public void TestQuotes()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
{
"-A INPUT -p tcp -j DROP",
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
{
"-A INPUT -p tcp -j DROP",
"-A INPUT -m comment --comment 'test space'"
}, system);
List <String> expectedCommands = new List <String> {
"*filter",
"-A INPUT -m comment --comment \"test space\"", "COMMIT"
};
using (var client = system.GetTableAdapter(4))
{
var sync = new DefaultNetfilterSync <IpTablesRule>();
var rulesSynced = rulesOriginal.DeepClone();
mock.TestSync(client, rulesSynced, rulesNew, sync);
CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput());
TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands);
}
}
public void TestUpdateMiddle()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
}, system);
List <String> expectedCommands = new List <String>()
{
"*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), "COMMIT"
};
using (var client = system.GetTableAdapter(4))
{
var sync = new DefaultNetfilterSync <IpTablesRule>();
var rulesSynced = rulesOriginal.DeepClone();
mock.TestSync(client, rulesSynced, rulesNew, sync);
CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput());
TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands);
}
}
public void TestNatDoNothing()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
{
"-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
"-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
{
"-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
"-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
}, system);
List <String> expectedCommands = new List <String>()
{
};
using (var client = system.GetTableAdapter(4))
{
var sync = new DefaultNetfilterSync <IpTablesRule>();
var rulesSynced = rulesOriginal.DeepClone();
mock.TestSync(client, rulesSynced, rulesNew, sync);
CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput());
TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands);
}
}
public void TestDeleteMultiplesMiddle()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 3"
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 3"
}, system);
List <String> expectedCommands = new List <String>()
{
"*filter", "-D INPUT 2", "-D INPUT 2", "COMMIT"
};
using (var client = system.GetTableAdapter(4))
{
var sync = new DefaultNetfilterSync <IpTablesRule>();
var rulesSynced = rulesOriginal.DeepClone();
mock.TestSync(client, rulesSynced, rulesNew, sync);
CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput());
TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands);
}
}
public void TestAddFromEmpty()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>()
{
}, system);
rulesOriginal.Chains.AddChain("INPUT", "filter", system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>()
{
"-A INPUT -d 1.2.3.4/16 -j DROP"
}, system);
List <String> expectedCommands = new List <String> {
"*filter", rulesNew.Chains.First().Rules[0].GetActionCommand(), "COMMIT"
};
using (var client = system.GetTableAdapter(4))
{
var sync = new DefaultNetfilterSync <IpTablesRule>();
var rulesSynced = rulesOriginal.DeepClone();
mock.TestSync(client, rulesSynced, rulesNew, sync);
CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput());
TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands);
}
}
