NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

nwfilter: drop support for legacy iptables match syntax

Browse Source 
Long ago we adapted to iptables changes by introducing support
for '-m conntrack':

  commit 06844ccbaa
  Author: Stefan Berger <stefanb@us.ibm.com>
  Date:   Tue Aug 6 20:30:46 2013 -0400

    nwfilter: Use -m conntrack rather than -m state

    Since iptables version 1.4.16 '-m state --state NEW' is converted to
    '-m conntrack --ctstate NEW'. Therefore, when encountering this or later
    versions of iptables use '-m conntrack --ctstate'.

Given our supported platform targets, we no longer need to
consider a version of iptables before 1.4.16, so can drop
support for the old syntax.

The test suite updates are triggered because that never
probed for the new syntax, and so unconditionally
generated the old syntax.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2022-02-25 16:24:21 +00:00
parent 7aec69b7fb
commit 02b8045517
32 changed files with 806 additions and 871 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
src/nwfilter/nwfilter_ebiptables_driver.c
View File

@ -88,8 +88,6 @@ static enum ctdirStatus iptables_ctdir_corrected;
#define PRINT_IPT_ROOT_CHAIN(buf, prefix, ifname) \ #define PRINT_IPT_ROOT_CHAIN(buf, prefix, ifname) \
g_snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname) g_snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname)
static bool newMatchState;
#define MATCH_PHYSDEV_IN_FW "-m", "physdev", "--physdev-in" #define MATCH_PHYSDEV_IN_FW "-m", "physdev", "--physdev-in"
#define MATCH_PHYSDEV_OUT_FW "-m", "physdev", "--physdev-is-bridged", "--physdev-out" #define MATCH_PHYSDEV_OUT_FW "-m", "physdev", "--physdev-is-bridged", "--physdev-out"
#define MATCH_PHYSDEV_OUT_OLD_FW "-m", "physdev", "--physdev-out" #define MATCH_PHYSDEV_OUT_OLD_FW "-m", "physdev", "--physdev-out"
@ -1489,16 +1487,10 @@ _iptablesCreateRuleInstance(virFirewall *fw,
} }
if (match && !skipMatch) { if (match && !skipMatch) {
if (newMatchState) virFirewallRuleAddArgList(fw, fwrule,
virFirewallRuleAddArgList(fw, fwrule, "-m", "conntrack",
"-m", "conntrack", "--ctstate", match,
"--ctstate", match, NULL);
NULL);
else
virFirewallRuleAddArgList(fw, fwrule,
"-m", "state",
"--state", match,
NULL);
} }
if (defMatch && match != NULL && !skipMatch && !hasICMPType) if (defMatch && match != NULL && !skipMatch && !hasICMPType)
@ -3668,61 +3660,6 @@ ebiptablesDriverProbeCtdir(void)
} }
static int
ebiptablesDriverProbeStateMatchQuery(virFirewall *fw G_GNUC_UNUSED,
virFirewallLayer layer G_GNUC_UNUSED,
const char *const *lines,
void *opaque)
{
unsigned long *version = opaque;
char *tmp;
if (!lines || !lines[0]) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("No output from iptables --version"));
return -1;
}
/*
* we expect output in the format
* 'iptables v1.4.16'
*/
if (!(tmp = strchr(lines[0], 'v')) ||
virStringParseVersion(version, tmp + 1, true) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Cannot parse version string '%s'"),
lines[0]);
return -1;
}
return 0;
}
static int
ebiptablesDriverProbeStateMatch(void)
{
unsigned long version;
g_autoptr(virFirewall) fw = virFirewallNew();
virFirewallStartTransaction(fw, 0);
virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
false, ebiptablesDriverProbeStateMatchQuery, &version,
"--version", NULL);
if (virFirewallApply(fw) < 0)
return -1;
/*
* since version 1.4.16 '-m state --state ...' will be converted to
* '-m conntrack --ctstate ...'
*/
if (version >= 1 * 1000000 + 4 * 1000 + 16)
newMatchState = true;
return 0;
}
static int static int
ebiptablesDriverInit(bool privileged) ebiptablesDriverInit(bool privileged)
{ {
@ -3730,8 +3667,6 @@ ebiptablesDriverInit(bool privileged)
return 0; return 0;
ebiptablesDriverProbeCtdir(); ebiptablesDriverProbeCtdir();
if (ebiptablesDriverProbeStateMatch() < 0)
return -1;
ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED; ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;

