def setUp(self):
self.dst_host = socket.gethostbyname(HOST)
self.config = NuauthConf()
self.acls = PlaintextAcl()
self.acls.addAclFull("web", self.dst_host, VALID_PORT, USERDB[0].gid, 1, period='10 secs' )
self.acls.install(self.config)
self.period = PlainPeriodXML()
self.period.addPeriod(Period("10 secs", duration = 10))
self.period.install(self.config)
self.users = USERDB
self.users.install(self.config)
self.nuauth = Nuauth(self.config)
self.nufw = startNufw()
self.iptables = Iptables()
self.iptables.flush()
self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 --syn -m state --state NEW -j NFQUEUE' % self.dst_host)
self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 ! --syn -m state --state NEW -j DROP' % self.dst_host)
class TestConntrack(TestCase):
def setUp(self):
self.dst_host = socket.gethostbyname(HOST)
self.config = NuauthConf()
self.acls = PlaintextAcl()
self.acls.addAclFull("web", self.dst_host, VALID_PORT, USERDB[0].gid, 1, period='10 secs' )
self.acls.install(self.config)
self.period = PlainPeriodXML()
self.period.addPeriod(Period("10 secs", duration = 10))
self.period.install(self.config)
self.users = USERDB
self.users.install(self.config)
self.nuauth = Nuauth(self.config)
self.nufw = startNufw()
self.iptables = Iptables()
self.iptables.flush()
self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 --syn -m state --state NEW -j NFQUEUE' % self.dst_host)
self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 ! --syn -m state --state NEW -j DROP' % self.dst_host)
def tearDown(self):
self.nuauth.stop()
self.users.desinstall()
self.acls.desinstall()
self.period.desinstall()
def testConnShutdown(self):
user = USERDB[0]
client = user.createClient()
self.assert_(connectClient(client))
start = time.time()
conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn.connect((self.dst_host, VALID_PORT))
src_port = conn.getsockname()[1]
ct_before = len(get_conntrack_conn(src_port, self.dst_host, VALID_PORT))
## Check that only one connection is opened to
self.assert_(ct_before == 1)
## The connection should be killed 10 seconds after being opened
time.sleep(15)
## Check that only one connection is opened to
ct_after = len(get_conntrack_conn(src_port, self.dst_host, VALID_PORT))
self.assert_(ct_after == 0)
conn.close()
client.stop()
class TestConntrack(TestCase):
def setUp(self):
self.dst_host = socket.gethostbyname(HOST)
self.config = NuauthConf()
self.acls = PlaintextAcl()
self.acls.addAclFull("web", self.dst_host, VALID_PORT, USERDB[0].gid, 1, period="10 secs")
self.acls.install(self.config)
self.period = PlainPeriodXML()
self.period.addPeriod(Period("10 secs", duration=10))
self.period.install(self.config)
self.users = USERDB
self.users.install(self.config)
self.nuauth = Nuauth(self.config)
self.nufw = startNufw()
self.iptables = Iptables()
self.iptables.flush()
self.iptables.command("-I OUTPUT -d %s -p tcp --dport 80 --syn -m state --state NEW -j NFQUEUE" % self.dst_host)
self.iptables.command("-I OUTPUT -d %s -p tcp --dport 80 ! --syn -m state --state NEW -j DROP" % self.dst_host)
def tearDown(self):
self.nuauth.stop()
self.users.desinstall()
self.acls.desinstall()
self.period.desinstall()
def testConnShutdown(self):
user = USERDB[0]
client = user.createClient()
self.assert_(connectClient(client))
start = time.time()
conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn.connect((self.dst_host, VALID_PORT))
src_port = conn.getsockname()[1]
ct_before = len(get_conntrack_conn(src_port, self.dst_host, VALID_PORT))
## Check that only one connection is opened to
self.assert_(ct_before == 1)
## The connection should be killed 10 seconds after being opened
time.sleep(15)
## Check that only one connection is opened to
ct_after = len(get_conntrack_conn(src_port, self.dst_host, VALID_PORT))
self.assert_(ct_after == 0)
conn.close()
client.stop()
def setUp(self):
self.dst_host = socket.gethostbyname(HOST)
self.config = NuauthConf()
self.acls = PlaintextAcl()
self.acls.addAclFull("web", self.dst_host, VALID_PORT, USERDB[0].gid, 1, period="10 secs")
self.acls.install(self.config)
self.period = PlainPeriodXML()
self.period.addPeriod(Period("10 secs", duration=10))
self.period.install(self.config)
self.users = USERDB
self.users.install(self.config)
self.nuauth = Nuauth(self.config)
self.nufw = startNufw()
self.iptables = Iptables()
self.iptables.flush()
self.iptables.command("-I OUTPUT -d %s -p tcp --dport 80 --syn -m state --state NEW -j NFQUEUE" % self.dst_host)
self.iptables.command("-I OUTPUT -d %s -p tcp --dport 80 ! --syn -m state --state NEW -j DROP" % self.dst_host)
