public void TestSplit() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesChainSet chains = new IpTablesChainSet(4); FeatureSplitter <RuleOutputter, IPAddress> ma = new FeatureSplitter <RuleOutputter, IPAddress>("INPUT", "filter", extractor, setter, nestedGenerator, "_"); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 1 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 2 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -m udp --sport 3 -j ACCEPT", system, chains)); IpTablesRuleSet rules = new IpTablesRuleSet(4, system); ma.Output(system, rules); Assert.AreEqual(3, rules.Chains.Count()); Assert.AreEqual(2, rules.Chains.First().Rules.Count); Assert.AreEqual(2, rules.Chains.Skip(1).First().Rules.Count); Assert.AreEqual(1, rules.Chains.Skip(2).First().Rules.Count); Assert.AreEqual("-A INPUT -s 8.1.1.1 -j QGkTSfSaLIaS4B/kr3WQ -m comment --comment '_|FS|INPUT_8.1.1.1'", rules.Chains.First().Rules.First().GetActionCommand()); Assert.AreEqual("-A INPUT -s 8.1.1.2 -j ciE0aMcfwN36u0sNiC6w -m comment --comment '_|FS|INPUT_8.1.1.2'", rules.Chains.First().Rules.Skip(1).First().GetActionCommand()); Assert.AreEqual("-A QGkTSfSaLIaS4B/kr3WQ -j ACCEPT -m udp --sport 1", rules.Chains.Skip(1).First().Rules.First().GetActionCommand()); }
public void TestUpdateMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); List <String> expectedCommands = new List <String>() { rulesNew.Chains.First().Rules[1].GetActionCommand("-R") }; var sync = new DefaultNetfilterSync <IpTablesRule>(CommentComparer); mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands); }
public void TestUpdateMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); List <String> expectedCommands = new List <String>() { "*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), "COMMIT" }; mock.TestSync(rulesOriginal, rulesNew, CommentComparer); CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); }
public void TestAddFromEmpty() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { }, system); rulesOriginal.Chains.AddChain("INPUT", "filter", system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -d 1.2.3.4/16 -j DROP" }, system); List <String> expectedCommands = new List <String> { "*filter", rulesNew.Chains.First().Rules[0].GetActionCommand(), "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestDeleteMultiplesMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 3" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 3" }, system); List <String> expectedCommands = new List <String>() { "*filter", "-D INPUT 2", "-D INPUT 2", "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestNatDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); List <String> expectedCommands = new List <String>() { }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestSimpleDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); List <String> expectedCommands = new List <String>() { }; using (var client = system.GetTableAdapter(4)) { mock.TestSync(client, rulesOriginal, rulesNew); CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); } }
public void TestInsertMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); List <String> expectedCommands = new List <String>() { "-D INPUT 2", rulesNew.Chains.First().Rules[1].GetActionCommand(), rulesNew.Chains.First().Rules[2].GetActionCommand() }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestUpdateMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); List <String> expectedCommands = new List <String>() { "*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestAdd() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", "-A INPUT -d 1.2.3.4/16 -j DROP" }, system); List <String> expectedCommands = new List <String> { "*filter", rulesNew.Chains.First().Rules[2].GetActionCommand(), "COMMIT" }; using (var client = system.GetTableAdapter(4)) { mock.TestSync(client, rulesOriginal, rulesNew); CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); } }
public void TestDeleteAndUpdate() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID4\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 1 -m comment --comment \"ID3\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID4\"" }, system); using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(CommentComparer); mock.TestSync(client, rulesOriginal, rulesNew, sync); var commands = (client as IMockIpTablesRestoreGetOutput).GetOutput().ToList(); Assert.AreEqual(5, commands.Count); Assert.True(commands[1].StartsWith("-D INPUT 1")); Assert.True(commands[2].StartsWith("-R INPUT 1")); Assert.True(commands[3].StartsWith("-R INPUT 2")); } }