36
tests/nwfilterxml2firewalldata/ah-ipv6-linux.args
View File

@ -8,8 +8,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -19,8 +19,8 @@ ip6tables \
--source a:b:c::d:e:f/128 \ --source a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -32,8 +32,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -42,8 +42,8 @@ ip6tables \
--destination a:b:c::/128 \ --destination a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -54,8 +54,8 @@ ip6tables \
--source a:b:c::/128 \ --source a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -64,8 +64,8 @@ ip6tables \
--destination a:b:c::/128 \ --destination a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -74,8 +74,8 @@ ip6tables \
--destination ::ffff:10.1.2.3/128 \ --destination ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -86,8 +86,8 @@ ip6tables \
--source ::ffff:10.1.2.3/128 \ --source ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -96,6 +96,6 @@ ip6tables \
--destination ::ffff:10.1.2.3/128 \ --destination ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/ah-linux.args
View File

@ -7,8 +7,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -17,8 +17,8 @@ iptables \
--source 10.1.2.3/32 \ --source 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -29,8 +29,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -39,8 +39,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -51,8 +51,8 @@ iptables \
--source 10.1.2.3/22 \ --source 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -61,8 +61,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -71,8 +71,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -83,8 +83,8 @@ iptables \
--source 10.1.2.3/22 \ --source 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -93,6 +93,6 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/all-ipv6-linux.args
View File

@ -8,8 +8,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -19,8 +19,8 @@ ip6tables \
--source a:b:c::d:e:f/128 \ --source a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -32,8 +32,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -42,8 +42,8 @@ ip6tables \
--destination a:b:c::/128 \ --destination a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -54,8 +54,8 @@ ip6tables \
--source a:b:c::/128 \ --source a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -64,8 +64,8 @@ ip6tables \
--destination a:b:c::/128 \ --destination a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -74,8 +74,8 @@ ip6tables \
--destination ::ffff:10.1.2.3/128 \ --destination ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -86,8 +86,8 @@ ip6tables \
--source ::ffff:10.1.2.3/128 \ --source ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -96,6 +96,6 @@ ip6tables \
--destination ::ffff:10.1.2.3/128 \ --destination ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/all-linux.args
View File

@ -7,8 +7,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -17,8 +17,8 @@ iptables \
--source 10.1.2.3/32 \ --source 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -29,8 +29,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -39,8 +39,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -51,8 +51,8 @@ iptables \
--source 10.1.2.3/22 \ --source 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -61,8 +61,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -71,8 +71,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -83,8 +83,8 @@ iptables \
--source 10.1.2.3/22 \ --source 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -93,6 +93,6 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

