[netfilter-cvslog] r3549 - trunk/nfsim-testsuite/01iptables
rusty at netfilter.org
rusty at netfilter.org
Sun Jan 2 15:03:57 CET 2005
Author: rusty at netfilter.org
Date: 2005-01-02 15:03:57 +0100 (Sun, 02 Jan 2005)
New Revision: 3549
Modified:
trunk/nfsim-testsuite/01iptables/42limit.sim
Log:
Keep --failtest happy
Modified: trunk/nfsim-testsuite/01iptables/42limit.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/42limit.sim 2005-01-02 12:42:05 UTC (rev 3548)
+++ trunk/nfsim-testsuite/01iptables/42limit.sim 2005-01-02 14:03:57 UTC (rev 3549)
@@ -3,50 +3,65 @@
# Second one in a second, minute, hour, day should be dropped.
iptables -A FORWARD -m limit --limit-burst 1 --limit 1/sec -j LOG --log-prefix=MATCHED!
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
expect ! gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
time +1
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
iptables -D FORWARD -m limit --limit-burst 1 --limit 1/sec -j LOG --log-prefix=MATCHED!
iptables -A FORWARD -m limit --limit-burst 1 --limit 1/min -j LOG --log-prefix=MATCHED!
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
expect ! gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
time +59
expect ! gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
time +1
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
iptables -D FORWARD -m limit --limit-burst 1 --limit 1/min -j LOG --log-prefix=MATCHED!
iptables -A FORWARD -m limit --limit-burst 1 --limit 1/hour -j LOG --log-prefix=MATCHED!
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
expect ! gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
time +3599
expect ! gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
time +1
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
iptables -D FORWARD -m limit --limit-burst 1 --limit 1/hour -j LOG --log-prefix=MATCHED!
iptables -A FORWARD -m limit --limit-burst 1 --limit 1/day -j LOG --log-prefix=MATCHED!
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
expect ! gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
time +86399
expect ! gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
time +1
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
iptables -D FORWARD -m limit --limit-burst 1 --limit 1/day -j LOG --log-prefix=MATCHED!
@@ -54,27 +69,36 @@
iptables -A FORWARD -m limit --limit-burst 2 --limit 1/min -j LOG --log-prefix=MATCHED!
# Two pass, one fails.
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
expect ! gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
# Another one can get through after 1 minute.
time +59
expect ! gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
time +1
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
expect ! gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
# After two minutes, we're back to letting two through.
time +120
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
expect gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
expect ! gen_ip *MATCHED!*
+expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
iptables -D FORWARD -m limit --limit-burst 2 --limit 1/min -j LOG --log-prefix=MATCHED!
More information about the netfilter-cvslog
mailing list