def test_15_tables_printout(capsys):
"""
Tables 15: check table_printout as well
"""
tables = Tables(sys.stdout, 'reference-one')
tables.table_printout()
out, err = capsys.readouterr()
assert len(err) == 0
words = [
'*raw',
'*nat',
'*mangle',
'*filter',
'COMMIT',
'from:',
'INPUT',
'FORWARD',
'USER_CHAIN',
'192.0.2.5',
]
absents = [
'iptables',
'-t raw',
'-t mangle',
'udp',
]
for word in words:
assert word in out
for absent in absents:
assert absent not in out
def test_01_create_a_tables_object(self):
"""
Tables 01: create a Tables object, check chains
"""
self.assertIsInstance(Tables(dst, ""), Tables)
tables = Tables(dst, "")
expect = {
'filter': {
'FORWARD': [],
'INPUT': [],
'OUTPUT': []
},
'raw': {
'OUTPUT': [],
'PREROUTING': []
},
'mangle': {
'FORWARD': [],
'INPUT': [],
'POSTROUTING': [],
'PREROUTING': [],
'OUTPUT': []
},
'nat': {
'OUTPUT': [],
'PREROUTING': [],
'POSTROUTING': []
}
}
self.assertEquals(expect, tables.data)
def test_12_create_a_tables6_object(self):
"""
Tables 12: create an ipv6 Tables object, check chains
"""
self.assertIsInstance(Tables(dst, "", ipversion=6), Tables)
tables = Tables(dst, "", ipversion=6)
expect = {
'filter': {
'FORWARD': [],
'INPUT': [],
'OUTPUT': []
},
'raw': {
'OUTPUT': [],
'PREROUTING': []
},
'mangle': {
'FORWARD': [],
'INPUT': [],
'POSTROUTING': [],
'PREROUTING': [],
'OUTPUT': []
},
'nat': {
'OUTPUT': [],
'PREROUTING': [],
'POSTROUTING': []
}
}
self.assertEqual(expect, tables.data)
def test_02_nat_prerouting(self):
"""
Tables 02: nat PREROUTING entry
"""
tables = Tables(dst, "")
line = "iptables -t nat -A PREROUTING -s 10.0.0.0/21"
line = line + " -p tcp --dport 80 -j SNAT --to-source 192.168.1.15"
tables.put_into_tables(line)
expect = ['-A PREROUTING -s 10.0.0.0/21 -p tcp --dport 80 -j SNAT --to-source 192.168.1.15 ']
self.assertEqual(expect, tables.data["nat"]["PREROUTING"])
def test_04_raw_table(self):
"""
Tables 04: raw OUTPUT entry
"""
tables = Tables(dst, "")
line = "iptables -t raw -A OUTPUT"
line = line + " -p tcp --dport 80 -j ACCEPT"
tables.put_into_tables(line)
expect = ['-A OUTPUT -p tcp --dport 80 -j ACCEPT ']
self.assertEqual(expect, tables.data["raw"]["OUTPUT"])
def test_03_mangle_table(self):
"""
Tables 03: mangle INPUT entry
"""
tables = Tables(dst, "")
line = "iptables -t mangle -A INPUT"
line = line + " -p tcp --dport 80 -j ACCEPT"
tables.put_into_tables(line)
expect = ['-A INPUT -p tcp --dport 80 -j ACCEPT ']
self.assertEqual(expect, tables.data["mangle"]["INPUT"])
def test_04_raw_table(self):
"""
Tables 04: raw OUTPUT entry
"""
tables = Tables(dst, "")
line = "iptables -t raw -A OUTPUT"
line = line + " -p tcp --dport 80 -j ACCEPT"
tables.put_into_tables(line)
expect = ['-A OUTPUT -p tcp --dport 80 -j ACCEPT ']
self.assertEqual(expect, tables.data["raw"]["OUTPUT"])
def test_03_mangle_table(self):
"""
Tables 03: mangle INPUT entry
"""
tables = Tables(dst, "")
line = "iptables -t mangle -A INPUT"
line = line + " -p tcp --dport 80 -j ACCEPT"
tables.put_into_tables(line)
expect = ['-A INPUT -p tcp --dport 80 -j ACCEPT ']
self.assertEqual(expect, tables.data["mangle"]["INPUT"])
def test_02_nat_prerouting(self):
"""
Tables 02: nat PREROUTING entry
"""
tables = Tables(dst, "")
line = "iptables -t nat -A PREROUTING -s 10.0.0.0/21"
line = line + " -p tcp --dport 80 -j SNAT --to-source 192.168.1.15"
tables.put_into_tables(line)
expect = [
'-A PREROUTING -s 10.0.0.0/21 -p tcp --dport 80 -j SNAT --to-source 192.168.1.15 '
]
self.assertEqual(expect, tables.data["nat"]["PREROUTING"])
def test_15_tables_printout(capsys):
"""
Tables 15: check table_printout as well
"""
tables = Tables(sys.stdout, 'reference-one')
tables.table_printout()
out, err = capsys.readouterr()
assert len(err) == 0
words = ['*raw', '*nat', '*mangle', '*filter', 'COMMIT', 'from:',
'INPUT', 'FORWARD', 'USER_CHAIN', '192.0.2.5', ]