60
tests/nwfilterxml2firewalldata/comment-linux.args
View File

@ -55,8 +55,8 @@ iptables \
--dscp 34 \ --dscp 34 \
--sport 291:400 \ --sport 291:400 \
--dport 564:1092 \ --dport 564:1092 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m comment \ -m comment \
--comment 'udp rule' \ --comment 'udp rule' \
-j RETURN -j RETURN
@ -69,8 +69,8 @@ iptables \
--dscp 34 \ --dscp 34 \
--dport 291:400 \ --dport 291:400 \
--sport 564:1092 \ --sport 564:1092 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment 'udp rule' \ --comment 'udp rule' \
-j ACCEPT -j ACCEPT
@ -85,8 +85,8 @@ iptables \
--dscp 34 \ --dscp 34 \
--sport 291:400 \ --sport 291:400 \
--dport 564:1092 \ --dport 564:1092 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m comment \ -m comment \
--comment 'udp rule' \ --comment 'udp rule' \
-j RETURN -j RETURN
@ -99,8 +99,8 @@ ip6tables \
--dscp 57 \ --dscp 57 \
--dport 32:33 \ --dport 32:33 \
--sport 256:4369 \ --sport 256:4369 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment 'tcp/ipv6 rule' \ --comment 'tcp/ipv6 rule' \
-j RETURN -j RETURN
@ -115,8 +115,8 @@ ip6tables \
--dscp 57 \ --dscp 57 \
--sport 32:33 \ --sport 32:33 \
--dport 256:4369 \ --dport 256:4369 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m comment \ -m comment \
--comment 'tcp/ipv6 rule' \ --comment 'tcp/ipv6 rule' \
-j ACCEPT -j ACCEPT
@ -129,8 +129,8 @@ ip6tables \
--dscp 57 \ --dscp 57 \
--dport 32:33 \ --dport 32:33 \
--sport 256:4369 \ --sport 256:4369 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment 'tcp/ipv6 rule' \ --comment 'tcp/ipv6 rule' \
-j RETURN -j RETURN
@ -138,8 +138,8 @@ ip6tables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p udp \ -p udp \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \ --comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j RETURN -j RETURN
@ -147,8 +147,8 @@ ip6tables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p udp \ -p udp \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m comment \ -m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \ --comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j ACCEPT -j ACCEPT
@ -156,8 +156,8 @@ ip6tables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p udp \ -p udp \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \ --comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j RETURN -j RETURN
@ -165,8 +165,8 @@ ip6tables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p sctp \ -p sctp \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \ --comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j RETURN -j RETURN
@ -174,8 +174,8 @@ ip6tables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p sctp \ -p sctp \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m comment \ -m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \ --comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j ACCEPT -j ACCEPT
@ -183,8 +183,8 @@ ip6tables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p sctp \ -p sctp \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \ --comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j RETURN -j RETURN
@ -192,8 +192,8 @@ ip6tables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p ah \ -p ah \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \ --comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \
-j RETURN -j RETURN
@ -201,8 +201,8 @@ ip6tables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p ah \ -p ah \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m comment \ -m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \ --comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \
-j ACCEPT -j ACCEPT
@ -210,8 +210,8 @@ ip6tables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p ah \ -p ah \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \ --comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \
-j RETURN -j RETURN

12
tests/nwfilterxml2firewalldata/conntrack-linux.args
View File

@ -30,20 +30,20 @@ iptables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/esp-ipv6-linux.args
View File

@ -8,8 +8,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -19,8 +19,8 @@ ip6tables \
--source a:b:c::d:e:f/128 \ --source a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -32,8 +32,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -42,8 +42,8 @@ ip6tables \
--destination a:b:c::/128 \ --destination a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -54,8 +54,8 @@ ip6tables \
--source a:b:c::/128 \ --source a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -64,8 +64,8 @@ ip6tables \
--destination a:b:c::/128 \ --destination a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -74,8 +74,8 @@ ip6tables \
--destination ::ffff:10.1.2.3/128 \ --destination ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -86,8 +86,8 @@ ip6tables \
--source ::ffff:10.1.2.3/128 \ --source ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -96,6 +96,6 @@ ip6tables \
--destination ::ffff:10.1.2.3/128 \ --destination ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/esp-linux.args
View File

@ -7,8 +7,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -17,8 +17,8 @@ iptables \
--source 10.1.2.3/32 \ --source 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -29,8 +29,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -39,8 +39,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -51,8 +51,8 @@ iptables \
--source 10.1.2.3/22 \ --source 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -61,8 +61,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -71,8 +71,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -83,8 +83,8 @@ iptables \
--source 10.1.2.3/22 \ --source 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -93,6 +93,6 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/example-1-linux.args
View File

@ -3,66 +3,66 @@ iptables \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p tcp \ -p tcp \
--sport 22 \ --sport 22 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p tcp \ -p tcp \
--dport 22 \ --dport 22 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p tcp \ -p tcp \
--sport 22 \ --sport 22 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p icmp \ -p icmp \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p icmp \ -p icmp \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p icmp \ -p icmp \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \

28
tests/nwfilterxml2firewalldata/example-2-linux.args
View File

@ -2,8 +2,8 @@ iptables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED,RELATED \ --ctstate ESTABLISHED,RELATED \
-m comment \ -m comment \
--comment 'out: existing and related (ftp) connections' \ --comment 'out: existing and related (ftp) connections' \
-j RETURN -j RETURN
@ -11,8 +11,8 @@ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED,RELATED \ --ctstate ESTABLISHED,RELATED \
-m comment \ -m comment \
--comment 'out: existing and related (ftp) connections' \ --comment 'out: existing and related (ftp) connections' \
-j RETURN -j RETURN
@ -20,8 +20,8 @@ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment 'in: existing connections' \ --comment 'in: existing connections' \
-j ACCEPT -j ACCEPT
@ -30,8 +30,8 @@ iptables \
-A FP-vnet0 \ -A FP-vnet0 \
-p tcp \ -p tcp \
--dport 21:22 \ --dport 21:22 \
-m state \ -m conntrack \
--state NEW \ --ctstate NEW \
-m comment \ -m comment \
--comment 'in: ftp and ssh' \ --comment 'in: ftp and ssh' \
-j ACCEPT -j ACCEPT
@ -39,8 +39,8 @@ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p icmp \ -p icmp \
-m state \ -m conntrack \
--state NEW \ --ctstate NEW \
-m comment \ -m comment \
--comment 'in: icmp' \ --comment 'in: icmp' \
-j ACCEPT -j ACCEPT
@ -49,8 +49,8 @@ iptables \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p udp \ -p udp \
--dport 53 \ --dport 53 \
-m state \ -m conntrack \
--state NEW \ --ctstate NEW \
-m comment \ -m comment \
--comment 'out: DNS lookups' \ --comment 'out: DNS lookups' \
-j RETURN -j RETURN
@ -59,8 +59,8 @@ iptables \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p udp \ -p udp \
--dport 53 \ --dport 53 \
-m state \ -m conntrack \
--state NEW \ --ctstate NEW \
-m comment \ -m comment \
--comment 'out: DNS lookups' \ --comment 'out: DNS lookups' \
-j RETURN -j RETURN

24
tests/nwfilterxml2firewalldata/hex-data-linux.args
View File

@ -55,8 +55,8 @@ iptables \
--dscp 34 \ --dscp 34 \
--sport 291:400 \ --sport 291:400 \
--dport 564:1092 \ --dport 564:1092 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -67,8 +67,8 @@ iptables \
--dscp 34 \ --dscp 34 \
--dport 291:400 \ --dport 291:400 \
--sport 564:1092 \ --sport 564:1092 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -81,8 +81,8 @@ iptables \
--dscp 34 \ --dscp 34 \
--sport 291:400 \ --sport 291:400 \
--dport 564:1092 \ --dport 564:1092 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -93,8 +93,8 @@ ip6tables \
--dscp 57 \ --dscp 57 \
--dport 32:33 \ --dport 32:33 \
--sport 256:4369 \ --sport 256:4369 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -107,8 +107,8 @@ ip6tables \
--dscp 57 \ --dscp 57 \
--sport 32:33 \ --sport 32:33 \
--dport 256:4369 \ --dport 256:4369 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -119,6 +119,6 @@ ip6tables \
--dscp 57 \ --dscp 57 \
--dport 32:33 \ --dport 32:33 \
--sport 256:4369 \ --sport 256:4369 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

12
tests/nwfilterxml2firewalldata/icmp-direction-linux.args
View File

@ -3,24 +3,24 @@ iptables \
-A FP-vnet0 \ -A FP-vnet0 \
-p icmp \ -p icmp \
--icmp-type 0 \ --icmp-type 0 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p icmp \ -p icmp \
--icmp-type 8 \ --icmp-type 8 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p icmp \ -p icmp \
--icmp-type 8 \ --icmp-type 8 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \

12
tests/nwfilterxml2firewalldata/icmp-direction2-linux.args
View File

@ -3,24 +3,24 @@ iptables \
-A FP-vnet0 \ -A FP-vnet0 \
-p icmp \ -p icmp \
--icmp-type 8 \ --icmp-type 8 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p icmp \ -p icmp \
--icmp-type 0 \ --icmp-type 0 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p icmp \ -p icmp \
--icmp-type 0 \ --icmp-type 0 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \

12
tests/nwfilterxml2firewalldata/icmp-direction3-linux.args
View File

@ -2,22 +2,22 @@ iptables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p icmp \ -p icmp \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p icmp \ -p icmp \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p icmp \ -p icmp \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \

12
tests/nwfilterxml2firewalldata/icmp-linux.args
View File

@ -8,8 +8,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--icmp-type 12/11 \ --icmp-type 12/11 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -21,8 +21,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--icmp-type 12/11 \ --icmp-type 12/11 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -34,6 +34,6 @@ iptables \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
--icmp-type 255/255 \ --icmp-type 255/255 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT

