def test_ban(self):
''' Create a ban and remove it. '''
ban = IPTablesCommandBanEntry(BAN_IP)
ban.ban(interface=INTERFACE)
status, output = commands.getstatusoutput("/sbin/iptables -L -n")
self.assertEqual(status, 0,
msg="Failed to run iptables command: %s" % output)
self.assertIn(BAN_IP, output, msg="IP address not banned")
ban.unban(interface=INTERFACE)
status, output = commands.getstatusoutput("/sbin/iptables -L -n")
self.assertNotIn(BAN_IP, output, msg="IP address was not unbanned")
def test_whitelist_notwhitelisted(self):
''' Test the unwhitelisting of an IP to ensure it isn't whitelisted '''
lock = threading.Lock()
ban_fetcher = BanFetcher(BINDSTRING, INTERFACE, BAN_BACKEND,
["10.0.220.1", "10.0.222.1/24"], lock)
# An address that should be banned
self.assertTrue(ban_fetcher.subscription(
("swabber_bans", "10.0.220.2")),
msg="Unwhitelisted IP was whitelisted")
# clean up after ourselves
ban = IPTablesCommandBanEntry("10.0.220.2")
ban.unban(interface=INTERFACE)
def test_clean(self):
''' Test the cleaning of bans after a very short time window '''
ban_len = 1
ban = IPTablesCommandBanEntry(BAN_IP)
ban.ban(INTERFACE)
time.sleep(ban_len*2)
cleaner = BanCleaner(ban_len, BAN_BACKEND, threading.Lock(), INTERFACE)
cleaner.clean_bans(INTERFACE)
status, output = commands.getstatusoutput("/sbin/iptables -L -n")
self.assertEqual(status, 0,
msg="Failed to run iptables command: %s" % output)
self.assertNotIn(BAN_IP, output, msg="Ban was not reset by cleaner")
def test_clean(self):
''' Test the cleaning of bans after a very short time window '''
ban_len = 1
ban = IPTablesCommandBanEntry(BAN_IP)
ban.ban(INTERFACE)
time.sleep(ban_len * 2)
cleaner = BanCleaner(ban_len, BAN_BACKEND, threading.Lock(), INTERFACE)
cleaner.clean_bans(INTERFACE)
status, output = commands.getstatusoutput("/sbin/iptables -L -n")
self.assertEqual(status,
0,
msg="Failed to run iptables command: %s" % output)
self.assertNotIn(BAN_IP, output, msg="Ban was not reset by cleaner")
def test_whitelist_notwhitelisted(self):
''' Test the unwhitelisting of an IP to ensure it isn't whitelisted '''
lock = threading.Lock()
ban_fetcher = BanFetcher(BINDSTRING, INTERFACE,
BAN_BACKEND, ["10.0.220.1", "10.0.222.1/24"],
lock)
# An address that should be banned
self.assertTrue(
ban_fetcher.subscription(("swabber_bans", "10.0.220.2")),
msg="Unwhitelisted IP was whitelisted")
# clean up after ourselves
ban = IPTablesCommandBanEntry("10.0.220.2")
ban.unban(interface=INTERFACE)
def test_ban(self):
''' Create a ban and remove it. '''
ban = IPTablesCommandBanEntry(BAN_IP)
ban.ban(interface=INTERFACE)
status, output = commands.getstatusoutput("/sbin/iptables -L -n")
self.assertEqual(status,
0,
msg="Failed to run iptables command: %s" % output)
self.assertIn(BAN_IP, output, msg="IP address not banned")
ban.unban(interface=INTERFACE)
status, output = commands.getstatusoutput("/sbin/iptables -L -n")
self.assertNotIn(BAN_IP, output, msg="IP address was not unbanned")
