def test_201_rule_basic(self):
"""Check action a basic rule"""
rule = {
"description": "description",
"ruleId": 1,
"enabled": True,
"conditions": [{
"type": "IP_PROTOCOL",
"op": "==",
"value": "tcp"
}],
"action": {
"type": "ACCEPT"
}
}
exp_str = nftables_util.rule_expression(rule, "inet", "forward",
"forward-filter")
print(exp_str)
rule_str = nftables_util.rule_cmd(rule, "inet", "forward",
"forward-filter")[0]
print(rule_str)
assert (
exp_str ==
"add rule inet forward forward-filter meta l4proto \"tcp\" accept")
assert (
rule_str ==
"add rule inet forward forward-filter meta l4proto \"tcp\" accept")
def test_200_rule_not_enabled(self):
"""Check that a rule that is not enabled returns None"""
rule = {
"description": "description",
"ruleId": 1,
"enabled": False,
"conditions": [{
"type": "IP_PROTOCOL",
"op": "==",
"value": "tcp"
}],
"action": {
"type": "ACCEPT"
}
}
rule_str = nftables_util.rule_cmd(rule, "inet", "forward", "forward-filter")
print(rule_str)
assert(rule_str == None)
def test_200_rule_not_enabled(self):
"""Check that a rule that is not enabled returns None"""
rule = {
"description": "description",
"ruleId": 1,
"enabled": False,
"conditions": [{
"type": "IP_PROTOCOL",
"op": "==",
"value": "tcp"
}],
"action": {
"type": "ACCEPT"
}
}
rule_str = nftables_util.rule_cmd(rule, "inet", "forward", "forward-filter")
print(rule_str)
assert(rule_str == None)
def test_201_rule_basic(self):
"""Check action a basic rule"""
rule = {
"description": "description",
"ruleId": 1,
"enabled": True,
"conditions": [{
"type": "IP_PROTOCOL",
"op": "==",
"value": "tcp"
}],
"action": {
"type": "ACCEPT"
}
}
exp_str = nftables_util.rule_expression(rule, "inet")
print(exp_str)
rule_str = nftables_util.rule_cmd(rule, "inet", "forward", "forward-filter")
print(rule_str)
assert(exp_str == "meta l4proto 'tcp' accept")
assert(rule_str == "nft add rule inet forward forward-filter meta l4proto 'tcp' accept")
