From 162e697cf86947e7ff54a05570146b5b75321e97 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Wed, 29 Apr 2020 08:00:35 -0400 Subject: [PATCH 14/45] test(direct): rule in a zone chain Coverage for rhbz 1829104. (cherry picked from commit f88617bb205c6891d4f9c1d5231ddf356a3bd59f) (cherry picked from commit c9f519adea34ec29e262713a543f2b086fb9ffa7) --- src/tests/regression/regression.at | 1 + src/tests/regression/rhbz1829104.at | 55 +++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 src/tests/regression/rhbz1829104.at diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at index 2528ddd3fede..c3a5706c6406 100644 --- a/src/tests/regression/regression.at +++ b/src/tests/regression/regression.at @@ -28,3 +28,4 @@ m4_include([regression/gh567.at]) m4_include([regression/rhbz1779835.at]) m4_include([regression/gh330.at]) m4_include([regression/gh599.at]) +m4_include([regression/rhbz1829104.at]) diff --git a/src/tests/regression/rhbz1829104.at b/src/tests/regression/rhbz1829104.at new file mode 100644 index 000000000000..45659eb3c3df --- /dev/null +++ b/src/tests/regression/rhbz1829104.at @@ -0,0 +1,55 @@ +m4_if(iptables, FIREWALL_BACKEND, [ +FWD_START_TEST([direct rule in zone chain]) +AT_KEYWORDS(direct rhbz1829104) + +FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) + +FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) + +FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) + +FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) + +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDI_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) + +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 filter FWDO_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) + +FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) +FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) + +FWD_END_TEST +]) -- 2.27.0