libvirt/tests/networkxml2firewalldata/isolated-linux.iptables

iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
--protocol tcp \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
--protocol udp \
--destination-port 67 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol tcp \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
iptables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWO \
--in-interface virbr0 \
--jump REJECT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWI \
--out-interface virbr0 \
--jump REJECT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_INP \
--in-interface virbr0 \
--protocol udp \
--destination-port 547 \
--jump ACCEPT
ip6tables \
-w \
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 546 \
--jump ACCEPT
iptables \
-w \
--table mangle \
--insert LIBVIRT_PRT \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump CHECKSUM \
--checksum-fill
network: add more firewall test cases This patch adds some previously missing test cases that test for proper firewall rule creation when the following are included in the network definition: * <forward dev='blah'> * no forward element (an "isolated" network) * nat port range when only ipv4 is nat-ed * nat port range when both ipv4 & ipv6 are nated Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Laine Stump <laine@redhat.com> 2024-06-21 12:17:58 +00:00			`iptables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_INP \`
			`--in-interface virbr0 \`
			`--protocol tcp \`
			`--destination-port 67 \`
			`--jump ACCEPT`
			`iptables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_INP \`
			`--in-interface virbr0 \`
			`--protocol udp \`
			`--destination-port 67 \`
			`--jump ACCEPT`
			`iptables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_OUT \`
			`--out-interface virbr0 \`
			`--protocol tcp \`
			`--destination-port 68 \`
			`--jump ACCEPT`
			`iptables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_OUT \`
			`--out-interface virbr0 \`
			`--protocol udp \`
			`--destination-port 68 \`
			`--jump ACCEPT`
			`iptables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_INP \`
			`--in-interface virbr0 \`
			`--protocol tcp \`
			`--destination-port 53 \`
			`--jump ACCEPT`
			`iptables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_INP \`
			`--in-interface virbr0 \`
			`--protocol udp \`
			`--destination-port 53 \`
			`--jump ACCEPT`
			`iptables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_OUT \`
			`--out-interface virbr0 \`
			`--protocol tcp \`
			`--destination-port 53 \`
			`--jump ACCEPT`
			`iptables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_OUT \`
			`--out-interface virbr0 \`
			`--protocol udp \`
			`--destination-port 53 \`
			`--jump ACCEPT`
			`iptables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_FWO \`
			`--in-interface virbr0 \`
			`--jump REJECT`
			`iptables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_FWI \`
			`--out-interface virbr0 \`
			`--jump REJECT`
			`iptables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_FWX \`
			`--in-interface virbr0 \`
			`--out-interface virbr0 \`
			`--jump ACCEPT`
			`ip6tables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_FWO \`
			`--in-interface virbr0 \`
			`--jump REJECT`
			`ip6tables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_FWI \`
			`--out-interface virbr0 \`
			`--jump REJECT`
			`ip6tables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_FWX \`
			`--in-interface virbr0 \`
			`--out-interface virbr0 \`
			`--jump ACCEPT`
			`ip6tables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_INP \`
			`--in-interface virbr0 \`
			`--protocol tcp \`
			`--destination-port 53 \`
			`--jump ACCEPT`
			`ip6tables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_INP \`
			`--in-interface virbr0 \`
			`--protocol udp \`
			`--destination-port 53 \`
			`--jump ACCEPT`
			`ip6tables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_OUT \`
			`--out-interface virbr0 \`
			`--protocol tcp \`
			`--destination-port 53 \`
			`--jump ACCEPT`
			`ip6tables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_OUT \`
			`--out-interface virbr0 \`
			`--protocol udp \`
			`--destination-port 53 \`
			`--jump ACCEPT`
			`ip6tables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_INP \`
			`--in-interface virbr0 \`
			`--protocol udp \`
			`--destination-port 547 \`
			`--jump ACCEPT`
			`ip6tables \`
			`-w \`
			`--table filter \`
			`--insert LIBVIRT_OUT \`
			`--out-interface virbr0 \`
			`--protocol udp \`
			`--destination-port 546 \`
			`--jump ACCEPT`
			`iptables \`
			`-w \`
			`--table mangle \`
			`--insert LIBVIRT_PRT \`
			`--out-interface virbr0 \`
			`--protocol udp \`
			`--destination-port 68 \`
			`--jump CHECKSUM \`
			`--checksum-fill`