def test_04_filter_output(self): """Filter_Test: check output for reference-input""" expect = """# Generated by iptables-optimpizer.py from: reference-input *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :IPSEC - [0:0] [110:1234] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 21 -j ACCEPT [9:10] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT [50:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 50 -j DROP [1630:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT [150:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 750 -j ACCEPT [43:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 43 -j ACCEPT [42:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 42 -j ACCEPT [41:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 41 -j ACCEPT [10:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 10 -j ACCEPT [9:10] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT [1:230] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 20 -j ACCEPT [50:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 50 -j DROP [280:2200] -A INPUT -i lo -j ACCEPT [70:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 70 -j ACCEPT [60:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 60 -j ACCEPT [1:2323] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 23 -j ACCEPT [380:3200] -A INPUT -j logdrop [381:3210] -A INPUT -j logdrob [382:3220] -A INPUT -j logdrp [3:30] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 24 -j DROP [32:1260] -A INPUT -i eth3 -j ACCEPT [3:260] -A INPUT -i eth2 -j ACCEPT [4:123] -A FORWARD -i eth3 -o eth3 -j ACCEPT [3:123] -A FORWARD -i eth2 -o eth2 -j ACCEPT [2:123] -A FORWARD -i eth1 -o eth1 -j ACCEPT [1:123] -A FORWARD -s 10.0.0.0/8 -d 192.168.216.0/24 -j ACCEPT [1:123] -A FORWARD -j IPSEC [200:0] -A OUTPUT -p tcp -m tcp --sport 20 --dport 1024:65535 -j ACCEPT [50:123] -A OUTPUT -p tcp -m tcp --sport 23 --dport 1024:65535 -j ACCEPT [20:20] -A OUTPUT -p tcp -m tcp --sport 21 --dport 1024:65535 -j ACCEPT [10:10] -A OUTPUT -o lo -j ACCEPT [80:123] -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT [50:123] -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT [11:1123] -A IPSEC -j ACCEPT COMMIT # Completed by iptables-optimizer.py from: reference-input """ f = Filter("filter", "reference-input") f.opti() result = f.show() self.assertEquals(expect, result)
def test_04_filter_output(self): """Filter_Test: check output for reference-input""" expect ="""# Generated by iptables-optimpizer.py from: reference-input *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :IPSEC - [0:0] [110:1234] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 21 -j ACCEPT [9:10] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT [50:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 50 -j DROP [1630:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT [150:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 750 -j ACCEPT [43:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 43 -j ACCEPT [42:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 42 -j ACCEPT [41:90] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 41 -j ACCEPT [10:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 10 -j ACCEPT [9:10] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 23 -j ACCEPT [1:230] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 20 -j ACCEPT [50:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 50 -j DROP [280:2200] -A INPUT -i lo -j ACCEPT [70:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 70 -j ACCEPT [60:2323] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 60 -j ACCEPT [1:2323] -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 23 -j ACCEPT [380:3200] -A INPUT -j logdrop [381:3210] -A INPUT -j logdrob [382:3220] -A INPUT -j logdrp [3:30] -A INPUT -p tcp -m tcp --sport 0:65535 --dport 24 -j DROP [32:1260] -A INPUT -i eth3 -j ACCEPT [3:260] -A INPUT -i eth2 -j ACCEPT [4:123] -A FORWARD -i eth3 -o eth3 -j ACCEPT [3:123] -A FORWARD -i eth2 -o eth2 -j ACCEPT [2:123] -A FORWARD -i eth1 -o eth1 -j ACCEPT [1:123] -A FORWARD -s 10.0.0.0/8 -d 192.168.216.0/24 -j ACCEPT [1:123] -A FORWARD -j IPSEC [200:0] -A OUTPUT -p tcp -m tcp --sport 20 --dport 1024:65535 -j ACCEPT [50:123] -A OUTPUT -p tcp -m tcp --sport 23 --dport 1024:65535 -j ACCEPT [20:20] -A OUTPUT -p tcp -m tcp --sport 21 --dport 1024:65535 -j ACCEPT [10:10] -A OUTPUT -o lo -j ACCEPT [80:123] -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT [50:123] -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT [11:1123] -A IPSEC -j ACCEPT COMMIT # Completed by iptables-optimizer.py from: reference-input """ f = Filter("filter", "reference-input") f.opti() result = f.show() self.assertEquals(expect, result)
def test_03_optimize_algorithm(self): """Filter_Test: optimize, check 30 moves and partitions""" f = Filter("filter", "reference-input") cnt, msg = f.opti() expect = """#chainname : moves partitions #INPUT : 18 [1, 2][3, 3][4, 11][12, 12][13, 16][17, 17][18, 19] #FORWARD : 6 [1, 4][5, 5] #OUTPUT : 6 [1, 4][5, 5][6, 6] #IPSEC : 0 [1, 1] """ self.assertEquals(30, cnt) print(msg) self.assertEquals(expect, msg)