def test_03_optimize_algorithm(self):
"""Filter_Test: optimize, check 30 moves and partitions"""
f = Filter("filter", "reference-input")
cnt, msg = f.opti()
expect = """#chainname : moves partitions
#INPUT : 18 [1, 2][3, 3][4, 11][12, 12][13, 16][17, 17][18, 19]
#FORWARD : 6 [1, 4][5, 5]
#OUTPUT : 6 [1, 4][5, 5][6, 6]
#IPSEC : 0 [1, 1]
"""
self.assertEquals(30, cnt)
print(msg)
self.assertEquals(expect, msg)
def test_03_optimize_algorithm(self):
"""Filter_Test: optimize, check 30 moves and partitions"""
f = Filter("filter", "reference-input")
cnt, msg = f.opti()
expect = """#chainname : moves partitions
#INPUT : 18 [1, 2][3, 3][4, 11][12, 12][13, 16][17, 17][18, 19]
#FORWARD : 6 [1, 4][5, 5]
#OUTPUT : 6 [1, 4][5, 5][6, 6]
#IPSEC : 0 [1, 1]
"""
self.assertEquals(30, cnt)
print(msg)
self.assertEquals(expect, msg)
def test_04_filter_output(self):
"""Filter_Test: check output for reference-input"""
expect = """# Generated by iptables-optimpizer.py from: reference-input
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:IPSEC - [0:0]
[110:1234] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 21 -j ACCEPT
[9:10] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT
[50:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 50 -j DROP
[1630:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT
[150:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 750 -j ACCEPT
[43:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 43 -j ACCEPT
[42:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 42 -j ACCEPT
[41:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 41 -j ACCEPT
[10:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 10 -j ACCEPT
[9:10] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT
[1:230] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 20 -j ACCEPT
[50:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 50 -j DROP
[280:2200] -A INPUT -i lo -j ACCEPT
[70:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 70 -j ACCEPT
[60:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 60 -j ACCEPT
[1:2323] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 23 -j ACCEPT
[380:3200] -A INPUT -j logdrop
[381:3210] -A INPUT -j logdrob
[382:3220] -A INPUT -j logdrp
[3:30] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 24 -j DROP
[32:1260] -A INPUT -i eth3 -j ACCEPT
[3:260] -A INPUT -i eth2 -j ACCEPT
[4:123] -A FORWARD -i eth3 -o eth3 -j ACCEPT
[3:123] -A FORWARD -i eth2 -o eth2 -j ACCEPT
[2:123] -A FORWARD -i eth1 -o eth1 -j ACCEPT
[1:123] -A FORWARD -s 10.0.0.0/8 -d 192.168.216.0/24 -j ACCEPT
[1:123] -A FORWARD -j IPSEC
[200:0] -A OUTPUT -p tcp -m tcp --sport 20 --dport 1024:65535 -j ACCEPT
[50:123] -A OUTPUT -p tcp -m tcp --sport 23 --dport 1024:65535 -j ACCEPT
[20:20] -A OUTPUT -p tcp -m tcp --sport 21 --dport 1024:65535 -j ACCEPT
[10:10] -A OUTPUT -o lo -j ACCEPT
[80:123] -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT
[50:123] -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
[11:1123] -A IPSEC -j ACCEPT
COMMIT
# Completed by iptables-optimizer.py from: reference-input
"""
f = Filter("filter", "reference-input")
f.opti()
result = f.show()
self.assertEquals(expect, result)
def test_04_filter_output(self):
"""Filter_Test: check output for reference-input"""
expect ="""# Generated by iptables-optimpizer.py from: reference-input
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:IPSEC - [0:0]
[110:1234] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 21 -j ACCEPT
[9:10] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT
[50:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 50 -j DROP
[1630:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT
[150:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 750 -j ACCEPT
[43:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 43 -j ACCEPT
[42:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 42 -j ACCEPT
[41:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 41 -j ACCEPT
[10:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 10 -j ACCEPT
[9:10] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT
[1:230] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 20 -j ACCEPT
[50:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 50 -j DROP
[280:2200] -A INPUT -i lo -j ACCEPT
[70:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 70 -j ACCEPT
[60:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 60 -j ACCEPT
[1:2323] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 23 -j ACCEPT
[380:3200] -A INPUT -j logdrop
[381:3210] -A INPUT -j logdrob
[382:3220] -A INPUT -j logdrp
[3:30] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 24 -j DROP
[32:1260] -A INPUT -i eth3 -j ACCEPT
[3:260] -A INPUT -i eth2 -j ACCEPT
[4:123] -A FORWARD -i eth3 -o eth3 -j ACCEPT
[3:123] -A FORWARD -i eth2 -o eth2 -j ACCEPT
[2:123] -A FORWARD -i eth1 -o eth1 -j ACCEPT
[1:123] -A FORWARD -s 10.0.0.0/8 -d 192.168.216.0/24 -j ACCEPT
[1:123] -A FORWARD -j IPSEC
[200:0] -A OUTPUT -p tcp -m tcp --sport 20 --dport 1024:65535 -j ACCEPT
[50:123] -A OUTPUT -p tcp -m tcp --sport 23 --dport 1024:65535 -j ACCEPT
[20:20] -A OUTPUT -p tcp -m tcp --sport 21 --dport 1024:65535 -j ACCEPT
[10:10] -A OUTPUT -o lo -j ACCEPT
[80:123] -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT
[50:123] -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
[11:1123] -A IPSEC -j ACCEPT
COMMIT
# Completed by iptables-optimizer.py from: reference-input
"""
f = Filter("filter", "reference-input")
f.opti()
result = f.show()
self.assertEquals(expect, result)
def test_02_filter_file_OKread(self):
"""Filter_Test: read reference-input"""
self.assertIsInstance(Filter("filter", "reference-input"), Filter)
def test_01_filter_file_NOread(self):
"""Filter_Test: non existant input-file"""
filename = 'not-exist-is-OK'
with self.assertRaises(FilterLoadError):
f = Filter('filter', filename)
def test_01_filter_file_NOread(self):
"""Filter_Test: non existant input-file"""
self.assertRaises(Filter("filter", "not-exist-is-OK"))