public void TestQuotes() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP", }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP", "-A INPUT -m comment --comment 'test space'" }, system); List <String> expectedCommands = new List <String> { "*filter", "-A INPUT -m comment --comment \"test space\"", "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestParseRule() { var systemFactory = new MockIptablesSystemFactory(); var ipUtils = new IpRouteController(systemFactory); var one = ipUtils.ParseObjectInternal("default via 199.19.225.1 dev eth0", "to"); var two = ipUtils.ParseObjectInternal("10.128.1.0/24 dev tap0 proto kernel scope link src 10.128.1.201", "to"); }
public void TestAddDuplicate() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", }, system); List <String> expectedCommands = new List <String>() { rulesNew.Chains.First().Rules[2].GetActionCommand() }; var sync = new DefaultNetfilterSync <IpTablesRule>(); mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands); }
public void TestDeleteMultiples() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5" }, system); List <String> expectedCommands = new List <String>() { "-D INPUT 1", "-D INPUT 2" }; var sync = new DefaultNetfilterSync <IpTablesRule>(); mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands); }
public void TestParseRuleAnycastV6() { var systemFactory = new MockIptablesSystemFactory(); var ipUtils = new IpRouteController(systemFactory); var one = ipUtils.ParseObjectInternal("anycast fe80:: dev tap0 table local proto kernel metric 0 pref medium", "to"); ipUtils.ExportObject(one); }
public void TestParseRuleLocal() { var systemFactory = new MockIptablesSystemFactory(); var ipUtils = new IpRouteController(systemFactory); var one = ipUtils.ParseObjectInternal("local default dev lo table 100 scope host", "to"); ipUtils.ExportObject(one); }
public void TestParseRule() { var systemFactory = new MockIptablesSystemFactory(); var ipUtils = new IpRuleController(systemFactory); var one = ipUtils.ParseObjectInternal("default via 10.17.199.1 dev s4 table 200", "to"); var two = ipUtils.ParseObjectInternal("default via 10.17.199.1 dev s4 table 200", "to"); CollectionAssert.AreEqual(one.Pairs, two.Pairs); Assert.AreEqual("default", one.Pairs["to"]); Assert.AreEqual("200", one.Pairs["table"]); }
public void TestGetRules() { var systemFactory = new MockIptablesSystemFactory(); var output = "32766: from all lookup main\n32767: from all lookup default"; systemFactory.MockOutputs.Add(new KeyValuePair <string, string>("ip", "rule show"), new StreamReader[] { new StreamReader(new MemoryStream(Encoding.ASCII.GetBytes(output))) }); var ipUtils = new IpRuleController(systemFactory); var rules = ipUtils.GetAll(); Assert.AreEqual(2, rules.Count); Assert.AreEqual("pref 32766 from all lookup main", string.Join(" ", ipUtils.ExportObject(rules[0]))); Assert.AreEqual("pref 32767 from all lookup default", string.Join(" ", ipUtils.ExportObject(rules[1]))); }
public void TestDeleteRule() { var systemFactory = new MockIptablesSystemFactory(); var ipUtils = new IpRuleController(systemFactory); ipUtils.Delete("from", "1.1.1.1", "lookup", "100"); var expected = new List <KeyValuePair <String, String> > { new KeyValuePair <string, string> ("ip", "rule delete from 1.1.1.1 lookup 100") }; CollectionAssert.AreEqual(expected, systemFactory.ExecutionLog); }
public void TestDeleteRuleId() { var systemFactory = new MockIptablesSystemFactory(); var ipUtils = new IpRuleController(systemFactory); IpObject ipObject = new IpObject(); ipObject.Pairs.Add("pref", "100"); ipObject.Pairs.Add("from", "1.1.1.1"); ipUtils.Delete(ipObject); var expected = new List <KeyValuePair <String, String> > { new KeyValuePair <string, string> ("ip", "rule delete pref 100 from 1.1.1.1") }; CollectionAssert.AreEqual(expected, systemFactory.ExecutionLog); }
public void TestAddObjRule() { var systemFactory = new MockIptablesSystemFactory(); var ipUtils = new IpRuleController(systemFactory); var obj = new IpObject(); obj.Pairs.Add("from", "1.1.1.1"); obj.Pairs.Add("lookup", "100"); obj.Singles.Add("not"); ipUtils.Add(obj); var expected = new List <KeyValuePair <String, String> > { new KeyValuePair <string, string> ("ip", "rule add not from 1.1.1.1 lookup 100") }; CollectionAssert.AreEqual(expected, systemFactory.ExecutionLog); }
public void TestNesting() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesChainSet chains = new IpTablesChainSet(4); FeatureSplitter <MultiportAggregator <IPAddress>, String> ma = new FeatureSplitter <MultiportAggregator <IPAddress>, String>("INPUT", "filter", extractor, setter, nestedGenerator, "_"); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -i eth0 -m udp --sport 1 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -i eth1 -m udp --sport 2 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -i eth0 -m udp --sport 3 -j ACCEPT", system, chains)); IpTablesRuleSet rules = new IpTablesRuleSet(4, system); ma.Output(system, rules); Assert.AreEqual(3, rules.Chains.Count()); Assert.AreEqual(2, rules.Chains.Skip(1).First().Rules.Count); Assert.AreEqual(1, rules.Chains.Skip(2).First().Rules.Count); }
