104
104
do_cmd "0" nostats disable
105
105
sed -i "s/MANAGE_BUILTINS=.*/MANAGE_BUILTINS=$ans/" $TESTPATH/etc/default/ufw
107
iptables -D INPUT -j ACCEPT -m comment --comment $str 2>/dev/null
108
107
echo iptables -I INPUT -j ACCEPT -m comment --comment $str >> $TESTTMP/result
109
108
iptables -I INPUT -j ACCEPT -m comment --comment $str >> $TESTTMP/result
110
109
do_cmd "0" nostats enable
111
110
iptables -n -L INPUT | grep "$str" >> $TESTTMP/result
111
iptables -D INPUT -j ACCEPT -m comment --comment $str 2>/dev/null
114
114
echo "Testing status numbered" >> $TESTTMP/result
251
251
do_cmd "0" nostats disable
252
252
sed -i "s/IPV6=.*/IPV6=no/" $TESTPATH/etc/default/ufw
254
echo "Verify toplevel chains" >> $TESTTMP/result
255
for l in off on low medium high full; do
256
do_cmd "0" nostats logging $l
257
do_cmd "0" nostats disable
258
$TESTSTATE/ufw-init flush-all >> $TESTTMP/result 2>&1
259
do_cmd "0" nostats enable
260
for b in INPUT OUTPUT FORWARD; do
261
for c in before-logging before after after-logging reject track ; do
262
if [ "$b" = "FORWARD" ] && [ "$c" = "track" ]; then
263
# FORWARD doesn't have the ufw-track-forward chain
266
suffix=`echo $b | tr [A-Z] [a-z]`
267
echo "$count: iptables -L $b -n | egrep -q 'ufw-$c-$suffix'" >> $TESTTMP/result
268
iptables -L $b -n | egrep -q "ufw-$c-$suffix" || {
269
echo "'iptables -L $b -n' does not contain 'ufw-$c-$suffix'"
272
echo "" >> $TESTTMP/result
273
echo "" >> $TESTTMP/result
279
echo "Verify secondary chains" >> $TESTTMP/result
280
for l in off on low medium high full; do
281
do_cmd "0" nostats logging $l
282
do_cmd "0" nostats disable
283
$TESTSTATE/ufw-init flush-all >> $TESTTMP/result 2>&1
284
do_cmd "0" nostats enable
285
for c in logging-deny not-local user-forward user-input user-output skip-to-policy-input ; do
286
echo "$count: ! iptables -L ufw-$c -n | egrep -q '0 references'" >> $TESTTMP/result
287
iptables -L ufw-$c -n | egrep -q '0 references' && {
288
echo "'iptables -L ufw-user-input -n' had 0 references"
291
echo "" >> $TESTTMP/result
292
echo "" >> $TESTTMP/result
295
for c in logging-allow user-limit user-limit-accept user-logging-forward user-logging-input user-logging-output skip-to-policy-output skip-to-policy-forward ; do
296
echo "$count: iptables -L ufw-$c -n | egrep -q '0 references'" >> $TESTTMP/result
297
iptables -L ufw-$c -n | egrep -q '0 references' || {
298
echo "'iptables -L ufw-user-input -n' had more than 0 references"
301
echo "" >> $TESTTMP/result
302
echo "" >> $TESTTMP/result
306
do_cmd "0" nostats logging on
307
do_cmd "0" nostats disable
309
echo "'Resource temporarily unavailable' test" >> $TESTTMP/result
310
do_cmd "0" nostats disable
311
$TESTSTATE/ufw-init flush-all >/dev/null
312
do_cmd "0" nostats allow 22/tcp
313
do_cmd "0" nostats enable
314
$TESTSTATE/ufw-init stop >/dev/null
315
for i in `seq 1 25`; do
316
echo "$count: ufw-init start/flush-all" >> $TESTTMP/result
317
$TESTSTATE/ufw-init start >/dev/null || {
318
echo "'ufw-init start' failed"
321
$TESTSTATE/ufw-init flush-all >/dev/null
322
echo "" >> $TESTTMP/result
323
echo "" >> $TESTTMP/result
326
do_cmd "0" nostats enable
327
do_cmd "0" nostats delete allow 22/tcp