NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

util/tests: enable locking on iptables/ebtables commandlines in unit tests

Browse Source 
All the unit tests that use iptables/ip6tables/ebtables have been
written to omit the locking/exclusive use primitive on the generated
commandlines. Even though none of the tests actually execute those
commands (and so it doesn't matter for purposes of the test whether or
not the commands support these options), it still made sense when some
systems had these locking options and some didn't.

We are now at a point where every supported Linux distro has supported
the locking options on these commands for quite a long time, and are
going to make their use non-optional. As a first step, this patch uses
the virFirewallSetLockOverride() function, which is called at the
beginning of all firewall-related tests, to set all the bools
controlling whether or not the locking options are used to true. This
means that all the test cases must be updated to include the proper
locking option in their commandlines.

The change to make actual execs of the commands unconditionally use
the locking option will be in an upcoming patch - this one affects
only the unit tests.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
This commit is contained in:
Laine Stump
2020-11-16 19:20:53 -05:00
parent 28a3dedddd
commit e66451f685
51 changed files with 1115 additions and 358 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
tests/networkxml2firewalldata/base.args
View File

@@ -1,116 +1,150 @@
iptables \
-w \
--table filter \
--list-rules
iptables \
-w \
--table nat \
--list-rules
iptables \
-w \
--table mangle \
--list-rules
iptables \
-w \
--table filter \
--new-chain LIBVIRT_INP
iptables \
-w \
--table filter \
--insert INPUT \
--jump LIBVIRT_INP
iptables \
-w \
--table filter \
--new-chain LIBVIRT_OUT
iptables \
-w \
--table filter \
--insert OUTPUT \
--jump LIBVIRT_OUT
iptables \
-w \
--table filter \
--new-chain LIBVIRT_FWO
iptables \
-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWO
iptables \
-w \
--table filter \
--new-chain LIBVIRT_FWI
iptables \
-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWI
iptables \
-w \
--table filter \
--new-chain LIBVIRT_FWX
iptables \
-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWX
iptables \
-w \
--table nat \
--new-chain LIBVIRT_PRT
iptables \
-w \
--table nat \
--insert POSTROUTING \
--jump LIBVIRT_PRT
iptables \
-w \
--table mangle \
--new-chain LIBVIRT_PRT
iptables \
-w \
--table mangle \
--insert POSTROUTING \
--jump LIBVIRT_PRT
ip6tables \
-w \
--table filter \
--list-rules
ip6tables \
-w \
--table nat \
--list-rules
ip6tables \
-w \
--table mangle \
--list-rules
ip6tables \
-w \
--table filter \
--new-chain LIBVIRT_INP
ip6tables \
-w \
--table filter \
--insert INPUT \
--jump LIBVIRT_INP
ip6tables \
-w \
--table filter \
--new-chain LIBVIRT_OUT
ip6tables \
-w \
--table filter \
--insert OUTPUT \
--jump LIBVIRT_OUT
ip6tables \
-w \
--table filter \
--new-chain LIBVIRT_FWO
ip6tables \
-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWO
ip6tables \
-w \
--table filter \
--new-chain LIBVIRT_FWI
ip6tables \
-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWI
ip6tables \
-w \
--table filter \
--new-chain LIBVIRT_FWX
ip6tables \
-w \
--table filter \
--insert FORWARD \
--jump LIBVIRT_FWX
ip6tables \
-w \
--table nat \
--new-chain LIBVIRT_PRT
ip6tables \
-w \
--table nat \
--insert POSTROUTING \
--jump LIBVIRT_PRT
ip6tables \
-w \
--table mangle \
--new-chain LIBVIRT_PRT
ip6tables \
-w \
--table mangle \
--insert POSTROUTING \
--jump LIBVIRT_PRT

19
tests/networkxml2firewalldata/nat-default-linux.args
View File

@@ -1,4 +1,5 @@
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,28 +63,33 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -85,12 +98,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -99,6 +114,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -107,18 +123,21 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \

30
tests/networkxml2firewalldata/nat-ipv6-linux.args
View File

@@ -1,4 +1,5 @@
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,38 +63,45 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -94,6 +109,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -101,6 +117,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -108,6 +125,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -115,6 +133,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -122,6 +141,7 @@ ip6tables \
--destination-port 547 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -129,12 +149,14 @@ ip6tables \
--destination-port 546 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -143,12 +165,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -157,6 +181,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -165,30 +190,35 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 2001:db8:ca2:2::/64 \
--in-interface virbr0 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 2001:db8:ca2:2::/64 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \

34
tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.args
View File

@@ -1,4 +1,5 @@
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,38 +63,45 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -94,6 +109,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -101,6 +117,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -108,6 +125,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -115,6 +133,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -122,6 +141,7 @@ ip6tables \
--destination-port 547 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -129,12 +149,14 @@ ip6tables \
--destination-port 546 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -143,12 +165,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -157,6 +181,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -165,24 +190,28 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 2001:db8:ca2:2::/64 \
--in-interface virbr0 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 2001:db8:ca2:2::/64 \
@@ -191,12 +220,14 @@ ip6tables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
ip6tables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 2001:db8:ca2:2::/64 '!' \
--destination 2001:db8:ca2:2::/64 \
--jump MASQUERADE
ip6tables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 2001:db8:ca2:2::/64 \
@@ -205,6 +236,7 @@ ip6tables \
--jump MASQUERADE \
--to-ports 1024-65535
ip6tables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 2001:db8:ca2:2::/64 \
@@ -213,12 +245,14 @@ ip6tables \
--jump MASQUERADE \
--to-ports 1024-65535
ip6tables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 2001:db8:ca2:2::/64 \
--destination ff02::/16 \
--jump RETURN
iptables \
-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \

33
tests/networkxml2firewalldata/nat-many-ips-linux.args
View File

@@ -1,4 +1,5 @@
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,28 +63,33 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -85,12 +98,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -99,6 +114,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -107,24 +123,28 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.128.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.128.0/24 \
@@ -133,12 +153,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.128.0/24 '!' \
--destination 192.168.128.0/24 \
--jump MASQUERADE
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.128.0/24 \
@@ -147,6 +169,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.128.0/24 \
@@ -155,24 +178,28 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.128.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.128.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.150.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.150.0/24 \
@@ -181,12 +208,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.150.0/24 '!' \
--destination 192.168.150.0/24 \
--jump MASQUERADE
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.150.0/24 \
@@ -195,6 +224,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.150.0/24 \
@@ -203,18 +233,21 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.150.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.150.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \

29
tests/networkxml2firewalldata/nat-no-dhcp-linux.args
View File

@@ -1,4 +1,5 @@
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,38 +63,45 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -94,6 +109,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -101,6 +117,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -108,6 +125,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -115,6 +133,7 @@ ip6tables \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -122,6 +141,7 @@ ip6tables \
--destination-port 547 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -129,12 +149,14 @@ ip6tables \
--destination-port 546 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -143,12 +165,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -157,6 +181,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -165,24 +190,28 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 2001:db8:ca2:2::/64 \
--in-interface virbr0 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 2001:db8:ca2:2::/64 \

21
tests/networkxml2firewalldata/nat-tftp-linux.args
View File

@@ -1,4 +1,5 @@
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,6 +63,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -62,6 +71,7 @@ iptables \
--destination-port 69 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -69,28 +79,33 @@ iptables \
--destination-port 69 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
@@ -99,12 +114,14 @@ iptables \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -113,6 +130,7 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
@@ -121,18 +139,21 @@ iptables \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
-w \
--table nat \
--insert LIBVIRT_PRT \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \

14
tests/networkxml2firewalldata/route-default-linux.args
View File

@@ -1,4 +1,5 @@
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -6,6 +7,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -13,6 +15,7 @@ iptables \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -20,6 +23,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -27,6 +31,7 @@ iptables \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -34,6 +39,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
@@ -41,6 +47,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -48,6 +55,7 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
@@ -55,34 +63,40 @@ iptables \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--destination 192.168.122.0/24 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \