[netfilter-cvslog] r3442 - trunk/nfsim-testsuite/01iptables
rusty at netfilter.org
rusty at netfilter.org
Sat Dec 18 14:24:19 CET 2004
Author: rusty at netfilter.org
Date: 2004-12-18 14:24:18 +0100 (Sat, 18 Dec 2004)
New Revision: 3442
Added:
trunk/nfsim-testsuite/01iptables/37ipt_multiport.sh
Log:
Samuel Jean: main body of multiport test
Added: trunk/nfsim-testsuite/01iptables/37ipt_multiport.sh
===================================================================
--- trunk/nfsim-testsuite/01iptables/37ipt_multiport.sh 2004-12-18 13:23:05 UTC (rev 3441)
+++ trunk/nfsim-testsuite/01iptables/37ipt_multiport.sh 2004-12-18 13:24:18 UTC (rev 3442)
@@ -0,0 +1,34 @@
+#! /bin/sh
+
+# For both TCP and UDP, test five ports against the three options
+# where port 1 and port 5 are always the excluded twin (NF_ACCEPT'ed).
+FLAG=" SYN"
+for proto in 6 17; do
+ if [[ $proto == 17 ]]; then
+ unset FLAG
+ fi
+ for arg in sports dports ports
+ do
+ echo iptables -I INPUT -p $proto -m multiport --${arg} 2,3,4 -j DROP
+ for port in 1 2 3 4 5
+ do
+ case $port in
+ [1,5]) VERDICT=NF_ACCEPT ;;
+ *) VERDICT=NF_DROP ;;
+ esac
+
+ case $arg in
+ sports) PORTS="${port} 1" ;;
+ dports) PORTS="1 ${port}" ;;
+ ports) PORTS="${port} ${port}" ;;
+ esac
+
+ echo expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter $VERDICT \
+ {IPv4 192.168.0.2 192.168.0.1 0 $proto ${PORTS}$FLAG}
+ echo gen_ip IF=eth0 192.168.0.2 192.168.0.1 0 $proto $PORTS $FLAG
+ done
+ echo iptables -D INPUT -p $proto -m multiport --${arg} 2,3,4 -j DROP
+ done
+done > $TMPFILE
+
+$NFSIM $NFSIM_ARGS < $TMPFILE
More information about the netfilter-cvslog
mailing list