136
136
&add_jump_rule_test($ipt_obj, $test_table, $test_chain);
137
137
&find_jump_rule_test($ipt_obj, $test_table, $test_chain);
138
138
&flush_chain_test($ipt_obj, $test_table, $test_chain);
139
&set_chain_policy_test($ipt_obj, $test_table, $test_chain);
139
140
&delete_chain_test($ipt_obj, $test_table, $test_jump_from_chain, $test_chain);
172
164
&dots_print("flush_chain(): $test_table $test_chain");
174
166
my ($rv, $out_ar, $err_ar) = $ipt_obj->flush_chain($test_table, $test_chain);
179
&logr("pass ($executed)\n");
182
&logr("fail ($executed)\n");
183
&logr(" Could not flush $test_table $test_chain chain\n");
167
&pass_fail($rv, " Could not flush $test_table $test_chain chain.");
172
sub set_chain_policy_test() {
173
my ($ipt_obj, $test_table, $test_chain) = @_;
175
for my $target (qw/DROP ACCEPT/) {
176
&dots_print("cannot set chain policy: $test_table $test_chain $target");
178
my ($rv, $out_ar, $err_ar) = $ipt_obj->set_chain_policy($test_table,
179
$test_chain, $target);
181
if ($rv) { ### bad, cannot set policy for a non built-in chain
187
&pass_fail($rv, " Was able to set $test_table $test_chain chain " .
188
"policy to $target, should only be able to do this for built-in chains.");
190
195
sub add_jump_rule_test() {
191
196
my ($ipt_obj, $test_table, $test_chain) = @_;
194
199
my ($rv, $out_ar, $err_ar) = $ipt_obj->add_jump_rule($test_table,
195
200
$test_jump_from_chain, 1, $test_chain);
200
&logr("pass ($executed)\n");
203
&logr("fail ($executed)\n");
204
&logr(" Could not add jump rule\n");
202
&pass_fail($rv, " Could not add jump rule.");
219
215
my ($rule_position, $num_chain_rules) = $ipt_obj->find_ip_rule($ip_any_net,
220
216
$ip_any_net, $test_table, $test_jump_from_chain, $test_chain, {});
224
if ($rule_position > 0) {
225
&logr("pass ($executed)\n");
228
&logr("fail ($executed)\n");
229
&logr(" Could not find jump rule\n");
218
&pass_fail($rule_position, " Could not find jump rule.");
250
237
my ($rv, $out_ar, $err_ar) = $ipt_obj->add_ip_rule($src_ip,
251
238
$dst_ip, $chain_past_end, $test_table, $test_chain, $target, {});
256
&logr("pass ($executed)\n");
259
&logr("fail ($executed)\n");
260
&logr(" Could not add $src_ip -> $dst_ip $target rule\n");
240
&pass_fail($rv, " Could not add $src_ip -> $dst_ip $target rule.");
281
259
my ($rule_position, $num_chain_rules) = $ipt_obj->find_ip_rule($src_ip,
282
260
$dst_ip, $test_table, $test_chain, $target, {'normalize' => 1});
286
if ($rule_position > 0) {
287
&logr("pass ($executed)\n");
290
&logr("fail ($executed)\n");
291
&logr(" Could not find $src_ip -> $dst_ip $target rule\n");
262
&pass_fail($rule_position, " Could not find $src_ip -> $dst_ip $target rule.");
310
279
for my $target (qw/LOG ACCEPT RETURN/) {
311
282
&dots_print("add_ip_rules(): $test_table $test_chain TCP $src_ip(0) -> $dst_ip(80) $target ");
312
283
my ($rv, $out_ar, $err_ar) = $ipt_obj->add_ip_rule($src_ip,
313
284
$dst_ip, $chain_past_end, $test_table, $test_chain, $target,
314
285
{'protocol' => 'tcp', 's_port' => 0, 'd_port' => 80});
319
&logr("pass ($executed)\n");
322
&logr("fail ($executed)\n");
323
&logr(" Could not add TCP $src_ip(0) -> $dst_ip(80) $target rule\n");
286
&pass_fail($rv, " Could not add TCP $src_ip(0) -> $dst_ip(80) $target rule");
288
### TCP + state tracking
289
&dots_print("add_ip_rules(): $test_table $test_chain TCP $src_ip(0) -> $dst_ip(80) state ESTABLISHED,RELATED $target ");
290
($rv, $out_ar, $err_ar) = $ipt_obj->add_ip_rule($src_ip,
291
$dst_ip, $chain_past_end, $test_table, $test_chain, $target,
292
{'protocol' => 'tcp', 's_port' => 0, 'd_port' => 80, 'state' => 'ESTABLISHED,RELATED'});
293
&pass_fail($rv, " Could not add TCP $src_ip(0) -> $dst_ip(80) state ESTABLISHED,RELATED $target rule");
295
### TCP + ctstate tracking
296
