diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-11-03 13:15:12 +0200 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-11-03 13:15:12 +0200 |
| commit | 2b669c10e4dd8307b140375d6d0bf00e77b7666d (patch) | |
| tree | 716b6456dc73c0af1a54843517d983e878ea5ea0 /test | |
| parent | eabe4a9aeaa1191a7e84265b355eb378522e0dcf (diff) | |
| download | awall-2b669c10e4dd8307b140375d6d0bf00e77b7666d.tar.bz2 awall-2b669c10e4dd8307b140375d6d0bf00e77b7666d.tar.xz | |
test: packet-log
Diffstat (limited to 'test')
| -rw-r--r-- | test/mandatory/log.json | 4 | ||||
| -rw-r--r-- | test/output/address/dump | 13 | ||||
| -rw-r--r-- | test/output/address/rules-save | 2 | ||||
| -rw-r--r-- | test/output/address/rules6-save | 1 | ||||
| -rw-r--r-- | test/output/filter-limit/dump | 13 | ||||
| -rw-r--r-- | test/output/filter-limit/rules-save | 2 | ||||
| -rw-r--r-- | test/output/filter-limit/rules6-save | 1 | ||||
| -rw-r--r-- | test/output/filter/dump | 13 | ||||
| -rw-r--r-- | test/output/filter/rules-save | 2 | ||||
| -rw-r--r-- | test/output/filter/rules6-save | 1 | ||||
| -rw-r--r-- | test/output/no-track/dump | 13 | ||||
| -rw-r--r-- | test/output/no-track/rules-save | 2 | ||||
| -rw-r--r-- | test/output/no-track/rules6-save | 1 | ||||
| -rw-r--r-- | test/output/route-track/dump | 13 | ||||
| -rw-r--r-- | test/output/route-track/rules-save | 2 | ||||
| -rw-r--r-- | test/output/route-track/rules6-save | 1 | ||||
| -rw-r--r-- | test/output/tproxy/dump | 13 | ||||
| -rw-r--r-- | test/output/tproxy/rules-save | 2 | ||||
| -rw-r--r-- | test/output/tproxy/rules6-save | 1 |
19 files changed, 100 insertions, 0 deletions
diff --git a/test/mandatory/log.json b/test/mandatory/log.json index 0db68b0..d537977 100644 --- a/test/mandatory/log.json +++ b/test/mandatory/log.json @@ -3,6 +3,10 @@ "none": { "mode": "none" }, "ulog": { "mode": "ulog", "limit": { "interval": 5 } } }, + "packet-log": [ + { "out": "_fw" }, + { "out": "_fw", "log": "ulog" } + ], "filter": [ {}, { "action": "drop" }, diff --git a/test/output/address/dump b/test/output/address/dump index ba2720e..8d1c9fa 100644 --- a/test/output/address/dump +++ b/test/output/address/dump @@ -8044,6 +8044,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Service babel {"port":6697,"proto":"tcp"} (services) @@ -10191,6 +10201,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -13031,6 +13043,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/address/rules-save b/test/output/address/rules-save index d159550..ab2db2e 100644 --- a/test/output/address/rules-save +++ b/test/output/address/rules-save @@ -1937,6 +1937,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/address/rules6-save b/test/output/address/rules6-save index 837ae3f..584f9e9 100644 --- a/test/output/address/rules6-save +++ b/test/output/address/rules6-save @@ -559,6 +559,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/filter-limit/dump b/test/output/filter-limit/dump index 7679757..abe0636 100644 --- a/test/output/filter-limit/dump +++ b/test/output/filter-limit/dump @@ -35774,6 +35774,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Service babel {"port":6697,"proto":"tcp"} (services) @@ -41445,6 +41455,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set -A INPUT -j limit-1886 @@ -59939,6 +59951,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j limit-1886 diff --git a/test/output/filter-limit/rules-save b/test/output/filter-limit/rules-save index 9741e92..3f97755 100644 --- a/test/output/filter-limit/rules-save +++ b/test/output/filter-limit/rules-save @@ -5461,6 +5461,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set -A INPUT -j limit-1886 diff --git a/test/output/filter-limit/rules6-save b/test/output/filter-limit/rules6-save index 83fc1ab..f8161b3 100644 --- a/test/output/filter-limit/rules6-save +++ b/test/output/filter-limit/rules6-save @@ -5435,6 +5435,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j limit-1886 diff --git a/test/output/filter/dump b/test/output/filter/dump index 4af5e47..87ed7ae 100644 --- a/test/output/filter/dump +++ b/test/output/filter/dump @@ -392,6 +392,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Service babel {"port":6697,"proto":"tcp"} (services) @@ -689,6 +699,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -867,6 +879,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/filter/rules-save b/test/output/filter/rules-save index eba30de..4edf399 100644 --- a/test/output/filter/rules-save +++ b/test/output/filter/rules-save @@ -87,6 +87,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/filter/rules6-save b/test/output/filter/rules6-save index 674f83c..e242aa3 100644 --- a/test/output/filter/rules6-save +++ b/test/output/filter/rules6-save @@ -61,6 +61,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/no-track/dump b/test/output/no-track/dump index 01b7bd0..e5ef47f 100644 --- a/test/output/no-track/dump +++ b/test/output/no-track/dump @@ -388,6 +388,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Service babel {"port":6697,"proto":"tcp"} (services) @@ -681,6 +691,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -863,6 +875,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/no-track/rules-save b/test/output/no-track/rules-save index c233d55..5955fb8 100644 --- a/test/output/no-track/rules-save +++ b/test/output/no-track/rules-save @@ -83,6 +83,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/no-track/rules6-save b/test/output/no-track/rules6-save index 8a26bf3..93662c5 100644 --- a/test/output/no-track/rules6-save +++ b/test/output/no-track/rules6-save @@ -51,6 +51,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/route-track/dump b/test/output/route-track/dump index f2ba857..350eaa0 100644 --- a/test/output/route-track/dump +++ b/test/output/route-track/dump @@ -322,6 +322,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Route-track 1 {"mark":4} (route-track) inet/mangle/OUTPUT -m mark --mark 0 -j MARK --set-mark 4 @@ -621,6 +631,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -773,6 +785,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/route-track/rules-save b/test/output/route-track/rules-save index 3b9d627..1036147 100644 --- a/test/output/route-track/rules-save +++ b/test/output/route-track/rules-save @@ -77,6 +77,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/route-track/rules6-save b/test/output/route-track/rules6-save index 11dcec1..e04f807 100644 --- a/test/output/route-track/rules6-save +++ b/test/output/route-track/rules6-save @@ -51,6 +51,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/tproxy/dump b/test/output/tproxy/dump index 5dcdb32..d255d60 100644 --- a/test/output/tproxy/dump +++ b/test/output/tproxy/dump @@ -322,6 +322,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Service babel {"port":6697,"proto":"tcp"} (services) @@ -615,6 +625,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -766,6 +778,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/tproxy/rules-save b/test/output/tproxy/rules-save index b948e2b..b110446 100644 --- a/test/output/tproxy/rules-save +++ b/test/output/tproxy/rules-save @@ -77,6 +77,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/tproxy/rules6-save b/test/output/tproxy/rules6-save index 1a18471..3de674a 100644 --- a/test/output/tproxy/rules6-save +++ b/test/output/tproxy/rules6-save @@ -51,6 +51,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT |