[testsuite] ipt_ttl
Samuel Jean
sj-netfilter at cookinglinux.org
Thu Dec 16 03:52:04 CET 2004
Hi rusty,
Here's a little nfsim testsuite against ipt_ttl match.
Cheers,
Samuel
-------------- next part --------------
# This should fail but it doesn't because patch was lost
# somewhere in the outter limit.
# https://lists.netfilter.org/pipermail/netfilter-cvslog/2004-July/003454.html
expect iptables iptables: command failed
iptables -A INPUT -m ttl --ttl-eq -1
iptables -A INPUT -m ttl --ttl-gt 300
iptables -A INPUT -m ttl --ttl-lt -2000
# Test for match function.
# These should get NF_DROP verdict.
expect gen_ip hook:NF_IP_PRE_ROUTING iptable_nat NF_DROP *
iptables -t nat -I PREROUTING -m ttl --ttl-eq 50 -j DROP
gen_ip IF=eth0 TTL=50 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
iptables -t nat -I PREROUTING -m ttl --ttl-gt 51 -j DROP
gen_ip IF=eth0 TTL=55 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
iptables -t nat -I PREROUTING -m ttl --ttl-lt 50 -j DROP
gen_ip IF=eth0 TTL=49 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
# This packet with TTL=51 should be NF_ACCEPT'ed
expect gen_ip hook:NF_IP_PRE_ROUTING iptable_nat NF_ACCEPT *
gen_ip IF=eth0 TTL=51 192.168.0.2 192.168.0.1 0 tcp 1 2 SYN
More information about the netfilter-devel
mailing list