diff options
author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-12-16 05:02:47 +0000 |
---|---|---|
committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-12-16 05:02:47 +0000 |
commit | 4b5458a8e906982b70968bd31cbdb85ee4c5f81e (patch) | |
tree | 7b5579b29feada66ebf9974b9287c8d4c81816ef | |
parent | b0c87f9660a746ab8cb1be047264430c1ddf6552 (diff) |
Test source-tracking syntax.
-rw-r--r-- | regress/sbin/pfctl/Makefile | 6 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf84.in | 17 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf84.loaded | 32 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf84.ok | 8 |
4 files changed, 60 insertions, 3 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index e1e70ac8e0c..1051645d808 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.167 2003/12/16 00:30:16 mcbride Exp $ +# $OpenBSD: Makefile,v 1.168 2003/12/16 05:02:46 mcbride Exp $ # TARGETS # pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok @@ -13,14 +13,14 @@ PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 -PFTESTS+=74 75 76 77 78 79 80 81 82 83 +PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 PFFAIL+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 PFSIMPLE=1 2 PFSETUP=1 2 3 4 PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 23 24 25 26 27 28 29 PFLOAD+=30 31 32 34 36 38 39 40 44 46 47 48 49 54 56 60 61 65 66 67 68 69 70 71 -PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 +PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84 PFALTQ=1 2 3 4 5 6 7 8 9 10 11 12 13 14 # disabled; no altq in anchors # PFLOAD+=33 35 37 42 43 45 51 58 59 62 63 64 diff --git a/regress/sbin/pfctl/pf84.in b/regress/sbin/pfctl/pf84.in new file mode 100644 index 00000000000..52f62f3d541 --- /dev/null +++ b/regress/sbin/pfctl/pf84.in @@ -0,0 +1,17 @@ +nat on tun1000000 from 10.0.0.0/24 to any \ + -> { 10.0.1.1, 10.0.1.2 } round-robin sticky-address +rdr on tun1000000 from any to 10.0.1.1 \ + -> { 10.0.0.0/24 } sticky-address random +rdr on tun1000000 from any to 10.0.1.2 \ + -> { 10.0.0.1, 10.0.0.2 } sticky-address + +pass in proto tcp from any to any port 22 \ + keep state (source-track) +pass in proto tcp from any to any port 25 \ + keep state (source-track global) +pass in proto tcp from any to any port 80 \ + keep state (source-track rule, max-src-nodes 1000, max-src-states 3) +pass in proto tcp from any to any port 123 \ + keep state (source-track global, max-src-nodes 1000) +pass in proto tcp from any to any port 321 \ + keep state (source-track, max-src-states 3) diff --git a/regress/sbin/pfctl/pf84.loaded b/regress/sbin/pfctl/pf84.loaded new file mode 100644 index 00000000000..b9546febb6f --- /dev/null +++ b/regress/sbin/pfctl/pf84.loaded @@ -0,0 +1,32 @@ +@0 nat on tun1000000 inet from 10.0.0.0/24 to any -> { 10.0.1.1, 10.0.1.2 } round-robin sticky-address + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 rdr on tun1000000 inet from any to 10.0.1.1 -> 10.0.0.0/24 random sticky-address + [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@1 rdr on tun1000000 inet from any to 10.0.1.2 -> { 10.0.0.1, 10.0.0.2 } round-robin sticky-address + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 pass in proto tcp from any to any port = ssh keep state (source-track global) + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@1 pass in proto tcp from any to any port = smtp keep state (source-track global) + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@2 pass in proto tcp from any to any port = www keep state (source-track rule, max-src-states 3, max-src-nodes 1000) + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@3 pass in proto tcp from any to any port = ntp keep state (source-track global, max-src-nodes 1000) + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@4 pass in proto tcp from any to any port = 321 keep state (source-track global, max-src-states 3) + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf84.ok b/regress/sbin/pfctl/pf84.ok new file mode 100644 index 00000000000..e031da0e292 --- /dev/null +++ b/regress/sbin/pfctl/pf84.ok @@ -0,0 +1,8 @@ +nat on tun1000000 inet from 10.0.0.0/24 to any -> { 10.0.1.1, 10.0.1.2 } round-robin sticky-address +rdr on tun1000000 inet from any to 10.0.1.1 -> 10.0.0.0/24 random sticky-address +rdr on tun1000000 inet from any to 10.0.1.2 -> { 10.0.0.1, 10.0.0.2 } round-robin sticky-address +pass in proto tcp from any to any port = ssh keep state (source-track global) +pass in proto tcp from any to any port = smtp keep state (source-track global) +pass in proto tcp from any to any port = www keep state (source-track rule, max-src-states 3, max-src-nodes 1000) +pass in proto tcp from any to any port = ntp keep state (source-track global, max-src-nodes 1000) +pass in proto tcp from any to any port = 321 keep state (source-track global, max-src-states 3) |