diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-05-31 14:04:50 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-05-31 21:37:09 +0300 |
| commit | 3293b2093502a35441fcf67234089b1898943371 (patch) | |
| tree | 465aeeea8f50e765c2690304a5d91d2858dc1c15 | |
| parent | c3f53365a2edbf999154158c5e097e68b1d4f1fb (diff) | |
| download | awall-3293b2093502a35441fcf67234089b1898943371.tar.bz2 awall-3293b2093502a35441fcf67234089b1898943371.tar.xz | |
Makefile: check target
| -rw-r--r-- | Makefile | 5 | ||||
| -rwxr-xr-x | test.sh | 17 | ||||
| -rw-r--r-- | test/output/dump | 239 | ||||
| -rw-r--r-- | test/output/ipset-awall-masquerade | 2 | ||||
| -rw-r--r-- | test/output/rules-save | 24 | ||||
| -rw-r--r-- | test/output/rules6-save | 19 |
6 files changed, 305 insertions, 1 deletions
@@ -51,4 +51,7 @@ $(ROOT_DIR)/$(resdir)/modules: install: $(foreach f,$(files),$(ROOT_DIR)/$(f)) $(ROOT_DIR)/$(resdir)/modules -.PHONY: all +check: + LUA_VERSION=$(LUA_VERSION) ./test.sh + +.PHONY: all check install @@ -0,0 +1,17 @@ +#!/bin/sh -e + +# Alpine Wall test script +# Copyright (C) 2012-2017 Kaarle Ritvanen +# See LICENSE file for license details + + +cd "$(dirname "$0")" + +export LUA_PATH="./?.lua;;" + +for cls in mandatory optional private; do + eval "export AWALL_PATH_$(echo $cls | tr a-z A-Z)=test/$cls" + mkdir -p test/$cls +done + +exec lua${LUA_VERSION} ./awall-cli ${1:-diff} -o test/output diff --git a/test/output/dump b/test/output/dump new file mode 100644 index 0000000..69774bf --- /dev/null +++ b/test/output/dump @@ -0,0 +1,239 @@ +Ipset awall-masquerade {"family":"inet","type":"hash:net"} +(masquerade) + + +Log _default {"limit":1} +(defaults) + + +Service babel {"port":6697,"proto":"tcp"} +(services) + +Service bacula-dir {"port":9101,"proto":"tcp"} +(services) + +Service bacula-fd {"port":9102,"proto":"tcp"} +(services) + +Service bacula-sd {"port":9103,"proto":"tcp"} +(services) + +Service bgp {"port":179,"proto":"tcp"} +(services) + +Service dhcp {"family":"inet","port":[67,68],"proto":"udp"} +(services) + +Service discard [{"port":9,"proto":"udp"},{"port":9,"proto":"tcp"}] +(services) + +Service dns [{"port":53,"proto":"udp"},{"port":53,"proto":"tcp"}] +(services) + +Service epmap [{"port":135,"proto":"tcp"},{"port":135,"proto":"udp"}] +(services) + +Service ftp {"ct-helper":"ftp","port":21,"proto":"tcp"} +(services) + +Service gre {"proto":"gre"} +(services) + +Service hp-pdl {"port":9100,"proto":"tcp"} +(services) + +Service http {"port":80,"proto":"tcp"} +(services) + +Service http-alt {"port":8080,"proto":"tcp"} +(services) + +Service https {"port":443,"proto":"tcp"} +(services) + +Service icmp {"proto":"icmp"} +(services) + +Service igmp {"proto":"igmp"} +(services) + +Service imap {"port":143,"proto":"tcp"} +(services) + +Service imaps {"port":993,"proto":"tcp"} +(services) + +Service ipsec [{"proto":"esp"},{"port":[500,4500],"proto":"udp"}] +(services) + +Service irc {"ct-helper":"irc","port":6667,"proto":"tcp"} +(services) + +Service kerberos [{"port":88,"proto":"tcp"},{"port":88,"proto":"udp"}] +(services) + +Service kpasswd [{"port":464,"proto":"tcp"},{"port":464,"proto":"udp"}] +(services) + +Service l2tp {"port":1701,"proto":"udp"} +(services) + +Service ldap [{"port":389,"proto":"tcp"},{"port":389,"proto":"udp"}] +(services) + +Service ldaps [{"port":636,"proto":"tcp"},{"port":636,"proto":"udp"}] +(services) + +Service microsoft-ds [{"port":445,"proto":"tcp"},{"port":445,"proto":"udp"}] +(services) + +Service ms-sql-m {"port":1434,"proto":"tcp"} +(services) + +Service ms-sql-s {"port":1433,"proto":"tcp"} +(services) + +Service msft-gc [{"port":3268,"proto":"tcp"},{"port":3268,"proto":"udp"}] +(services) + +Service msft-gc-ssl [{"port":3269,"proto":"tcp"},{"port":3269,"proto":"udp"}] +(services) + +Service netbios-ds [{"port":138,"proto":"tcp"},{"port":138,"proto":"udp"}] +(services) + +Service netbios-ns [{"family":"inet","port":137,"proto":"tcp"},{"ct-helper":"netbios-ns","family":"inet","port":137,"proto":"udp"}] +(services) + +Service netbios-ssn [{"port":139,"proto":"tcp"},{"port":139,"proto":"udp"}] +(services) + +Service ntp {"port":123,"proto":"udp"} +(services) + +Service ospf {"proto":"ospf"} +(services) + +Service pgsql {"port":5432,"proto":"tcp"} +(services) + +Service ping [{"proto":"icmp","reply-type":0,"type":8},{"proto":"icmpv6","reply-type":129,"type":128}] +(services) + +Service pop3 {"port":110,"proto":"tcp"} +(services) + +Service pop3s {"port":995,"proto":"tcp"} +(services) + +Service radius [{"port":1812,"proto":"udp"},{"port":1812,"proto":"tcp"}] +(services) + +Service radius-acct [{"port":1813,"proto":"udp"},{"port":1813,"proto":"tcp"}] +(services) + +Service rdp {"port":3389,"proto":"tcp"} +(services) + +Service rsync {"port":873,"proto":"tcp"} +(services) + +Service rtmp {"port":1935,"proto":"tcp"} +(services) + +Service rtsp {"port":554,"proto":"tcp"} +(services) + +Service sieve {"port":4190,"proto":"tcp"} +(services) + +Service sip [{"ct-helper":"sip","port":5060,"proto":"udp"},{"ct-helper":"sip","port":5060,"proto":"tcp"}] +(services) + +Service sip-tls [{"port":5061,"proto":"udp"},{"port":5061,"proto":"tcp"}] +(services) + +Service smtp {"port":25,"proto":"tcp"} +(services) + +Service snmp {"port":161,"proto":"udp"} +(services) + +Service snmp-trap {"port":162,"proto":"udp"} +(services) + +Service ssh {"port":22,"proto":"tcp"} +(services) + +Service submission {"port":587,"proto":"tcp"} +(services) + +Service syslog {"port":514,"proto":"udp"} +(services) + +Service telnet {"port":23,"proto":"tcp"} +(services) + +Service teredo {"port":3544,"proto":"udp"} +(services) + +Service tftp {"port":69,"proto":"udp"} +(services) + +Service vnc {"port":5900,"proto":"tcp"} +(services) + + +Variable awall_tproxy_mark 1 +(defaults) + + +# ipset awall-masquerade +hash:net family inet + + +# rules-save generated by awall +*filter +:FORWARD DROP [0:0] +:INPUT DROP [0:0] +:OUTPUT DROP [0:0] +:icmp-routing - [0:0] +-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A FORWARD -p icmp -j icmp-routing +-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -p icmp -j icmp-routing +-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A OUTPUT -o lo -j ACCEPT +-A OUTPUT -p icmp -j icmp-routing +-A icmp-routing -p icmp --icmp-type 3 -j ACCEPT +-A icmp-routing -p icmp --icmp-type 11 -j ACCEPT +-A icmp-routing -p icmp --icmp-type 12 -j ACCEPT +COMMIT +*nat +:POSTROUTING ACCEPT [0:0] +:awall-masquerade - [0:0] +-A POSTROUTING -m set --match-set awall-masquerade src -j awall-masquerade +-A awall-masquerade -m set ! --match-set awall-masquerade dst -j MASQUERADE +COMMIT + +# rules6-save generated by awall +*filter +:FORWARD DROP [0:0] +:INPUT DROP [0:0] +:OUTPUT DROP [0:0] +:icmp-routing - [0:0] +-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -p icmpv6 -j ACCEPT +-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A OUTPUT -o lo -j ACCEPT +-A OUTPUT -p icmpv6 -j ACCEPT +-A icmp-routing -p icmpv6 --icmpv6-type 1 -j ACCEPT +-A icmp-routing -p icmpv6 --icmpv6-type 2 -j ACCEPT +-A icmp-routing -p icmpv6 --icmpv6-type 3 -j ACCEPT +-A icmp-routing -p icmpv6 --icmpv6-type 4 -j ACCEPT +COMMIT + diff --git a/test/output/ipset-awall-masquerade b/test/output/ipset-awall-masquerade new file mode 100644 index 0000000..b3a47fd --- /dev/null +++ b/test/output/ipset-awall-masquerade @@ -0,0 +1,2 @@ +# ipset awall-masquerade +hash:net family inet diff --git a/test/output/rules-save b/test/output/rules-save new file mode 100644 index 0000000..06c601d --- /dev/null +++ b/test/output/rules-save @@ -0,0 +1,24 @@ +# rules-save generated by awall +*filter +:FORWARD DROP [0:0] +:INPUT DROP [0:0] +:OUTPUT DROP [0:0] +:icmp-routing - [0:0] +-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A FORWARD -p icmp -j icmp-routing +-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -p icmp -j icmp-routing +-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A OUTPUT -o lo -j ACCEPT +-A OUTPUT -p icmp -j icmp-routing +-A icmp-routing -p icmp --icmp-type 3 -j ACCEPT +-A icmp-routing -p icmp --icmp-type 11 -j ACCEPT +-A icmp-routing -p icmp --icmp-type 12 -j ACCEPT +COMMIT +*nat +:POSTROUTING ACCEPT [0:0] +:awall-masquerade - [0:0] +-A POSTROUTING -m set --match-set awall-masquerade src -j awall-masquerade +-A awall-masquerade -m set ! --match-set awall-masquerade dst -j MASQUERADE +COMMIT diff --git a/test/output/rules6-save b/test/output/rules6-save new file mode 100644 index 0000000..419fd05 --- /dev/null +++ b/test/output/rules6-save @@ -0,0 +1,19 @@ +# rules6-save generated by awall +*filter +:FORWARD DROP [0:0] +:INPUT DROP [0:0] +:OUTPUT DROP [0:0] +:icmp-routing - [0:0] +-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -p icmpv6 -j ACCEPT +-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A OUTPUT -o lo -j ACCEPT +-A OUTPUT -p icmpv6 -j ACCEPT +-A icmp-routing -p icmpv6 --icmpv6-type 1 -j ACCEPT +-A icmp-routing -p icmpv6 --icmpv6-type 2 -j ACCEPT +-A icmp-routing -p icmpv6 --icmpv6-type 3 -j ACCEPT +-A icmp-routing -p icmpv6 --icmpv6-type 4 -j ACCEPT +COMMIT |