diff options
author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2008-02-01 07:21:15 +0000 |
---|---|---|
committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2008-02-01 07:21:15 +0000 |
commit | 551c92dcacf14971fd40e5727286916ef3e335d6 (patch) | |
tree | f73e192bbcf56d92d4ef2e7cc40faeea7ee96292 | |
parent | d045830773997018efc469453897a2be54754acb (diff) |
Add regress test for anchors matching on filter_opts.
-rw-r--r-- | regress/sbin/pfctl/pf41.in | 3 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf41.ok | 3 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf91.in | 6 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf91.loaded | 2 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf91.ok | 2 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf91.optimized | 2 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail27.in | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail27.ok | 1 |
8 files changed, 14 insertions, 6 deletions
diff --git a/regress/sbin/pfctl/pf41.in b/regress/sbin/pfctl/pf41.in index e7e9140a62d..6aa47e56ef1 100644 --- a/regress/sbin/pfctl/pf41.in +++ b/regress/sbin/pfctl/pf41.in @@ -21,3 +21,6 @@ anchor foo inet all anchor foo proto tcp anchor foo inet proto tcp from 10.1.2.3 port smtp to 10.2.3.4 port ssh anchor foobar inet6 proto udp from ::1 port 1 to ::1 port 2 +anchor filteropt out proto tcp to any port 22 user root +anchor filteropt in proto tcp to (self) port 22 group sshd +anchor filteropt out inet proto icmp all icmp-type echoreq diff --git a/regress/sbin/pfctl/pf41.ok b/regress/sbin/pfctl/pf41.ok index 7f214cbd0d5..ec3a3784974 100644 --- a/regress/sbin/pfctl/pf41.ok +++ b/regress/sbin/pfctl/pf41.ok @@ -53,3 +53,6 @@ anchor "foo" inet all anchor "foo" proto tcp all anchor "foo" inet proto tcp from 10.1.2.3 port = smtp to 10.2.3.4 port = ssh anchor "foobar" inet6 proto udp from ::1 port = 1 to ::1 port = 2 +anchor "filteropt" out proto tcp from any to any port = ssh user = 0 +anchor "filteropt" in proto tcp from any to (self) port = ssh group = 27 +anchor "filteropt" out inet proto icmp all icmp-type echoreq diff --git a/regress/sbin/pfctl/pf91.in b/regress/sbin/pfctl/pf91.in index 34f9bc7449a..b4fc631423e 100644 --- a/regress/sbin/pfctl/pf91.in +++ b/regress/sbin/pfctl/pf91.in @@ -1,11 +1,11 @@ # basic anchor test anchor on tun1000000 { anchor foo out { - pass proto tcp to port 1234 - anchor proto tcp to port 2413 { + pass proto tcp to port 1234 + anchor proto tcp to port 2413 user root label "foo" { block pass from 127.0.0.1 } } - pass in proto tcp to port 1234 + pass in proto tcp to port 1234 } diff --git a/regress/sbin/pfctl/pf91.loaded b/regress/sbin/pfctl/pf91.loaded index a5c2ea74345..b1a0b910dfa 100644 --- a/regress/sbin/pfctl/pf91.loaded +++ b/regress/sbin/pfctl/pf91.loaded @@ -10,7 +10,7 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 anchor proto tcp from any to any port = 2413 { +@1 anchor proto tcp from any to any port = 2413 user = 0 label "foo" { [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf91.ok b/regress/sbin/pfctl/pf91.ok index 00e81175617..9f69e272d7f 100644 --- a/regress/sbin/pfctl/pf91.ok +++ b/regress/sbin/pfctl/pf91.ok @@ -1,7 +1,7 @@ anchor on tun1000000 all { anchor "foo" out all { pass proto tcp from any to any port = 1234 flags S/SA keep state - anchor proto tcp from any to any port = 2413 { + anchor proto tcp from any to any port = 2413 user = 0 label "foo" { block drop all pass inet from 127.0.0.1 to any flags S/SA keep state } diff --git a/regress/sbin/pfctl/pf91.optimized b/regress/sbin/pfctl/pf91.optimized index a5c2ea74345..b1a0b910dfa 100644 --- a/regress/sbin/pfctl/pf91.optimized +++ b/regress/sbin/pfctl/pf91.optimized @@ -10,7 +10,7 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 anchor proto tcp from any to any port = 2413 { +@1 anchor proto tcp from any to any port = 2413 user = 0 label "foo" { [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pfail27.in b/regress/sbin/pfctl/pfail27.in index 01e82d1ec60..d57e7829319 100644 --- a/regress/sbin/pfctl/pfail27.in +++ b/regress/sbin/pfctl/pfail27.in @@ -3,3 +3,4 @@ rdr-anchor foo from 10/8 port 1024 to any rdr-anchor foo to 10/8 port { 80, 443 } rdr-anchor foo to 10/8 port 6000:7000 +anchor foo keep state diff --git a/regress/sbin/pfctl/pfail27.ok b/regress/sbin/pfctl/pfail27.ok index 36316fec7e7..20d88abe520 100644 --- a/regress/sbin/pfctl/pfail27.ok +++ b/regress/sbin/pfctl/pfail27.ok @@ -1,3 +1,4 @@ stdin:3: source port parameter not supported in rdr-anchor stdin:4: destination port list expansion not supported in rdr-anchor stdin:5: destination port operators not supported in rdr-anchor +stdin:6: cannot specify state handling on anchors |