&dots_print("add_ip_rules(): $test_table $test_chain TCP $src_ip(0) -> $dst_ip(80) ctstate ESTABLISHED,RELATED $target ");
297
($rv, $out_ar, $err_ar) = $ipt_obj->add_ip_rule($src_ip,
298
$dst_ip, $chain_past_end, $test_table, $test_chain, $target,
299
{'protocol' => 'tcp', 's_port' => 0, 'd_port' => 80, 'ctstate' => 'ESTABLISHED,RELATED'});
300
&pass_fail($rv, " Could not add TCP $src_ip(0) -> $dst_ip(80) ctstate ESTABLISHED,RELATED $target rule");
327
303
&dots_print("add_ip_rules(): $test_table $test_chain UDP $src_ip(0) -> $dst_ip(53) $target ");
328
304
($rv, $out_ar, $err_ar) = $ipt_obj->add_ip_rule($src_ip,
329
305
$dst_ip, $chain_past_end, $test_table, $test_chain, $target,
330
306
{'protocol' => 'udp', 's_port' => 0, 'd_port' => 53});
335
&logr("pass ($executed)\n");
338
&logr("fail ($executed)\n");
339
&logr(" Could not add UDP $src_ip(0) -> $dst_ip(53) $target rule\n");
307
&pass_fail($rv, " Could not add UDP $src_ip(0) -> $dst_ip(53) $target rule");
361
327
my ($rule_position, $num_chain_rules) = $ipt_obj->find_ip_rule($src_ip,
362
328
$dst_ip, $test_table, $test_chain, $target,
363
329
{'normalize' => 1, 'protocol' => 'tcp', 's_port' => 0, 'd_port' => 80});
367
if ($rule_position > 0) {
368
&logr("pass ($executed)\n");
371
&logr("fail ($executed)\n");
372
&logr(" Could not find TCP $src_ip(0) -> $dst_ip(80) $target rule\n");
330
&pass_fail($rule_position, " Could not find TCP $src_ip(0) -> $dst_ip(80) $target rule");
332
&dots_print("find rule: $test_table $test_chain TCP $src_ip(0) -> $dst_ip(80) state ESTABLISHED,RELATED $target ");
333
($rule_position, $num_chain_rules) = $ipt_obj->find_ip_rule($src_ip,
334
$dst_ip, $test_table, $test_chain, $target,
335
{'normalize' => 1, 'protocol' => 'tcp', 's_port' => 0,
336
'd_port' => 80, 'state' => 'ESTABLISHED,RELATED'});
337
&pass_fail($rule_position, " Could not find TCP $src_ip(0) -> $dst_ip(80) state ESTABLISHED,RELATED $target rule");
339
&dots_print("find rule: $test_table $test_chain TCP $src_ip(0) -> $dst_ip(80) ctstate ESTABLISHED,RELATED $target ");
340
($rule_position, $num_chain_rules) = $ipt_obj->find_ip_rule($src_ip,
341
$dst_ip, $test_table, $test_chain, $target,
342
{'normalize' => 1, 'protocol' => 'tcp', 's_port' => 0,
343
'd_port' => 80, 'ctstate' => 'ESTABLISHED,RELATED'});
344
&pass_fail($rule_position, " Could not find TCP $src_ip(0) -> $dst_ip(80) ctstate ESTABLISHED,RELATED $target rule");
376
346
&dots_print("find rule: $test_table $test_chain UDP $src_ip(0) -> $dst_ip(53) $target ");
377
347
($rule_position, $num_chain_rules) = $ipt_obj->find_ip_rule($src_ip,
378
348
$dst_ip, $test_table, $test_chain, $target,
379
349
{'normalize' => 1, 'protocol' => 'udp', 's_port' => 0, 'd_port' => 53});
383
if ($rule_position > 0) {
384
&logr("pass ($executed)\n");
387
&logr("fail ($executed)\n");
388
&logr(" Could not find UDP $src_ip(0) -> $dst_ip(53) $target rule\n");
350
&pass_fail($rule_position, " Could not find UDP $src_ip(0) -> $dst_ip(53) $target rule");
403
362
my ($rv, $out_ar, $err_ar) = $ipt_obj->create_chain($test_table, $test_chain);
408
&logr("pass ($executed)\n");
411
&logr("fail ($executed)\n");
412
&logr(" Could not create $test_table $test_chain chain\n");
364
&pass_fail($rv, " Could not create $test_table $test_chain chain");
365
die "[*] FATAL" unless $rv;
425
375
my ($rv, $out_ar, $err_ar) = $ipt_obj->chain_exists($test_table, $test_chain);
430
&logr("fail ($executed)\n");
431
&logr(" Chain exists.\n");
435
&logr("pass ($executed)\n");
382
&pass_fail(++$rv, " Chain exists.");
383
die "[*] FATAL" unless $rv;
457
404
my ($rv, $out_ar, $err_ar) = $ipt_obj->delete_chain($test_table,
458
405
$test_jump_from_chain, $test_chain);
407
&pass_fail($rv, " Could not delete chain.");
408
die "[*] FATAL" unless $rv;
463
&logr("pass ($executed)\n");
466
&logr("fail ($executed)\n");
467
&logr(" Could not delete chain.\n");