146
146
echo "ipv4 rule in ipv4 section" >> $TESTTMP/result
147
147
do_cmd "0" null insert 2 allow to 127.0.0.1 port 8888
148
cat $TESTSTATE/user.rules >> $TESTTMP/result
149
cat $TESTSTATE/user6.rules >> $TESTTMP/result
148
cat $TESTCONFIG/user.rules >> $TESTTMP/result
149
cat $TESTCONFIG/user6.rules >> $TESTTMP/result
151
151
echo "ipv6 rule in ipv6 section" >> $TESTTMP/result
152
152
do_cmd "0" null delete allow to 127.0.0.1 port 8888
153
153
do_cmd "0" null insert 4 allow to ::1 port 8888
154
cat $TESTSTATE/user.rules >> $TESTTMP/result
155
cat $TESTSTATE/user6.rules >> $TESTTMP/result
154
cat $TESTCONFIG/user.rules >> $TESTTMP/result
155
cat $TESTCONFIG/user6.rules >> $TESTTMP/result
157
157
echo "ipv6 rule in ipv4 section" >> $TESTTMP/result
158
158
do_cmd "0" null delete allow to ::1 port 8888
165
165
echo "'both' rule in ipv4 section" >> $TESTTMP/result
166
166
do_cmd "0" null delete allow to 127.0.0.1 port 8888
167
167
do_cmd "0" null insert 2 allow 8888
168
cat $TESTSTATE/user.rules >> $TESTTMP/result
169
cat $TESTSTATE/user6.rules >> $TESTTMP/result
168
cat $TESTCONFIG/user.rules >> $TESTTMP/result
169
cat $TESTCONFIG/user6.rules >> $TESTTMP/result
171
171
echo "'both' rule in ipv6 section" >> $TESTTMP/result
172
172
do_cmd "0" null delete allow 8888
173
173
do_cmd "0" null insert 4 allow log 8888
174
cat $TESTSTATE/user.rules >> $TESTTMP/result
175
cat $TESTSTATE/user6.rules >> $TESTTMP/result
174
cat $TESTCONFIG/user.rules >> $TESTTMP/result
175
cat $TESTCONFIG/user6.rules >> $TESTTMP/result
177
177
do_cmd "0" null delete allow to 127.0.0.1 port 22
178
178
do_cmd "0" null delete allow to 127.0.0.1 port 23
179
179
do_cmd "0" null delete allow to ::1 port 24
180
180
do_cmd "0" null delete allow to ::1 port 25
181
181
do_cmd "0" null delete allow log 8888
182
cat $TESTSTATE/user.rules >> $TESTTMP/result
183
cat $TESTSTATE/user6.rules >> $TESTTMP/result
182
cat $TESTCONFIG/user.rules >> $TESTTMP/result
183
cat $TESTCONFIG/user6.rules >> $TESTTMP/result
185
185
echo "Interfaces" >> $TESTTMP/result
186
186
for i in "in" "out" ; do
189
189
do_cmd "0" null deny $i on eth0 from 192.168.0.1 port 22 proto tcp
190
190
do_cmd "0" null reject $i on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734
191
191
do_cmd "0" null allow $i on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 22 proto tcp
192
cat $TESTSTATE/user.rules >> $TESTTMP/result
193
cat $TESTSTATE/user6.rules >> $TESTTMP/result
192
cat $TESTCONFIG/user.rules >> $TESTTMP/result
193
cat $TESTCONFIG/user6.rules >> $TESTTMP/result
194
194
do_cmd "0" null delete allow $i on eth0
195
195
do_cmd "0" null delete allow $i on eth0 to 192.168.0.1
196
196
do_cmd "0" null delete deny $i on eth0 from 192.168.0.1 port 22 proto tcp
197
197
do_cmd "0" null delete reject $i on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734
198
198
do_cmd "0" null delete allow $i on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 22 proto tcp
199
cat $TESTSTATE/user.rules >> $TESTTMP/result
200
cat $TESTSTATE/user6.rules >> $TESTTMP/result
199
cat $TESTCONFIG/user.rules >> $TESTTMP/result
200
cat $TESTCONFIG/user6.rules >> $TESTTMP/result
203
203
echo "IPSec" >> $TESTTMP/result
217
217
do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah comment \'SSH\ port\'
218
218
do_cmd "0" delete allow to 10.0.0.1 from 10.4.0.0/16 comment \'SSH\ port\'
219
219
do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah comment \'SSH\ port\'
220
cat $TESTSTATE/user.rules $TESTSTATE/user6.rules >> $TESTTMP/result
220
cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result