public void TestDeleteAndUpdate() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID4\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 1 -m comment --comment \"ID3\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID4\"" }, system); using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(CommentComparer); mock.TestSync(client, rulesOriginal, rulesNew, sync); var commands = (client as IMockIpTablesRestoreGetOutput).GetOutput().ToList(); Assert.AreEqual(5, commands.Count); Assert.True(commands[1].StartsWith("-D INPUT 1")); Assert.True(commands[2].StartsWith("-R INPUT 1")); Assert.True(commands[3].StartsWith("-R INPUT 2")); } }
public void TestQuotes() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP", }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP", "-A INPUT -m comment --comment 'test space'" }, system); List <String> expectedCommands = new List <String> { "*filter", "-A INPUT -m comment --comment \"test space\"", "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestDeleteMultiplesMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 3" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 3" }, system); List <String> expectedCommands = new List <String>() { "*filter", "-D INPUT 2", "-D INPUT 2", "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestUpdateMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); List <String> expectedCommands = new List <String>() { "*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestAdd() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", "-A INPUT -d 1.2.3.4/16 -j DROP" }, system); List <String> expectedCommands = new List <String> { "*filter", rulesNew.Chains.First().Rules[2].GetActionCommand(), "COMMIT" }; using (var client = system.GetTableAdapter(4)) { mock.TestSync(client, rulesOriginal, rulesNew); CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); } }
public void TestNatDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); List <String> expectedCommands = new List <String>() { }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestUpdateMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); List <String> expectedCommands = new List <String>() { rulesNew.Chains.First().Rules[1].GetActionCommand("-R") }; var sync = new DefaultNetfilterSync <IpTablesRule>(CommentComparer); mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands); }
public void TestAddDuplicate() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", }, system); List <String> expectedCommands = new List <String>() { rulesNew.Chains.First().Rules[2].GetActionCommand() }; var sync = new DefaultNetfilterSync <IpTablesRule>(); mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands); }
public void TestInsertMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); List <String> expectedCommands = new List <String>() { "-D INPUT 2", rulesNew.Chains.First().Rules[1].GetActionCommand(), rulesNew.Chains.First().Rules[2].GetActionCommand() }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestDeleteMultiples() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5" }, system); List <String> expectedCommands = new List <String>() { "-D INPUT 1", "-D INPUT 2" }; var sync = new DefaultNetfilterSync <IpTablesRule>(); mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands); }
public void TestSimpleDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); List <String> expectedCommands = new List <String>() { }; using (var client = system.GetTableAdapter(4)) { mock.TestSync(client, rulesOriginal, rulesNew); CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); } }
public void TestUpdateMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); List <String> expectedCommands = new List <String>() { "*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), "COMMIT" }; mock.TestSync(rulesOriginal, rulesNew, CommentComparer); CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); }
public void TestAddFromEmpty() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { }, system); rulesOriginal.Chains.AddChain("INPUT", "filter", system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -d 1.2.3.4/16 -j DROP" }, system); List <String> expectedCommands = new List <String> { "*filter", rulesNew.Chains.First().Rules[0].GetActionCommand(), "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestNatDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); List <String> expectedCommands = new List <String>() { }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestSimpleDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); List <String> expectedCommands = new List <String>() { }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestNatDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); List <String> expectedCommands = new List <String>() { }; mock.TestSync(rulesOriginal, rulesNew); CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); }
public void TestDelete() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", }, system); List <String> expectedCommands = new List <String>() { "*filter", "-D INPUT 2", "COMMIT" }; mock.TestSync(rulesOriginal, rulesNew); CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);; }
public void TestUpdateBegin() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"" }, system); List <String> expectedCommands = new List <String>() { rulesNew.Chains.First().Rules[0].GetActionCommand("-R") }; mock.TestSync(rulesOriginal, rulesNew, expectedCommands, CommentComparer); }
public void TestQuotes() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP", }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP", "-A INPUT -m comment --comment 'test space'" }, system); List <String> expectedCommands = new List <String> { "*filter", "-A INPUT -m comment --comment \"test space\"", "COMMIT" }; mock.TestSync(rulesOriginal, rulesNew); var output = (system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(); CollectionAssert.AreEqual(output, expectedCommands); }