diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-01-11 03:30:28 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-01-17 16:55:02 +0100 |
| commit | cedc96c2c472f4f544e779c244d85a026fd7085b (patch) | |
| tree | 758784bdae6e654a15f24d708cba471a9472e0b6 /testing/tests/sql | |
| parent | 136f74161b655284dfa4d5ff80290dad02c91a52 (diff) | |
| download | strongswan-cedc96c2c472f4f544e779c244d85a026fd7085b.tar.bz2 strongswan-cedc96c2c472f4f544e779c244d85a026fd7085b.tar.xz | |
implemented ip6tables.rules
Diffstat (limited to 'testing/tests/sql')
5 files changed, 54 insertions, 0 deletions
diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/iptables.rules b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/iptables.rules new file mode 100644 index 000000000..7362b2e25 --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/iptables.rules @@ -0,0 +1,16 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + +COMMIT diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/iptables.rules b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/iptables.rules new file mode 100644 index 000000000..7362b2e25 --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/iptables.rules @@ -0,0 +1,16 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + +COMMIT diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/iptables.rules b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/iptables.rules new file mode 100644 index 000000000..7362b2e25 --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/iptables.rules @@ -0,0 +1,16 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + +COMMIT diff --git a/testing/tests/sql/rw-psk-ipv6/posttest.dat b/testing/tests/sql/rw-psk-ipv6/posttest.dat index b13222a9f..ab753507f 100644 --- a/testing/tests/sql/rw-psk-ipv6/posttest.dat +++ b/testing/tests/sql/rw-psk-ipv6/posttest.dat @@ -4,6 +4,9 @@ dave::ipsec stop moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush +moon::ip6tables-restore < /etc/ip6tables.flush +carol::ip6tables-restore < /etc/ip6tables.flush +dave::ip6tables-restore < /etc/ip6tables.flush alice::"ip route del fec0:\:/16 via fec1:\:1" carol::"ip route del fec1:\:/16 via fec0:\:1" dave::"ip route del fec1:\:/16 via fec0:\:1" diff --git a/testing/tests/sql/rw-psk-ipv6/pretest.dat b/testing/tests/sql/rw-psk-ipv6/pretest.dat index e53bb309f..587dd7f85 100644 --- a/testing/tests/sql/rw-psk-ipv6/pretest.dat +++ b/testing/tests/sql/rw-psk-ipv6/pretest.dat @@ -10,6 +10,9 @@ dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ip6tables-restore < /etc/ip6tables.rules +carol::ip6tables-restore < /etc/ip6tables.rules +dave::ip6tables-restore < /etc/ip6tables.rules alice::"ip route add fec0:\:/16 via fec1:\:1" carol::"ip route add fec1:\:/16 via fec0:\:1" dave::"ip route add fec1:\:/16 via fec0:\:1" |