[netfilter-cvslog] r3465 - trunk/nfsim-testsuite/01iptables
rusty at netfilter.org
rusty at netfilter.org
Mon Dec 20 05:22:41 CET 2004
Author: rusty at netfilter.org
Date: 2004-12-20 05:22:40 +0100 (Mon, 20 Dec 2004)
New Revision: 3465
Modified:
trunk/nfsim-testsuite/01iptables/00simple.sim
Log:
More simple iptables testing
Modified: trunk/nfsim-testsuite/01iptables/00simple.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/00simple.sim 2004-12-20 04:21:57 UTC (rev 3464)
+++ trunk/nfsim-testsuite/01iptables/00simple.sim 2004-12-20 04:22:40 UTC (rev 3465)
@@ -103,3 +103,41 @@
expect gen_ip send:eth1 {IPv4 FRAG=8 192.168.0.2 192.168.1.2}
gen_ip IF=eth0 FRAG=8,100 192.168.0.2 192.168.1.2 108 3
iptables -D FORWARD ! -f -j DROP
+
+# Test RETURN
+iptables -P FORWARD DROP
+iptables -A FORWARD -s 192.168.0.2 -j RETURN
+iptables -A FORWARD -j ACCEPT
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+expect gen_ip hook:NF_IP_FORWARD * NF_DROP {IPv4 192.168.0.2 192.168.1.2 0 3}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
+iptables -D FORWARD -j ACCEPT
+iptables -D FORWARD -s 192.168.0.2 -j RETURN
+iptables -P FORWARD ACCEPT
+
+# Test jump to new chain
+iptables -N CHAIN
+iptables -A FORWARD -s 192.168.0.2 -j CHAIN
+iptables -A CHAIN -j DROP
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+expect gen_ip hook:NF_IP_FORWARD * NF_DROP {IPv4 192.168.0.2 192.168.1.2 0 3}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
+iptables -D FORWARD -s 192.168.0.2 -j CHAIN
+iptables -D CHAIN -j DROP
+iptables -X CHAIN
+
+# Test return from non-builtin chain.
+iptables -N CHAIN
+iptables -A FORWARD -s 192.168.0.2 -j CHAIN
+iptables -A CHAIN ! -s 192.168.0.2 -j RETURN
+iptables -A CHAIN -j DROP
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
+gen_ip IF=eth0 192.168.0.3 192.168.1.2 0 3
+expect gen_ip hook:NF_IP_FORWARD * NF_DROP {IPv4 192.168.0.2 192.168.1.2 0 3}
+gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
+iptables -D FORWARD -s 192.168.0.2 -j CHAIN
+iptables -D CHAIN ! -s 192.168.0.2 -j RETURN
+iptables -D CHAIN -j DROP
+iptables -X CHAIN
More information about the netfilter-cvslog
mailing list