16
tests/nwfilterxml2firewalldata/icmpv6-linux.args
View File

@ -9,8 +9,8 @@ ip6tables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--icmpv6-type 12/11 \ --icmpv6-type 12/11 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -23,8 +23,8 @@ ip6tables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--icmpv6-type 12/11 \ --icmpv6-type 12/11 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -36,8 +36,8 @@ ip6tables \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
--icmpv6-type 255/255 \ --icmpv6-type 255/255 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -49,6 +49,6 @@ ip6tables \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
--icmpv6-type 255/255 \ --icmpv6-type 255/255 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT

36
tests/nwfilterxml2firewalldata/igmp-linux.args
View File

@ -7,8 +7,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -17,8 +17,8 @@ iptables \
--source 10.1.2.3/32 \ --source 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -29,8 +29,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -39,8 +39,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -51,8 +51,8 @@ iptables \
--source 10.1.2.3/22 \ --source 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -61,8 +61,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -71,8 +71,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -83,8 +83,8 @@ iptables \
--source 10.1.2.3/22 \ --source 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -93,6 +93,6 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

48
tests/nwfilterxml2firewalldata/ipset-linux.args
View File

@ -2,8 +2,8 @@ iptables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m set \ -m set \
--match-set tck_test src,dst \ --match-set tck_test src,dst \
-j RETURN -j RETURN
@ -11,8 +11,8 @@ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m set \ -m set \
--match-set tck_test dst,src \ --match-set tck_test dst,src \
-j ACCEPT -j ACCEPT
@ -20,8 +20,8 @@ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m set \ -m set \
--match-set tck_test src,dst \ --match-set tck_test src,dst \
-j RETURN -j RETURN
@ -56,8 +56,8 @@ iptables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m set \ -m set \
--match-set tck_test dst,src,dst \ --match-set tck_test dst,src,dst \
-j RETURN -j RETURN
@ -65,8 +65,8 @@ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m set \ -m set \
--match-set tck_test src,dst,src \ --match-set tck_test src,dst,src \
-j ACCEPT -j ACCEPT
@ -74,8 +74,8 @@ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m set \ -m set \
--match-set tck_test dst,src,dst \ --match-set tck_test dst,src,dst \
-j RETURN -j RETURN
@ -83,8 +83,8 @@ iptables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m set \ -m set \
--match-set tck_test dst,src,dst \ --match-set tck_test dst,src,dst \
-j RETURN -j RETURN
@ -92,8 +92,8 @@ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m set \ -m set \
--match-set tck_test src,dst,src \ --match-set tck_test src,dst,src \
-j ACCEPT -j ACCEPT
@ -101,8 +101,8 @@ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m set \ -m set \
--match-set tck_test dst,src,dst \ --match-set tck_test dst,src,dst \
-j RETURN -j RETURN
@ -110,8 +110,8 @@ iptables \
-w \ -w \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m set \ -m set \
--match-set tck_test dst,src \ --match-set tck_test dst,src \
-j RETURN -j RETURN
@ -119,8 +119,8 @@ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m set \ -m set \
--match-set tck_test src,dst \ --match-set tck_test src,dst \
-j ACCEPT -j ACCEPT
@ -128,8 +128,8 @@ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p all \ -p all \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m set \ -m set \
--match-set tck_test dst,src \ --match-set tck_test dst,src \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/iter1-linux.args
View File

@ -6,8 +6,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--sport 80 \ --sport 80 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -17,8 +17,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--dport 80 \ --dport 80 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -28,8 +28,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--sport 80 \ --sport 80 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -39,8 +39,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--sport 90 \ --sport 90 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -50,8 +50,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--dport 90 \ --dport 90 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -61,8 +61,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--sport 90 \ --sport 90 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -72,8 +72,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--sport 80 \ --sport 80 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -83,8 +83,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--dport 80 \ --dport 80 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -94,6 +94,6 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--sport 80 \ --sport 80 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN

684
tests/nwfilterxml2firewalldata/iter2-linux.args
View File

File diff suppressed because it is too large Load Diff

60
tests/nwfilterxml2firewalldata/iter3-linux.args
View File

@ -6,8 +6,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 1 \ --dscp 1 \
--sport 80 \ --sport 80 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -17,8 +17,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 1 \ --dscp 1 \
--dport 80 \ --dport 80 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -28,8 +28,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 1 \ --dscp 1 \
--sport 80 \ --sport 80 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -39,8 +39,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 1 \ --dscp 1 \
--sport 90 \ --sport 90 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -50,8 +50,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 1 \ --dscp 1 \
--dport 90 \ --dport 90 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -61,8 +61,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 1 \ --dscp 1 \
--sport 90 \ --sport 90 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -72,8 +72,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--sport 80 \ --sport 80 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -83,8 +83,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--dport 80 \ --dport 80 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -94,8 +94,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--sport 80 \ --sport 80 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -105,8 +105,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--sport 90 \ --sport 90 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -116,8 +116,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--dport 90 \ --dport 90 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -127,8 +127,8 @@ iptables \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
--sport 90 \ --sport 90 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -139,8 +139,8 @@ iptables \
--dscp 3 \ --dscp 3 \
--sport 80 \ --sport 80 \
--dport 1100 \ --dport 1100 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -151,8 +151,8 @@ iptables \
--dscp 3 \ --dscp 3 \
--dport 80 \ --dport 80 \
--sport 1100 \ --sport 1100 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -163,6 +163,6 @@ iptables \
--dscp 3 \ --dscp 3 \
--sport 80 \ --sport 80 \
--dport 1100 \ --dport 1100 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args
View File

@ -7,8 +7,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -17,8 +17,8 @@ ip6tables \
--source a:b:c::d:e:f/128 \ --source a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -29,8 +29,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -41,8 +41,8 @@ ip6tables \
--dscp 33 \ --dscp 33 \
--dport 20:21 \ --dport 20:21 \
--sport 100:1111 \ --sport 100:1111 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -55,8 +55,8 @@ ip6tables \
--dscp 33 \ --dscp 33 \
--sport 20:21 \ --sport 20:21 \
--dport 100:1111 \ --dport 100:1111 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -67,8 +67,8 @@ ip6tables \
--dscp 33 \ --dscp 33 \
--dport 20:21 \ --dport 20:21 \
--sport 100:1111 \ --sport 100:1111 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -79,8 +79,8 @@ ip6tables \
--dscp 63 \ --dscp 63 \
--dport 255:256 \ --dport 255:256 \
--sport 65535:65535 \ --sport 65535:65535 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -93,8 +93,8 @@ ip6tables \
--dscp 63 \ --dscp 63 \
--sport 255:256 \ --sport 255:256 \
--dport 65535:65535 \ --dport 65535:65535 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -105,6 +105,6 @@ ip6tables \
--dscp 63 \ --dscp 63 \
--dport 255:256 \ --dport 255:256 \
--sport 65535:65535 \ --sport 65535:65535 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/sctp-linux.args
View File

@ -7,8 +7,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -17,8 +17,8 @@ iptables \
--source 10.1.2.3/32 \ --source 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -29,8 +29,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -41,8 +41,8 @@ iptables \
--dscp 33 \ --dscp 33 \
--dport 20:21 \ --dport 20:21 \
--sport 100:1111 \ --sport 100:1111 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -55,8 +55,8 @@ iptables \
--dscp 33 \ --dscp 33 \
--sport 20:21 \ --sport 20:21 \
--dport 100:1111 \ --dport 100:1111 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -67,8 +67,8 @@ iptables \
--dscp 33 \ --dscp 33 \
--dport 20:21 \ --dport 20:21 \
--sport 100:1111 \ --sport 100:1111 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -79,8 +79,8 @@ iptables \
--dscp 63 \ --dscp 63 \
--dport 255:256 \ --dport 255:256 \
--sport 65535:65535 \ --sport 65535:65535 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -93,8 +93,8 @@ iptables \
--dscp 63 \ --dscp 63 \
--sport 255:256 \ --sport 255:256 \
--dport 65535:65535 \ --dport 65535:65535 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -105,6 +105,6 @@ iptables \
--dscp 63 \ --dscp 63 \
--dport 255:256 \ --dport 255:256 \
--sport 65535:65535 \ --sport 65535:65535 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

