public void TestSmall()
{
String rule = "-A INPUT -j ACCEPT -m nfacct --nfacct-name test";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestHelper()
{
String rule = "-A INPUT -m helper ! --helper abc -j ACCEPT";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestMssWithSetMssRange()
{
String rule = "-A INPUT -m tcpmss --mss 10:100 -j TCPMSS --set-mss 1000";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestNotLength()
{
String rule = "-A INPUT -m length ! --length 10 -j ACCEPT";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestSnatSingleSource()
{
String rule = "-A PREROUTING -t nat -j SDNAT --to-source 78.141.209.124 --to-destination 104.236.152.141:80 --ctmark 145 --ctmask 1";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestSingleRule()
{
String rule = "-A INPUT -p tcp -i eth0 -j SYNPROXY --mss 1460 --wscale 9 --sack-perm --timestamp -m state --state UNTRACKED,INVALID";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestPolyfillParseAdditionalOptionsAfter()
{
String rule = "-A INPUT -m unknown --unknown -p tcp -d 1.1.1.1 -m tcp --dport 80";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestLogWithPrefix()
{
String rule = "-A INPUT -j LOG --log-prefix 'IPTABLES (Rule ATTACKED): ' --log-level 7";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestDropFragmentedTcpDns()
{
String rule = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestCoreSportZeroValue()
{
String rule = "-A INPUT -p tcp -j DROP -m tcp --sport 0";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule1.GetActionCommand());
}
public void TestXMarkMasked()
{
String rule = "-A RETURN_AFWCON -j CONNMARK --set-xmark 0x1/0x1";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestXmark()
{
String rule = "-A INPUT -j NFLOG --nflog-group 30";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestEvery()
{
String rule = "-A FORWARD -m statistic --mode nth --every 3 --packet 1";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void Test1()
{
String rule = "-A FORWARD -m set --match-set test src";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestPolyfillParse()
{
String rule = "-A INPUT -m unknown --unknown";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestCoreFragmenting()
{
String rule = "-A INPUT ! -f -j test";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestUpdate()
{
String rule = "-A ATTK_CHECK -m recent --update --name ATTK --seconds 180 --hitcount 20 -j ATTACKED";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void Test2()
{
String rule = "-A FORWARD -m set --match-set test src --return-nomatch ! --update-counters --packets-lt 3 ! --bytes-eq 1";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestSet()
{
String rule = "-A ATTK_CHECK -m recent --set --name ATTK";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestSourceNotMultiports()
{
String rule = "-A INPUT -p tcp -m multiport ! --dports 80,1000:1080";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestDnatSingleSource()
{
String rule = "-A PREROUTING -t nat -d 1.1.1.1/24 -j DNAT --to-destination 2.2.2.2";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestCoreDropingDestination()
{
String rule = "-A INPUT -d 1.2.3.4/16 -j DROP";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestDropConnectionLimit()
{
String rule = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestCoreDropingUdp()
{
String rule = "-A INPUT -p udp -j DROP";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestXmark()
{
String rule = "-A INPUT -j NFQUEUE --queue-num 1 --queue-bypass";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestSnatSingleSource()
{
String rule = "-A POSTROUTING -t nat -s 1.1.1.1/24 -j SNAT --to-source 2.2.2.2";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestRandom()
{
String rule = "-A CHAIN -t raw -m statistic --mode random --probability 0.04";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestRestoreMark()
{
String rule = "-A PREROUTING -j CONNMARK --restore-mark --ctmask 0x11 --nfmask 0x3FFFF00";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestXmark()
{
String rule = "-A INPUT -p tcp -j CONNMARK --set-xmark 0xFF";
String ruleExpect = "-A INPUT -p tcp -j CONNMARK --set-xmark 0xFF";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(ruleExpect, irule.GetActionCommand());
}
public void DnatTest1()
{
String rule = "-A A+B -p tcp -j DNAT --to-destination 1.2.3.4";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
Assert.IsTrue(irule.Compare(IpTablesRule.Parse(rule, null, chains, 4)));
}
public override void DeleteRule(IpTablesRule rule)
{
if (!_inTransaction)
{
//Revert to using IPTables Binary if non transactional
IPTablesBinaryAdapterClient binaryClient = new IPTablesBinaryAdapterClient(_ipVersion, _system, _iptablesBinary);
binaryClient.DeleteRule(rule);
return;
}
String command = rule.GetActionCommand("-D");
if (GetInterface(rule.Chain.Table).ExecuteCommand(_iptablesBinary + " " + command) != 1)
{
throw new IpTablesNetException(String.Format("Failed to delete rule \"{0}\" due to error: \"{1}\"", command, GetInterface(rule.Chain.Table).GetErrorString()));
}
}
public override void InsertRule(IpTablesRule rule)
{
if (!_inTransaction)
{
//Revert to using IPTables Binary if non transactional
IPTablesBinaryAdapterClient binaryClient = new IPTablesBinaryAdapterClient(_ipVersion, _system, _iptablesBinary);
binaryClient.InsertRule(rule);
return;
}
String command = rule.GetActionCommand("-I", false);
_builder.AddCommand(rule.Chain.Table, command);
}
public override void AddRule(IpTablesRule rule)
{
String command = rule.GetActionCommand();
ExecutionHelper.ExecuteIptables(_system, command, _iptablesBinary);
}