Sharp.Augeas/Sharp.Augeas.Test/lens/tests/test_lokkit.aug

module Test_lokkit =

let conf = "# Configuration file for system-config-firewall

--enabled
--port=111:tcp
-p 111:udp
-p 2020-2049:tcp
--port=5900-5910:tcp
--custom-rules=ipv4:filter:/var/lib/misc/iptables-forward-bridged
-s dns
--service=ssh
--trust=trust1
--masq=eth42
--block-icmp=5
-t trust0
--addmodule=fancy
--removemodule=broken
--forward-port=if=forw0:port=42:proto=tcp:toport=42:toaddr=192.168.0.42
--selinux=permissive
"

test Lokkit.lns get conf =
  { "#comment" = "Configuration file for system-config-firewall" }
  { }
  { "enabled" }
  { "port"
    { "start" = "111" }
    { "protocol" = "tcp" } }
  { "port"
    { "start" = "111" }
    { "protocol" = "udp" } }
  { "port"
    { "start" = "2020" }
    { "end" = "2049" }
    { "protocol" = "tcp" } }
  { "port"
    { "start" = "5900" }
    { "end" = "5910" }
    { "protocol" = "tcp" } }
  { "custom-rules" = "/var/lib/misc/iptables-forward-bridged"
    { "type" = "ipv4" }
    { "table" = "filter" } }
  { "service" = "dns" }
  { "service" = "ssh" }
  { "trust" = "trust1" }
  { "masq" = "eth42" }
  { "block-icmp" = "5" }
  { "trust" = "trust0" }
  { "addmodule" = "fancy" }
  { "removemodule" = "broken" }
  { "forward-port"
    { "if" = "forw0" }
    { "port" = "42" }
    { "proto" = "tcp" }
    { "toport" = "42" }
    { "toaddr" = "192.168.0.42" } }
  { "selinux" = "permissive" }

test Lokkit.custom_rules get
"--custom-rules=ipv4:filter:/some/file\n" =
  { "custom-rules" = "/some/file"
    { "type" = "ipv4" }
    { "table" = "filter" } }

test Lokkit.custom_rules get
"--custom-rules=filter:/some/file\n" =
  { "custom-rules" = "/some/file"
    { "table" = "filter" } }

test Lokkit.custom_rules get
"--custom-rules=ipv4:/some/file\n" =
  { "custom-rules" = "/some/file"
    { "type" = "ipv4" } }

test Lokkit.custom_rules get
"--custom-rules=/some/file\n" =
  { "custom-rules" = "/some/file" }

test Lokkit.lns get
"--trust=tun+\n--trust=eth0.42\n--trust=eth0:1\n" =
  { "trust" = "tun+" }
  { "trust" = "eth0.42" }
  { "trust" = "eth0:1" }

(* We didn't allow '-' in the service name *)
test Lokkit.lns get "--service=samba-client\n" =
  { "service" = "samba-client" }
Add tests 2022-11-08 20:57:02 +03:00			`module Test_lokkit =`

			`let conf = "# Configuration file for system-config-firewall`

			`--enabled`
			`--port=111:tcp`
			`-p 111:udp`
			`-p 2020-2049:tcp`
			`--port=5900-5910:tcp`
			`--custom-rules=ipv4:filter:/var/lib/misc/iptables-forward-bridged`
			`-s dns`
			`--service=ssh`
			`--trust=trust1`
			`--masq=eth42`
			`--block-icmp=5`
			`-t trust0`
			`--addmodule=fancy`
			`--removemodule=broken`
			`--forward-port=if=forw0:port=42:proto=tcp:toport=42:toaddr=192.168.0.42`
			`--selinux=permissive`
			`"`

			`test Lokkit.lns get conf =`
			`{ "#comment" = "Configuration file for system-config-firewall" }`
			`{ }`
			`{ "enabled" }`
			`{ "port"`
			`{ "start" = "111" }`
			`{ "protocol" = "tcp" } }`
			`{ "port"`
			`{ "start" = "111" }`
			`{ "protocol" = "udp" } }`
			`{ "port"`
			`{ "start" = "2020" }`
			`{ "end" = "2049" }`
			`{ "protocol" = "tcp" } }`
			`{ "port"`
			`{ "start" = "5900" }`
			`{ "end" = "5910" }`
			`{ "protocol" = "tcp" } }`
			`{ "custom-rules" = "/var/lib/misc/iptables-forward-bridged"`
			`{ "type" = "ipv4" }`
			`{ "table" = "filter" } }`
			`{ "service" = "dns" }`
			`{ "service" = "ssh" }`
			`{ "trust" = "trust1" }`
			`{ "masq" = "eth42" }`
			`{ "block-icmp" = "5" }`
			`{ "trust" = "trust0" }`
			`{ "addmodule" = "fancy" }`
			`{ "removemodule" = "broken" }`
			`{ "forward-port"`
			`{ "if" = "forw0" }`
			`{ "port" = "42" }`
			`{ "proto" = "tcp" }`
			`{ "toport" = "42" }`
			`{ "toaddr" = "192.168.0.42" } }`
			`{ "selinux" = "permissive" }`

			`test Lokkit.custom_rules get`
			`"--custom-rules=ipv4:filter:/some/file\n" =`
			`{ "custom-rules" = "/some/file"`
			`{ "type" = "ipv4" }`
			`{ "table" = "filter" } }`

			`test Lokkit.custom_rules get`
			`"--custom-rules=filter:/some/file\n" =`
			`{ "custom-rules" = "/some/file"`
			`{ "table" = "filter" } }`

			`test Lokkit.custom_rules get`
			`"--custom-rules=ipv4:/some/file\n" =`
			`{ "custom-rules" = "/some/file"`
			`{ "type" = "ipv4" } }`

			`test Lokkit.custom_rules get`
			`"--custom-rules=/some/file\n" =`
			`{ "custom-rules" = "/some/file" }`

			`test Lokkit.lns get`
			`"--trust=tun+\n--trust=eth0.42\n--trust=eth0:1\n" =`
			`{ "trust" = "tun+" }`
			`{ "trust" = "eth0.42" }`
			`{ "trust" = "eth0:1" }`

			`(* We didn't allow '-' in the service name *)`
			`test Lokkit.lns get "--service=samba-client\n" =`
			`{ "service" = "samba-client" }`