public void TestMultiple() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesChainSet chains = new IpTablesChainSet(4); MultiportAggregator <IPAddress> ma = new MultiportAggregator <IPAddress>("INPUT", "filter", extractSrcIp, extractSrcPort, PortRangeHelpers.SourcePortSetter, setSourceIp, "_"); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 10 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 20 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 30 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 40 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 50 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 60 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 70 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 80 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 90 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 100 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 110 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 120 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 130 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 140 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 150 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 160 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 170 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 180 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 190 -j ACCEPT", system, chains)); IpTablesRuleSet rules = new IpTablesRuleSet(4, system); ma.Output(system, rules); Assert.AreEqual(2, rules.Chains.Count()); Assert.AreEqual(1, rules.Chains.GetChainOrDefault("INPUT", "filter").Rules.Count); Assert.AreEqual("-A INPUT -s 8.1.1.1 -j uXTlO5H/5x9hJe9WK1hw -m comment --comment '_|MA|INPUT_8.1.1.1'", rules.Chains.GetChainOrDefault("INPUT", "filter").Rules.First().GetActionCommand()); Assert.AreEqual("-A uXTlO5H/5x9hJe9WK1hw -j ACCEPT -m comment --comment '_|uXTlO5H/5x9hJe9WK1hw|1' -m multiport --sports 10,20,30,40,50,60,70,80,90,100,110,120,130,140,150", rules.Chains.GetChainOrDefault("uXTlO5H/5x9hJe9WK1hw", "filter").Rules.First().GetActionCommand()); }
public void TestSimpleDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); List <String> expectedCommands = new List <String>() { }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestNatDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); List <String> expectedCommands = new List <String>() { }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestSingular() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesChainSet chains = new IpTablesChainSet(4); MultiportAggregator <IPAddress> ma = new MultiportAggregator <IPAddress>("INPUT", "filter", extractSrcIp, extractSrcPort, PortRangeHelpers.SourcePortSetter, setSourceIp, "_", null); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 1 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 2 -j ACCEPT", system, chains)); ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -m udp --sport 3 -j ACCEPT", system, chains)); IpTablesRuleSet rules = new IpTablesRuleSet(4, system); ma.Output(system, rules); Assert.AreEqual(1, rules.Chains.Count()); Assert.AreEqual(2, rules.Chains.First().Rules.Count); Assert.AreEqual("-A INPUT -s 8.1.1.1 -j ACCEPT -m comment --comment '_|uXTlO5H/5x9hJe9WK1hw|1' -m multiport --sports 1:2", rules.Chains.First().Rules.First().GetActionCommand()); Assert.AreEqual("-A INPUT -s 8.1.1.2 -j ACCEPT -m comment --comment '_|s5FXv5bN+84QgKZzjZ3Q|1' -m multiport --sports 3", rules.Chains.First().Rules.Skip(1).First().GetActionCommand()); }
public void TestNatDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); List <String> expectedCommands = new List <String>() { }; mock.TestSync(rulesOriginal, rulesNew); CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); }
public void TestUpdateBegin() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"" }, system); List <String> expectedCommands = new List <String>() { rulesNew.Chains.First().Rules[0].GetActionCommand("-R") }; mock.TestSync(rulesOriginal, rulesNew, expectedCommands, CommentComparer); }
public void TestDelete() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", }, system); List <String> expectedCommands = new List <String>() { "*filter", "-D INPUT 2", "COMMIT" }; mock.TestSync(rulesOriginal, rulesNew); CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);; }