We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
moby
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: debcb76939
分支列表 标签列表
moby
/
libnetwork
/
iptables
/
firewalld_test.go

firewalld_test.go 2.0 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103 
  1. //go:build linux
    2. 

  2. 

  3. package iptables
    4. 

  4. 

  5. import (
    6. 

  6. 	"net"
    7. 

  7. 	"strconv"
    8. 

  8. 	"testing"
    9. 

  9. 

  10. 	"github.com/godbus/dbus/v5"
    11. 

  11. )
    12. 

  12. 

  13. func skipIfNoFirewalld(t *testing.T) {
    14. 

  14. 	t.Helper()
    15. 

  15. 	conn, err := dbus.SystemBus()
    16. 

  16. 	if err != nil {
    17. 

  17. 		t.Skipf("cannot connect to D-bus system bus: %v", err)
    18. 

  18. 	}
    19. 

  19. 	defer conn.Close()
    20. 

  20. 

  21. 	var zone string
    22. 

  22. 	err = conn.Object(dbusInterface, dbusPath).Call(dbusInterface+".getDefaultZone", 0).Store(&zone)
    23. 

  23. 	if err != nil {
    24. 

  24. 		t.Skipf("firewalld is not running: %v", err)
    25. 

  25. 	}
    26. 

  26. }
    27. 

  27. 

  28. func TestFirewalldInit(t *testing.T) {
    29. 

  29. 	skipIfNoFirewalld(t)
    30. 

  30. 	if err := firewalldInit(); err != nil {
    31. 

  31. 		t.Fatal(err)
    32. 

  32. 	}
    33. 

  33. }
    34. 

  34. 

  35. func TestReloaded(t *testing.T) {
    36. 

  36. 	iptable := GetIptable(IPv4)
    37. 

  37. 	fwdChain, err := iptable.NewChain("FWD", Filter, false)
    38. 

  38. 	if err != nil {
    39. 

  39. 		t.Fatal(err)
    40. 

  40. 	}
    41. 

  41. 

  42. 	err = iptable.ProgramChain(fwdChain, bridgeName, false, true)
    43. 

  43. 	if err != nil {
    44. 

  44. 		t.Fatal(err)
    45. 

  45. 	}
    46. 

  46. 	defer fwdChain.Remove()
    47. 

  47. 

  48. 	// copy-pasted from iptables_test:TestLink
    49. 

  49. 	ip1 := net.ParseIP("192.168.1.1")
    50. 

  50. 	ip2 := net.ParseIP("192.168.1.2")
    51. 

  51. 	const port = 1234
    52. 

  52. 	const proto = "tcp"
    53. 

  53. 

  54. 	err = fwdChain.Link(Append, ip1, ip2, port, proto, bridgeName)
    55. 

  55. 	if err != nil {
    56. 

  56. 		t.Fatal(err)
    57. 

  57. 	} else {
    58. 

  58. 		// to be re-called again later
    59. 

  59. 		OnReloaded(func() { fwdChain.Link(Append, ip1, ip2, port, proto, bridgeName) })
    60. 

  60. 	}
    61. 

  61. 

  62. 	rule1 := []string{
    63. 

  63. 		"-i", bridgeName,
    64. 

  64. 		"-o", bridgeName,
    65. 

  65. 		"-p", proto,
    66. 

  66. 		"-s", ip1.String(),
    67. 

  67. 		"-d", ip2.String(),
    68. 

  68. 		"--dport", strconv.Itoa(port),
    69. 

  69. 		"-j", "ACCEPT",
    70. 

  70. 	}
    71. 

  71. 

  72. 	if !iptable.Exists(fwdChain.Table, fwdChain.Name, rule1...) {
    73. 

  73. 		t.Fatal("rule1 does not exist")
    74. 

  74. 	}
    75. 

  75. 

  76. 	// flush all rules
    77. 

  77. 	fwdChain.Remove()
    78. 

  78. 

  79. 	reloaded()
    80. 

  80. 

  81. 	// make sure the rules have been recreated
    82. 

  82. 	if !iptable.Exists(fwdChain.Table, fwdChain.Name, rule1...) {
    83. 

  83. 		t.Fatal("rule1 hasn't been recreated")
    84. 

  84. 	}
    85. 

  85. }
    86. 

  86. 

  87. func TestPassthrough(t *testing.T) {
    88. 

  88. 	skipIfNoFirewalld(t)
    89. 

  89. 	rule1 := []string{
    90. 

  90. 		"-i", "lo",
    91. 

  91. 		"-p", "udp",
    92. 

  92. 		"--dport", "123",
    93. 

  93. 		"-j", "ACCEPT",
    94. 

  94. 	}
    95. 

  95. 

  96. 	_, err := Passthrough(Iptables, append([]string{"-A"}, rule1...)...)
    97. 

  97. 	if err != nil {
    98. 

  98. 		t.Fatal(err)
    99. 

  99. 	}
    100. 

  100. 	if !GetIptable(IPv4).Exists(Filter, "INPUT", rule1...) {
    101. 

  101. 		t.Fatal("rule1 does not exist")
    102. 

  102. 	}
    103. 

  103. }
    104.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5