def test_add_rule(self):
"""Test generic addition of a rule"""
dnat_rule = self.dnat_rules.pop()
passthrough_rule = self.passthrough_rules.pop()
iptables.add_rule(dnat_rule, chain='TEST_CHAIN')
self.assertEquals(
0, treadmill.iptables.add_passthrough_rule.call_count
)
treadmill.iptables.add_dnat_rule.assert_called_with(
dnat_rule,
chain='TEST_CHAIN'
)
treadmill.iptables.add_passthrough_rule.reset_mock()
treadmill.iptables.add_dnat_rule.reset_mock()
iptables.add_rule(passthrough_rule, chain='TEST_CHAIN')
treadmill.iptables.add_passthrough_rule.assert_called_with(
passthrough_rule,
chain='TEST_CHAIN'
)
self.assertEquals(
0, treadmill.iptables.add_dnat_rule.call_count
)
def on_created(path):
"""Invoked when a network rule is created."""
rule_file = os.path.basename(path)
_LOGGER.info('adding %r', rule_file)
# The rule is the filename
chain_rule = rulemgr.get_rule(rule_file)
if chain_rule is not None:
chain, rule = chain_rule
iptables.add_rule(rule, chain=chain)
if isinstance(rule, fw.PassThroughRule):
passthrough[rule.src_ip] = (
passthrough.setdefault(rule.src_ip, 0) + 1
)
_LOGGER.info('Adding passthrough %r', rule.src_ip)
iptables.add_ip_set(iptables.SET_PASSTHROUGHS, rule.src_ip)
iptables.flush_pt_conntrack_table(rule.src_ip)
elif isinstance(rule, (fw.SNATRule, fw.DNATRule)):
if rule.proto == 'udp':
iptables.flush_conntrack_table(
src_ip=rule.src_ip,
src_port=rule.src_port,
dst_ip=rule.dst_ip,
dst_port=rule.dst_port,
)
else:
_LOGGER.warning('Ignoring unparseable rule %r', rule_file)