def test_firewall_block_packet(self): """Verify firewall blocks a packet that doesn't match a rule.""" fw = Firewall() fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="80", ip_address="192.168.1.2")) self.assertFalse( fw.accept_packet(direction="outbound", protocol="tcp", port=80, ip_address="192.168.1.2")) self.assertFalse( fw.accept_packet(direction="inbound", protocol="udp", port=80, ip_address="192.168.1.2")) self.assertFalse( fw.accept_packet(direction="inbound", protocol="udp", port=81, ip_address="192.168.1.2")) self.assertFalse( fw.accept_packet(direction="outbound", protocol="tcp", port=80, ip_address="192.168.1.3"))
def test_firewall_allow_range_ipaddr_packet(self): """ Verify firewall allows a packet that matches a rule with ranged IP addresses. """ fw = Firewall() fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="80", ip_address="0.0.0.0-255.255.255.255")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=80, ip_address="0.0.0.0")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=80, ip_address="255.255.255.255")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=80, ip_address="192.168.1.2"))
def test_firewall_allow_range_port_packet(self): """ Verify firewall allows a packet that matches a rule with ranged port numbers. """ fw = Firewall() fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="1-65535", ip_address="192.168.1.2")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=1, ip_address="192.168.1.2")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=65535, ip_address="192.168.1.2")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=30000, ip_address="192.168.1.2"))
def test_no_add_duplicate_ipaddr_rules(self): """Verify that duplicate range IP address rules cannot be added.""" fw = Firewall() fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="80", ip_address="192.168.1.2-192.168.2.2")) bucket_num = 80 // fw.num_ports_bucket self.assertEqual(len(fw.fw_rules["inbound"]["tcp"][bucket_num]), 1) fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="80", ip_address="192.168.1.2-192.168.2.2")) self.assertEqual(len(fw.fw_rules["inbound"]["tcp"][bucket_num]), 1)
def test_no_add_duplicate_range_port_rules(self): """Verify that duplicate range port rules cannot be added.""" fw = Firewall() fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="50-2000", ip_address="192.168.1.2")) start_bucket = 50 // fw.num_ports_bucket end_bucket = 2000 // fw.num_ports_bucket for bucket_num in range(start_bucket, end_bucket + 1): self.assertEqual(len(fw.fw_rules["inbound"]["tcp"][bucket_num]), 1) fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="50-2000", ip_address="192.168.1.2")) for bucket_num in range(start_bucket, end_bucket + 1): self.assertEqual(len(fw.fw_rules["inbound"]["tcp"][bucket_num]), 1)
def test_firewall_block_range_ipaddr_packet(self): """ Verify firewall blocks a packet that doesn't match a rule with ranged IP addresses. """ fw = Firewall() fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="80", ip_address="192.168.1.2-192.168.2.1")) self.assertFalse( fw.accept_packet(direction="inbound", protocol="tcp", port=80, ip_address="192.168.1.1")) self.assertFalse( fw.accept_packet(direction="inbound", protocol="tcp", port=91, ip_address="192.168.2.2"))