absents = ['iptables', '-t raw', '-t mangle', 'udp', ]
for word in words:
assert word in out
for absent in absents:
assert absent not in out
def test_14_re6ference_sloppy_one(self):
"""
Tables 14: read sloppy input file: re6ference-sloppy-one, check chains
"""
tables = Tables(dst, 're6ference-sloppy-one', sloppy=True, ipversion=6)
expect = {
'filter': {
'FORWARD': [],
'INPUT': ['-A INPUT -p tcp --dport 23 -j ACCEPT '],
'USER_CHAIN': ['-A USER_CHAIN -p icmp -j DROP '],
'OUTPUT': []
},
'raw': {
'OUTPUT': [],
'PREROUTING': []
},
'mangle': {
'FORWARD': [],
'INPUT': [],
'POSTROUTING': [],
'PREROUTING': [],
'OUTPUT': []
},
'nat': {
'OUTPUT': [],
'PREROUTING': [
'-A PREROUTING -d 2001:db8:feed::1/128 -p tcp --dport 443 -j DNAT --to-destination 2001:db8:feed::1:1500 '
],
'POSTROUTING': [
'-A POSTROUTING -s 2001:db8:dead::/64 -p tcp --dport 80 -j SNAT --to-source 2001:db8:feed::1 '
]
}
}
self.maxDiff = None
self.assertEqual(expect, tables.data)
def test_10_shell_functions(self):
"""
Tables 10: read buggy file with shell functions
"""
expect = "Line 6:"
with self.assertRaisesRegexp(ConverterError, expect):
Tables(dst, 'tests/data/test-debian-bug-no-748638')
def test_09_shell_variables(self):
"""
Tables 09: read buggy file with shell variables
"""
expect = "Line 8:"
with self.assertRaisesRegexp(ConverterError, expect):
Tables(dst, 'tests/data/test-shell-variables')
def test_08_reference_one(self):
"""
Tables 08: read default file: reference-one, check chains
"""
tables = Tables(dst)
expect = {
'filter': {
'FORWARD': [],
'INPUT': ['-A INPUT -p tcp --dport 23 -j ACCEPT '],
'USER_CHAIN': ['-A USER_CHAIN -p icmp -j DROP '],
'OUTPUT': []
},
'raw': {
'OUTPUT': [],
'PREROUTING': []
},
'mangle': {
'FORWARD': [],
'INPUT': [],
'POSTROUTING': [],
'PREROUTING': [],
'OUTPUT': []
},
'nat': {
'OUTPUT': [],
'POSTROUTING': [
'-A POSTROUTING -s 10.0.0.0/21 -p tcp --dport 80 -j SNAT --to-source 192.168.1.15 '
],
'PREROUTING': [
'-A PREROUTING -d 192.0.2.5/32 -p tcp --dport 443 -j DNAT --to-destination 10.0.0.5:1500 '
]
}
}
self.maxDiff = None
self.assertEqual(expect, tables.data)
def test_07_read_empty_file(self):
"""
Tables 07: read empty file (in relation to iptables-commands)
"""
filename = "MANIFEST.in"
tables = Tables(dst, filename)
expect = {
'filter': {
'FORWARD': [],
'INPUT': [],
'OUTPUT': []
},
'raw': {
'OUTPUT': [],
'PREROUTING': []
},
'mangle': {
'FORWARD': [],
'INPUT': [],
'POSTROUTING': [],
'PREROUTING': [],
'OUTPUT': []
},
'nat': {
'OUTPUT': [],
'PREROUTING': [],
'POSTROUTING': []
}
}
self.assertEqual(expect, tables.data)
def test_05_not_existing_chain(self):
"""
Tables 05: INPUT to not existing chain
"""
line = "iptables -t raw -A NONEXIST -p tcp --dport 80 -j ACCEPT"
with self.assertRaises(ConverterError):
Tables(dst, "").put_into_tables(line)
def test_11_reference_sloppy_one(self):
"""
Tables 11: read sloppy input file: reference-sloppy-one, check chains
"""
tables = Tables(dst, 'reference-sloppy-one', True)
expect = {
'filter': {
'FORWARD': [],
'INPUT': ['-A INPUT -p tcp --dport 23 -j ACCEPT '],
'USER_CHAIN': [
'-I USER_CHAIN -p icmp --icmp-type echo-request -j ACCEPT ',
'-A USER_CHAIN -p icmp --icmp-type echo-reply -j ACCEPT ',
'-A USER_CHAIN -p icmp -j DROP '
],
'OUTPUT': []
},
'raw': {
'OUTPUT': [],
'PREROUTING': []
},
'mangle': {
'FORWARD': [],
'INPUT': [],
'POSTROUTING': [],
'PREROUTING': [],
'OUTPUT': []
},
'nat': {
'OUTPUT': [],
'PREROUTING': [
'-A PREROUTING -d 192.0.2.5/32 -p tcp --dport 443 -j DNAT --to-destination 10.0.0.5:1500 '
],
'POSTROUTING': [
'-A POSTROUTING -s 10.0.0.0/21 -p tcp --dport 80 -j SNAT --to-source 192.168.1.15 '
]
}
}
self.maxDiff = None
self.assertEqual(expect, tables.data)
def test_06_read_not_existing_file(self):
"""
Tables 06: read non existing file
"""
with self.assertRaises(ConverterError):
Tables(dst, "not-exist-is-ok")