefault("INPUT", "filter").Rules.Count); Assert.AreEqual("-A INPUT -s 8.1.1.1 -j uXTlO5H/5x9hJe9WK1hw -m comment --comment '_|MA|INPUT_8.1.1.1'", rules.Chains.GetChainOrDefault("INPUT", "filter").Rules.First().GetActionCommand()); Assert.AreEqual("-A uXTlO5H/5x9hJe9WK1hw -j ACCEPT -m comment --comment '_|uXTlO5H/5x9hJe9WK1hw|1' -m multiport --sports 10,20,30,40,50,60,70,80,90,100,110,120,130,140,150", rules.Chains.GetChainOrDefault("uXTlO5H/5x9hJe9WK1hw", "filter").Rules.First().GetActionCommand()); }
public void TestSingular() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesChainSet chains = new IpTablesChainSet(4); MultiportAggregator <IPAddress> ma = new MultiportAggregator <IPAddress>("INPUT", "filter", extractSrcIp, extractSrcPort, PortRangeHelpers.SourcePortSetter, setSourceIp, "_", null); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 1 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 2 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -m udp --sport 3 -j ACCEPT", system, chains)); IpTablesRuleSet rules = new IpTablesRuleSet(4, system); ma.Output(system, rules); Assert.AreEqual(1, rules.Chains.Count()); Assert.AreEqual(2, rules.Chains.First().Rules.Count); Assert.AreEqual("-A INPUT -s 8.1.1.1 -j ACCEPT -m comment --comment '_|uXTlO5H/5x9hJe9WK1hw|1' -m multiport --sports 1:2", rules.Chains.First().Rules.First().GetActionCommand()); Assert.AreEqual("-A INPUT -s 8.1.1.2 -j ACCEPT -m comment --comment '_|s5FXv5bN+84QgKZzjZ3Q|1' -m multiport --sports 3", rules.Chains.First().Rules.Skip(1).First().GetActionCommand()); }
public static IpTablesChainSet GetRulesFromOutput(NetfilterSystem system, String output, String table, int ipVersion, bool ignoreErrors = false) { var ret = new IpTablesChainSet(ipVersion); String ttable = null; foreach (string lineRaw in output.Split(new[] { '\n' })) { string line = lineRaw.Trim(); if (String.IsNullOrEmpty(line)) { continue; } char c = line[0]; IpTablesRule rule; IpTablesChain chain; switch (c) { case '*': ttable = line.Substring(1); break; case ':': string[] split = line.Split(new[] { ' ' }); ret.AddChain(new IpTablesChain(ttable, split[0].Substring(1), ipVersion, system)); break; //Byte & packet count case '[': int positionEnd = line.IndexOf(']'); if (positionEnd == -1) { throw new IpTablesNetException("Parsing error, could not find end of counters"); } string[] counters = line.Substring(1, positionEnd - 1).Split(new[] { ':' }); line = line.Substring(positionEnd + 1); try { rule = IpTablesRule.Parse(line, system, ret, ttable); } catch { if (ignoreErrors) { continue; } throw; } rule.Counters = new PacketCounters(long.Parse(counters[0]), long.Parse(counters[1])); ret.AddRule(rule); break; case '-': rule = IpTablesRule.Parse(line, system, ret, ttable); ret.AddRule(rule); break; case '#': break; case 'C': if (line == "COMMIT" && ttable == table) { if (ttable == null) { throw new IpTablesNetException("Parsing error"); } return(ret); } throw new IpTablesNetException("Unexepected table \"" + table + "\" found \"" + ttable + "\" instead"); } } return(null); }