24
tests/nwfilterxml2firewalldata/target-linux.args
View File

@ -49,8 +49,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m comment \ -m comment \
--comment 'accept rule -- dir out' \ --comment 'accept rule -- dir out' \
-j RETURN -j RETURN
@ -61,8 +61,8 @@ iptables \
--source 10.1.2.3/32 \ --source 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment 'accept rule -- dir out' \ --comment 'accept rule -- dir out' \
-j ACCEPT -j ACCEPT
@ -75,8 +75,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m comment \ -m comment \
--comment 'accept rule -- dir out' \ --comment 'accept rule -- dir out' \
-j RETURN -j RETURN
@ -155,8 +155,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment 'accept rule -- dir in' \ --comment 'accept rule -- dir in' \
-j RETURN -j RETURN
@ -169,8 +169,8 @@ iptables \
--source 10.1.2.3/22 \ --source 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-m comment \ -m comment \
--comment 'accept rule -- dir in' \ --comment 'accept rule -- dir in' \
-j ACCEPT -j ACCEPT
@ -181,8 +181,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-m comment \ -m comment \
--comment 'accept rule -- dir in' \ --comment 'accept rule -- dir in' \
-j RETURN -j RETURN

12
tests/nwfilterxml2firewalldata/target2-linux.args
View File

@ -21,24 +21,24 @@ iptables \
-A FJ-vnet0 \ -A FJ-vnet0 \
-p tcp \ -p tcp \
--sport 80 \ --sport 80 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
-A FP-vnet0 \ -A FP-vnet0 \
-p tcp \ -p tcp \
--dport 80 \ --dport 80 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
-A HJ-vnet0 \ -A HJ-vnet0 \
-p tcp \ -p tcp \
--sport 80 \ --sport 80 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \

36
tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args
View File

@ -7,8 +7,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -17,8 +17,8 @@ ip6tables \
--source a:b:c::d:e:f/128 \ --source a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -29,8 +29,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -41,8 +41,8 @@ ip6tables \
--dscp 33 \ --dscp 33 \
--dport 20:21 \ --dport 20:21 \
--sport 100:1111 \ --sport 100:1111 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -55,8 +55,8 @@ ip6tables \
--dscp 33 \ --dscp 33 \
--sport 20:21 \ --sport 20:21 \
--dport 100:1111 \ --dport 100:1111 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -67,8 +67,8 @@ ip6tables \
--dscp 33 \ --dscp 33 \
--dport 20:21 \ --dport 20:21 \
--sport 100:1111 \ --sport 100:1111 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -79,8 +79,8 @@ ip6tables \
--dscp 63 \ --dscp 63 \
--dport 255:256 \ --dport 255:256 \
--sport 65535:65535 \ --sport 65535:65535 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -93,8 +93,8 @@ ip6tables \
--dscp 63 \ --dscp 63 \
--sport 255:256 \ --sport 255:256 \
--dport 65535:65535 \ --dport 65535:65535 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -105,6 +105,6 @@ ip6tables \
--dscp 63 \ --dscp 63 \
--dport 255:256 \ --dport 255:256 \
--sport 65535:65535 \ --sport 65535:65535 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

12
tests/nwfilterxml2firewalldata/tcp-linux.args
View File

@ -7,8 +7,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -17,8 +17,8 @@ iptables \
--source 10.1.2.3/32 \ --source 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -29,8 +29,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \

36
tests/nwfilterxml2firewalldata/udp-ipv6-linux.args
View File

@ -7,8 +7,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -17,8 +17,8 @@ ip6tables \
--source a:b:c::d:e:f/128 \ --source a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -29,8 +29,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -41,8 +41,8 @@ ip6tables \
--dscp 33 \ --dscp 33 \
--dport 20:21 \ --dport 20:21 \
--sport 100:1111 \ --sport 100:1111 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -55,8 +55,8 @@ ip6tables \
--dscp 33 \ --dscp 33 \
--sport 20:21 \ --sport 20:21 \
--dport 100:1111 \ --dport 100:1111 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -67,8 +67,8 @@ ip6tables \
--dscp 33 \ --dscp 33 \
--dport 20:21 \ --dport 20:21 \
--sport 100:1111 \ --sport 100:1111 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -79,8 +79,8 @@ ip6tables \
--dscp 63 \ --dscp 63 \
--dport 255:256 \ --dport 255:256 \
--sport 65535:65535 \ --sport 65535:65535 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -93,8 +93,8 @@ ip6tables \
--dscp 63 \ --dscp 63 \
--sport 255:256 \ --sport 255:256 \
--dport 65535:65535 \ --dport 65535:65535 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -105,6 +105,6 @@ ip6tables \
--dscp 63 \ --dscp 63 \
--dport 255:256 \ --dport 255:256 \
--sport 65535:65535 \ --sport 65535:65535 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/udp-linux.args
View File

