def test_tcp_conflicting_rules_incoming(self):
        rules = Rules(conflicting_rules)

        binary_packet = BinaryPacket()

        # Test edge 1
        binary_packet.source_ip = '123.34.128.0' # This should be blocked
        packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
        result = rules.result_for_pkt(packet)
        self.assertEqual(RULE_RESULT_DROP, result)
        # Test middle
        binary_packet.source_ip = '123.34.225.225' # This should be blocked
        packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
        result = rules.result_for_pkt(packet)
        self.assertEqual(RULE_RESULT_DROP, result)
        # Test edge 2
        binary_packet.source_ip = '123.34.255.255' # This should be blocked
        packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
        result = rules.result_for_pkt(packet)
        self.assertEqual(RULE_RESULT_DROP, result)
        # Now test targeted allowed IP
        binary_packet.source_ip = '123.34.220.255' # This should be ALLOWED
        packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
        result = rules.result_for_pkt(packet)
        self.assertEqual(RULE_RESULT_PASS, result)
    def test_icmp_block_any_port_incoming(self):
        rules = Rules(block_any_port)

        binary_packet = BinaryPacket()
        binary_packet.source_ip = '255.255.255.254' # The rule shouldn't apply here
        packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_icmp_packet(), geoDB=None)
        result = rules.result_for_pkt(packet)
        self.assertEqual(RULE_RESULT_PASS, result)
        binary_packet.source_ip = '255.255.255.255' # The rule should apply here
        packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_icmp_packet(), geoDB=None)
        result = rules.result_for_pkt(packet)
        self.assertEqual(RULE_RESULT_DROP, result)
    def test_tcp_block_incoming(self):
        rules = Rules(country_block_rules)
        binary_packet = BinaryPacket()

        for US_ip in self.US_ip_examples:
            binary_packet.source_ip = US_ip # This should be blocked
            packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_tcp_packet(), geoDB=self.geoDB)
            result = rules.result_for_pkt(packet)
            self.assertEqual(RULE_RESULT_DROP, result)
    def test_tcp_drop_external_ip_incoming(self):
        rules = Rules(external_ip_drop_rules)

        binary_packet = BinaryPacket()
        binary_packet.source_ip = '128.32.244.17' # This should be blocked
        binary_packet = binary_packet.get_tcp_packet()

        packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet, geoDB=None)
        result = rules.result_for_pkt(packet)
        self.assertEqual(RULE_RESULT_DROP, result)
    def test_tcp_drop_external_ip_prefix_incoming(self):
        rules = Rules(external_ip_prefix_drop_rules)

        binary_packet = BinaryPacket()

        # Test edge 1
        binary_packet.source_ip = '123.34.128.0' # This should be blocked
        packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
        result = rules.result_for_pkt(packet)
        self.assertEqual(RULE_RESULT_DROP, result)

        # Test middle
        binary_packet.source_ip = '123.34.200.194' # This should be blocked
        packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
        result = rules.result_for_pkt(packet)
        self.assertEqual(RULE_RESULT_DROP, result)

        # Test edge 2
        binary_packet.source_ip = '123.34.255.255' # This should be blocked
        packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
        result = rules.result_for_pkt(packet)
        self.assertEqual(RULE_RESULT_DROP, result)