diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2001-07-26 14:33:46 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-07-26 14:33:46 +0000 |
| commit | 1887cc9dc6d127e58763111e1d5bdcf121f35d3e (patch) | |
| tree | 0cd2404b97c5a1579b7069d7ad6aac3115d8038d | |
| parent | 36538c059e1d086b4a498e3ecb93314034bf1adb (diff) | |
initial tests for the pfctl parser
| -rw-r--r-- | regress/sbin/pfctl/Makefile | 27 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf1.in | 5 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf1.ok | 5 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf2.in | 32 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf2.ok | 21 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pfail1.in | 5 | ||||
| -rw-r--r-- | regress/sbin/pfctl/rdr1.in | 1 |
7 files changed, 96 insertions, 0 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile new file mode 100644 index 00000000000..207bc67ddaa --- /dev/null +++ b/regress/sbin/pfctl/Makefile @@ -0,0 +1,27 @@ +# $OpenBSD: Makefile,v 1.1 2001/07/26 14:33:45 markus Exp $ + +NOMAN= +NOPROG= +PFTESTS=1 2 + +pfail1: + @pfctl -nvR- < ${.CURDIR}/pfail1.in > /dev/null 2>&1 || \ + echo 'test pfail1 should fail' + +.for n in ${PFTESTS} +regress: pf${n} + +pf${n}: pf${n}.out + @cmp -s ${.CURDIR}/pf${n}.ok pf${n}.out || \ + echo 'test pf${n} output does not match expected output' +pf${n}.out: + pfctl -nvR- < ${.CURDIR}/pf${n}.in > $@ + +.PHONY: pf${n} regress +CLEANFILES+=pf${n}.out +.endfor + +regress: pfail1 + +.PHONY: regress pfail1 +.include <bsd.prog.mk> diff --git a/regress/sbin/pfctl/pf1.in b/regress/sbin/pfctl/pf1.in new file mode 100644 index 00000000000..0cd1e474680 --- /dev/null +++ b/regress/sbin/pfctl/pf1.in @@ -0,0 +1,5 @@ +pass in all +pass in from any to any +pass in proto tcp from any port <= 1024 to any +pass in proto tcp from any to any port = 25 +pass in proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22 diff --git a/regress/sbin/pfctl/pf1.ok b/regress/sbin/pfctl/pf1.ok new file mode 100644 index 00000000000..746117aefb7 --- /dev/null +++ b/regress/sbin/pfctl/pf1.ok @@ -0,0 +1,5 @@ +@1 pass in all +@1 pass in all +@1 pass in proto tcp from any port <= 1024 to any +@1 pass in proto tcp from any to any port = smtp +@1 pass in proto tcp from 10.0.0.0/255.0.0.0 port > 1024 to ! 10.1.2.3 port != ssh diff --git a/regress/sbin/pfctl/pf2.in b/regress/sbin/pfctl/pf2.in new file mode 100644 index 00000000000..dda840a4ca0 --- /dev/null +++ b/regress/sbin/pfctl/pf2.in @@ -0,0 +1,32 @@ +# test + +block out log on kue0 all +block in log on kue0 all + +block return-rst out log on kue0 proto tcp all +block return-rst in log on kue0 proto tcp all +block return-icmp out log on kue0 proto udp all +block return-icmp in log on kue0 proto udp all + +block out log quick on kue0 from ! 157.161.48.183 to any + +block in quick on kue0 from any to 255.255.255.255 + +block in log quick on kue0 from 10.0.0.0/8 to any +block in log quick on kue0 from 172.16.0.0/12 to any +block in log quick on kue0 from 192.168.0.0/16 to any +block in log quick on kue0 from 255.255.255.255/32 to any + +pass out on kue0 proto icmp all icmp-type 8 code 0 keep state +pass in on kue0 proto icmp all icmp-type 8 code 0 keep state + +pass out on kue0 proto udp all keep state + +pass in on kue0 proto udp from any to any port = domain keep state + +pass out on kue0 proto tcp all keep state + +pass in on kue0 proto tcp from any to any port = ssh keep state +pass in on kue0 proto tcp from any to any port = smtp keep state +pass in on kue0 proto tcp from any to any port = domain keep state +pass in on kue0 proto tcp from any to any port = auth keep state diff --git a/regress/sbin/pfctl/pf2.ok b/regress/sbin/pfctl/pf2.ok new file mode 100644 index 00000000000..29ae432136e --- /dev/null +++ b/regress/sbin/pfctl/pf2.ok @@ -0,0 +1,21 @@ +@1 block out log on kue0 all +@1 block in log on kue0 all +@1 block return-rst out log on kue0 proto tcp all +@1 block return-rst in log on kue0 proto tcp all +@1 block return-icmp out log on kue0 proto udp all +@1 block return-icmp in log on kue0 proto udp all +@1 block out log quick on kue0 from ! 157.161.48.183 to any +@1 block in quick on kue0 from any to 255.255.255.255 +@1 block in log quick on kue0 from 10.0.0.0/255.0.0.0 to any +@1 block in log quick on kue0 from 172.16.0.0/255.240.0.0 to any +@1 block in log quick on kue0 from 192.168.0.0/255.255.0.0 to any +@1 block in log quick on kue0 from 255.255.255.255 to any +@1 pass out on kue0 proto icmp all icmp-type echoreq code 0 keep state +@1 pass in on kue0 proto icmp all icmp-type echoreq code 0 keep state +@1 pass out on kue0 proto udp all keep state +@1 pass in on kue0 proto udp from any to any port = domain keep state +@1 pass out on kue0 proto tcp all keep state +@1 pass in on kue0 proto tcp from any to any port = ssh keep state +@1 pass in on kue0 proto tcp from any to any port = smtp keep state +@1 pass in on kue0 proto tcp from any to any port = domain keep state +@1 pass in on kue0 proto tcp from any to any port = auth keep state diff --git a/regress/sbin/pfctl/pfail1.in b/regress/sbin/pfctl/pfail1.in new file mode 100644 index 00000000000..e03ee35928c --- /dev/null +++ b/regress/sbin/pfctl/pfail1.in @@ -0,0 +1,5 @@ +pass in all +pass in from any to any +pass in from any port <= 1024 to any +pass in from any to any port = 25 +pass in from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22 diff --git a/regress/sbin/pfctl/rdr1.in b/regress/sbin/pfctl/rdr1.in new file mode 100644 index 00000000000..1eb062750cd --- /dev/null +++ b/regress/sbin/pfctl/rdr1.in @@ -0,0 +1 @@ +rdr on ne0 proto tcp from any to 1.2.3.4/32 port 2222 -> 10.0.0.10 port 22 |