public void TestSimpleDoNothing()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
}, system);
List<String> expectedCommands = new List<String>() { };
mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands);
}
public void TestNatDoNothing()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>()
{
"-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
"-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>()
{
"-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
"-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
}, system);
List<String> expectedCommands = new List<String>() { };
mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands);
}
public void TestAdd()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2",
"-A INPUT -d 1.2.3.4/16 -j DROP"
}, system);
List<String> expectedCommands = new List<String>() { rulesNew.Chains.First().Rules[2].GetActionCommand() };
mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands);
}
public void TestSimpleDoNothing()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
}, system);
List<String> expectedCommands = new List<String>() {};
mock.TestSync(rulesOriginal, rulesNew);
CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);
}
public void TestAdd()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2",
"-A INPUT -d 1.2.3.4/16 -j DROP"
}, system);
List<String> expectedCommands = new List<String> { "*filter", rulesNew.Chains.First().Rules[2].GetActionCommand(), "COMMIT" };
mock.TestSync(rulesOriginal, rulesNew);
CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);
}
public void TestQuotes()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP",
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP",
"-A INPUT -m comment --comment 'test space'"
}, system);
List<String> expectedCommands = new List<String> { "*filter",
"-A INPUT -m comment --comment \"test space\"", "COMMIT" };
mock.TestSync(rulesOriginal, rulesNew);
var output = (system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput();
CollectionAssert.AreEqual(output, expectedCommands);
}
public void TestUpdateMiddle()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
}, system);
List<String> expectedCommands = new List<String>()
{
rulesNew.Chains.First().Rules[1].GetActionCommand("-R")
};
mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands, CommentComparer);
}
public void TestNatDoNothing()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List<String>()
{
"-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
"-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List<String>()
{
"-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80",
"-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80"
}, system);
List<String> expectedCommands = new List<String>() { };
using (var client = system.GetTableAdapter(4))
{
mock.TestSync(client, rulesOriginal, rulesNew);
CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);
}
}
public void TestUpdateMiddle()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\""
}, system);
List<String> expectedCommands = new List<String>()
{
"*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), "COMMIT" };
using (var client = system.GetTableAdapter(4))
{
mock.TestSync(client, rulesOriginal, rulesNew, CommentComparer);
CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);
}
}
public void TestDeleteMultiples()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5"
}, system);
List<String> expectedCommands = new List<String>() { "*filter", "-D INPUT 1", "-D INPUT 2", "COMMIT" };
using (var client = system.GetTableAdapter(4))
{
mock.TestSync(client, rulesOriginal, rulesNew);
CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);
}
}
public void TestDeleteMultiples()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter());
IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5",
"-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
}, system);
IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>()
{
"-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5"
}, system);
List<String> expectedCommands = new List<String>() { "-D INPUT 1", "-D INPUT 2" };
mock.TestSync(rulesOriginal, rulesNew, expectedCommands);
}