3
# Copyright 2014 Canonical Ltd.
5
# This program is free software: you can redistribute it and/or modify
6
# it under the terms of the GNU General Public License version 3,
7
# as published by the Free Software Foundation.
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU General Public License for more details.
14
# You should have received a copy of the GNU General Public License
15
# along with this program. If not, see <http://www.gnu.org/licenses/>.
17
source "$TESTPATH/../testlib.sh"
19
echo "Man page" >> $TESTTMP/result
20
do_cmd "0" --dry-run route deny proto udp from 1.2.3.4 to any port 514
21
do_cmd "0" --dry-run route delete deny proto udp from 1.2.3.4 to any port 514
22
do_cmd "0" --dry-run route allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469
23
do_cmd "0" --dry-run route delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469
25
echo "SIMPLE" >> $TESTTMP/result
26
do_cmd "0" --dry-run route allow ssh
27
do_cmd "0" --dry-run route delete allow ssh
28
do_cmd "0" --dry-run route allow ssh/tcp
29
do_cmd "0" --dry-run route delete allow ssh/tcp
30
do_cmd "0" --dry-run route allow ssh/udp
31
do_cmd "0" --dry-run route delete allow ssh/udp
33
echo "Interfaces" >> $TESTTMP/result
36
do_cmd "0" --dry-run route allow in on $in_if
37
do_cmd "0" --dry-run route delete allow in on $in_if
38
do_cmd "0" --dry-run route deny out on $out_if
39
do_cmd "0" --dry-run route delete deny out on $out_if
41
echo "TO/FROM" >> $TESTTMP/result
44
do_cmd "0" --dry-run route allow from $from
45
do_cmd "0" --dry-run route delete allow from $from
46
do_cmd "0" --dry-run route deny to $to
47
do_cmd "0" --dry-run route delete deny to $to
48
do_cmd "0" --dry-run route limit to $to from $from
49
do_cmd "0" --dry-run route delete limit to $to from $from
51
do_cmd "0" --dry-run route allow in on $in_if from $from
52
do_cmd "0" --dry-run route delete allow in on $in_if from $from
53
do_cmd "0" --dry-run route deny out on $out_if to $to
54
do_cmd "0" --dry-run route delete deny out on $out_if to $to
55
do_cmd "0" --dry-run route limit in on $in_if out on $out_if from $from to $to
56
do_cmd "0" --dry-run route delete limit in on $in_if out on $out_if from $from to $to
58
do_cmd "0" --dry-run route allow from $from port 80
59
do_cmd "0" --dry-run route delete allow from $from port 80
60
do_cmd "0" --dry-run route deny to $to port 25
61
do_cmd "0" --dry-run route delete deny to $to port 25
62
do_cmd "0" --dry-run route limit in on $in_if out on $out_if from $from port 25 to $to port 25 proto tcp
63
do_cmd "0" --dry-run route delete limit in on $in_if out on $out_if from $from port 25 to $to port 25 proto tcp
65
echo "Services" >> $TESTTMP/result
66
do_cmd "0" --dry-run route allow to any port smtp from any port smtp
67
do_cmd "0" --dry-run route delete allow to any port smtp from any port smtp
68
do_cmd "0" --dry-run route allow in on $in_if out on $out_if to any port smtp from any port smtp
69
do_cmd "0" --dry-run route delete allow in on $in_if out on $out_if to any port smtp from any port smtp
71
echo "Netmasks" >> $TESTTMP/result
72
do_cmd "0" --dry-run route reject from 192.168.0.1/32 to 192.168.0.0/16
73
do_cmd "0" --dry-run route delete reject from 192.168.0.1/32 to 192.168.0.0/16
75
echo "Multiports:" >> $TESTTMP/result
76
do_cmd "0" --dry-run route limit 23,21,15:19,22/tcp
77
do_cmd "0" --dry-run route delete limit 23,21,15:19,22/tcp
78
do_cmd "0" --dry-run route allow in on $in_if out on $out_if from 192.168.0.1 port 23,21,15:19,22 to 10.0.0.0/8 port 24:26 proto tcp
79
do_cmd "0" --dry-run route delete allow in on $in_if out on $out_if from 192.168.0.1 port 23,21,15:19,22 to 10.0.0.0/8 port 24:26 proto tcp
80
do_cmd "0" --dry-run route deny in on $in_if to any port 34,35:39 from any port 24 proto udp
81
do_cmd "0" --dry-run route delete deny in on $in_if to any port 34,35:39 from any port 24 proto udp
83
echo "Insert" >> $TESTTMP/result
84
do_cmd "0" null route allow 22
85
do_cmd "0" null route allow 23
87
do_cmd "0" null route insert 1 allow 9999
88
do_cmd "0" null route insert 1 allow log 9998
89
do_cmd "0" null route insert 2 reject to 192.168.0.1 from 10.0.0.1
90
cat $TESTSTATE/user.rules >> $TESTTMP/result
92
do_cmd "0" null route delete allow 22
93
do_cmd "0" null route delete allow 23
94
do_cmd "0" null route delete allow 9999
95
do_cmd "0" null route delete allow log 9998
96
do_cmd "0" null route delete reject to 192.168.0.1 from 10.0.0.1
97
cat $TESTSTATE/user.rules >> $TESTTMP/result
99
echo "ipv6 protocols" >> $TESTTMP/result
100
do_cmd "0" --dry-run route allow in on $in_if to 10.0.0.1 proto ipv6
101
do_cmd "0" --dry-run route delete allow in on $in_if to 10.0.0.1 proto ipv6
102
do_cmd "0" --dry-run route deny out on $out_if to 10.0.0.1 from 10.4.0.0/16 proto ah
103
do_cmd "0" --dry-run route delete deny out on $out_if to 10.0.0.1 from 10.4.0.0/16 proto ah
104
do_cmd "0" --dry-run route limit in on $in_if out on $out_if to 10.0.0.1 proto esp
105
do_cmd "0" --dry-run route delete limit in on $in_if out on $out_if to 10.0.0.1 proto esp