@ -7,8 +7,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -17,8 +17,8 @@ iptables \
--source 10.1.2.3/32 \ --source 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -29,8 +29,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -41,8 +41,8 @@ iptables \
--dscp 33 \ --dscp 33 \
--dport 20:21 \ --dport 20:21 \
--sport 100:1111 \ --sport 100:1111 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -55,8 +55,8 @@ iptables \
--dscp 33 \ --dscp 33 \
--sport 20:21 \ --sport 20:21 \
--dport 100:1111 \ --dport 100:1111 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -67,8 +67,8 @@ iptables \
--dscp 33 \ --dscp 33 \
--dport 20:21 \ --dport 20:21 \
--sport 100:1111 \ --sport 100:1111 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -79,8 +79,8 @@ iptables \
--dscp 63 \ --dscp 63 \
--dport 255:256 \ --dport 255:256 \
--sport 65535:65535 \ --sport 65535:65535 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -93,8 +93,8 @@ iptables \
--dscp 63 \ --dscp 63 \
--sport 255:256 \ --sport 255:256 \
--dport 65535:65535 \ --dport 65535:65535 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -105,6 +105,6 @@ iptables \
--dscp 63 \ --dscp 63 \
--dport 255:256 \ --dport 255:256 \
--sport 65535:65535 \ --sport 65535:65535 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args
View File

@ -8,8 +8,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -19,8 +19,8 @@ ip6tables \
--source a:b:c::d:e:f/128 \ --source a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -32,8 +32,8 @@ ip6tables \
--destination a:b:c::d:e:f/128 \ --destination a:b:c::d:e:f/128 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -42,8 +42,8 @@ ip6tables \
--destination a:b:c::/128 \ --destination a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -54,8 +54,8 @@ ip6tables \
--source a:b:c::/128 \ --source a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -64,8 +64,8 @@ ip6tables \
--destination a:b:c::/128 \ --destination a:b:c::/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -74,8 +74,8 @@ ip6tables \
--destination ::ffff:10.1.2.3/128 \ --destination ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
ip6tables \ ip6tables \
-w \ -w \
@ -86,8 +86,8 @@ ip6tables \
--source ::ffff:10.1.2.3/128 \ --source ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
ip6tables \ ip6tables \
-w \ -w \
@ -96,6 +96,6 @@ ip6tables \
--destination ::ffff:10.1.2.3/128 \ --destination ::ffff:10.1.2.3/128 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN

36
tests/nwfilterxml2firewalldata/udplite-linux.args
View File

@ -7,8 +7,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -17,8 +17,8 @@ iptables \
--source 10.1.2.3/32 \ --source 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -29,8 +29,8 @@ iptables \
--destination 10.1.2.3/32 \ --destination 10.1.2.3/32 \
-m dscp \ -m dscp \
--dscp 2 \ --dscp 2 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -39,8 +39,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -51,8 +51,8 @@ iptables \
--source 10.1.2.3/22 \ --source 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -61,8 +61,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -71,8 +71,8 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN
iptables \ iptables \
-w \ -w \
@ -83,8 +83,8 @@ iptables \
--source 10.1.2.3/22 \ --source 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state NEW,ESTABLISHED \ --ctstate NEW,ESTABLISHED \
-j ACCEPT -j ACCEPT
iptables \ iptables \
-w \ -w \
@ -93,6 +93,6 @@ iptables \
--destination 10.1.2.3/22 \ --destination 10.1.2.3/22 \
-m dscp \ -m dscp \
--dscp 33 \ --dscp 33 \
-m state \ -m conntrack \
--state ESTABLISHED \ --ctstate ESTABLISHED \
-j RETURN -j RETURN