def test_05_new_chain(self):
"""
Chain 05: create a new chain in filtergroup,
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-N NEWCHAIN")
self.assertEquals(
{'FORWARD': [], 'INPUT': [], 'NEWCHAIN': [], 'OUTPUT': []},
filter.data)
def test_09_insert_rule_works(self):
"""
Chain 09: insert a rule into a nonempty chain works at start
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-A INPUT -p tcp -j ACCEPT")
filter.put_into_fgr("-I INPUT -p udp -j ACCEPT")
filter.put_into_fgr("-I INPUT -p esp -j ACCEPT")
expect = ['-I INPUT -p esp -j ACCEPT',
'-I INPUT -p udp -j ACCEPT',
'-A INPUT -p tcp -j ACCEPT']
self.assertEquals(expect, filter.data["INPUT"])
def test_12_remove_chain(self):
"""
Chain 12: try to remove an existing chain
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-N NEWCHAIN")
self.assertEquals(
{'FORWARD': [], 'INPUT': [], 'NEWCHAIN': [], 'OUTPUT': []},
filter.data)
filter.put_into_fgr("-X NEWCHAIN")
self.assertEquals(
{'FORWARD': [], 'INPUT': [], 'OUTPUT': []},
filter.data)
def test_05_new_chain(self):
"""
Chain 05: create a new chain in filtergroup,
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-N NEWCHAIN")
self.assertEquals(
{
'FORWARD': [],
'INPUT': [],
'NEWCHAIN': [],
'OUTPUT': []
}, filter.data)
def test_10_append_rule(self):
"""
Chain 10: append a rule to a chain
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-A INPUT -p tcp -j ACCEPT")
self.assertEquals(['-A INPUT -p tcp -j ACCEPT'], filter.data["INPUT"])
filter.put_into_fgr("-A INPUT -p udp -j ACCEPT")
filter.put_into_fgr("-A INPUT -p esp -j ACCEPT")
expect = ['-A INPUT -p tcp -j ACCEPT',
'-A INPUT -p udp -j ACCEPT',
'-A INPUT -p esp -j ACCEPT']
self.assertEquals(expect, filter.data["INPUT"])
def test_02_prove_policies(self):
"""
Chain 02: check 3 valid policies, 1 exception
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-P INPUT DROP")
self.assertEquals(
{
'FORWARD': 'ACCEPT',
'INPUT': 'DROP',
'OUTPUT': 'ACCEPT'
}, filter.poli)
filter.put_into_fgr("-P FORWARD REJECT")
self.assertEquals(
{
'FORWARD': 'REJECT',
'INPUT': 'DROP',
'OUTPUT': 'ACCEPT'
}, filter.poli)
filter.put_into_fgr("-P OUTPUT DROP")
self.assertEquals(
{
'FORWARD': 'REJECT',
'INPUT': 'DROP',
'OUTPUT': 'DROP'
}, filter.poli)
self.assertRaises(ValueError, filter.put_into_fgr, "-P OUTPUT FAIL")
def test_08_insert_rule_fail(self):
"""
Chain 08: insert a rule into a non_existing chain fails
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
#filter.put_into_fgr("-I INPUT -p tcp -j ACCEPT")
self.assertRaises(ValueError, filter.put_into_fgr, "-I PUT -j ACCEPT")
def test_03_tables_names(self):
"""
Chain 03: 3 cases OK, 1 Exception
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-t filter -A INPUT -i sl0 -j ACCEPT")
self.assertEquals(['-A INPUT -i sl0 -j ACCEPT '], filter.data["INPUT"])
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-t nat -A OUTPUT -j ACCEPT")
self.assertEquals(['-A OUTPUT -j ACCEPT '], filter.data["OUTPUT"])
#filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-t nat -A FORWARD -j ACCEPT")
self.assertEquals(['-A FORWARD -j ACCEPT '], filter.data["FORWARD"])
self.assertRaises(ValueError, filter.put_into_fgr, "-t na -A INPUT")
def test_01_create_a_chain_object(self):
"""
Chain 01: create a Filter group, f.e. filter
"""
self.assertIsInstance(Chains("filter", ["INPUT", "FORWARD", "OUTPUT"]),
Chains)
self.assertEquals({}, Chains("filter", []))
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
self.assertEquals("filter", filter.name)
self.assertEquals(['INPUT', 'FORWARD', 'OUTPUT'], filter.tables)
self.assertEquals("-", filter.policy)
self.assertEquals(0, filter.length)
self.assertEquals(
{
'FORWARD': 'ACCEPT',
'INPUT': 'ACCEPT',
'OUTPUT': 'ACCEPT'
}, filter.poli)
def test_04_flush(self):
"""
Chain 04: flush filter group, 2 rules and an invalid chain
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-t filter -A INPUT -i sl0 -j ACCEPT")
self.assertEquals(['-A INPUT -i sl0 -j ACCEPT '], filter.data["INPUT"])
filter.put_into_fgr("-A OUTPUT -o sl1 -j ACCEPT")
self.assertEquals(['-A OUTPUT -o sl1 -j ACCEPT'],
filter.data["OUTPUT"])
filter.put_into_fgr("-F")
self.assertEquals([], filter.data["INPUT"])
self.assertEquals([], filter.data["OUTPUT"])
self.assertRaises(ValueError, filter.put_into_fgr, "-t inval -F")
def test_03_tables_names(self):
"""
Chain 03: 3 cases OK, 1 Exception
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-t filter -A INPUT -i sl0 -j ACCEPT")
self.assertEquals(['-A INPUT -i sl0 -j ACCEPT '], filter.data["INPUT"])
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-t nat -A OUTPUT -j ACCEPT")
self.assertEquals(['-A OUTPUT -j ACCEPT '], filter.data["OUTPUT"])
#filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-t nat -A FORWARD -j ACCEPT")
self.assertEquals(['-A FORWARD -j ACCEPT '], filter.data["FORWARD"])
self.assertRaises(ValueError, filter.put_into_fgr, "-t na -A INPUT")
def test_09_insert_rule_works(self):
"""
Chain 09: insert a rule into a nonempty chain works at start
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-A INPUT -p tcp -j ACCEPT")
filter.put_into_fgr("-I INPUT -p udp -j ACCEPT")
filter.put_into_fgr("-I INPUT -p esp -j ACCEPT")
expect = [
'-I INPUT -p esp -j ACCEPT', '-I INPUT -p udp -j ACCEPT',
'-A INPUT -p tcp -j ACCEPT'
]
self.assertEquals(expect, filter.data["INPUT"])
def test_04_flush(self):
"""
Chain 04: flush filter group, 2 rules and an invalid chain
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-t filter -A INPUT -i sl0 -j ACCEPT")
self.assertEquals(['-A INPUT -i sl0 -j ACCEPT '],
filter.data["INPUT"])
filter.put_into_fgr("-A OUTPUT -o sl1 -j ACCEPT")
self.assertEquals(['-A OUTPUT -o sl1 -j ACCEPT'],
filter.data["OUTPUT"])
filter.put_into_fgr("-F")
self.assertEquals([], filter.data["INPUT"])
self.assertEquals([], filter.data["OUTPUT"])
self.assertRaises(ValueError, filter.put_into_fgr, "-t inval -F")
def test_10_append_rule(self):
"""
Chain 10: append a rule to a chain
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-A INPUT -p tcp -j ACCEPT")
self.assertEquals(['-A INPUT -p tcp -j ACCEPT'], filter.data["INPUT"])
filter.put_into_fgr("-A INPUT -p udp -j ACCEPT")
filter.put_into_fgr("-A INPUT -p esp -j ACCEPT")
expect = [
'-A INPUT -p tcp -j ACCEPT', '-A INPUT -p udp -j ACCEPT',
'-A INPUT -p esp -j ACCEPT'
]
self.assertEquals(expect, filter.data["INPUT"])
def test_02_prove_policies(self):
"""
Chain 02: check 3 valid policies, 1 exception
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-P INPUT DROP")
self.assertEquals(
{'FORWARD': 'ACCEPT', 'INPUT': 'DROP', 'OUTPUT': 'ACCEPT'},
filter.poli)
filter.put_into_fgr("-P FORWARD REJECT")
self.assertEquals(
{'FORWARD': 'REJECT', 'INPUT': 'DROP', 'OUTPUT': 'ACCEPT'},
filter.poli)
filter.put_into_fgr("-P OUTPUT DROP")
self.assertEquals(
{'FORWARD': 'REJECT', 'INPUT': 'DROP', 'OUTPUT': 'DROP'},
filter.poli)
self.assertRaises(ValueError, filter.put_into_fgr, "-P OUTPUT FAIL")
def test_12_remove_chain(self):
"""
Chain 12: try to remove an existing chain
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
filter.put_into_fgr("-N NEWCHAIN")
self.assertEquals(
{
'FORWARD': [],
'INPUT': [],
'NEWCHAIN': [],
'OUTPUT': []
}, filter.data)
filter.put_into_fgr("-X NEWCHAIN")
self.assertEquals({
'FORWARD': [],
'INPUT': [],
'OUTPUT': []
}, filter.data)
def test_13_illegal_command(self):
"""
Chain 13: try an ilegal command
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
self.assertRaises(ValueError, filter.put_into_fgr, "-Y USERCHAIN")
def test_11_remove_predef_chain(self):
"""
Chain 11: try to remove a prefined chain
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
self.assertRaises(ValueError, filter.put_into_fgr, "-X INPUT")
def test_06_new_existing_chain_fails(self):
"""
Chain 06: create an exsiting chain should fail
"""
filter = Chains("filter", ["INPUT", "FORWARD", "OUTPUT"])
self.assertRaises(ValueError, filter.put_into_fgr, "-N INPUT")