libvirt/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args

ip6tables -A FJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \
--state NEW,ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p ah --destination f:e:d::c:b:a/127 \
--source a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \
--state NEW,ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p ah --destination a:b:c::/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p ah --destination a:b:c::/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p ah --destination ::10.1.2.3/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p ah --destination ::10.1.2.3/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
Add a test suite for nwfilter ebiptables tech driver Create a nwfilterxml2firewalltest to exercise the ebiptables_driver.applyNewRules method with a variety of different XML input files. The XML input files are taken from the libvirt-tck nwfilter tests. While the nwfilter tests verify the final state of the iptables chains, this test verifies the set of commands invoked to create the chains. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> 2014-04-01 06:19:38 +00:00			`ip6tables -A FJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \`
			`--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \`
			`--state NEW,ESTABLISHED -j RETURN`
			`ip6tables -A FP-vnet0 -p ah --destination f:e:d::c:b:a/127 \`
			`--source a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state ESTABLISHED -j ACCEPT`
			`ip6tables -A HJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \`
			`--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \`
			`--state NEW,ESTABLISHED -j RETURN`
			`ip6tables -A FJ-vnet0 -p ah --destination a:b:c::/128 -m dscp --dscp 33 \`
			`-m state --state ESTABLISHED -j RETURN`
			`ip6tables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \`
			`--source a:b:c::/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT`
			`ip6tables -A HJ-vnet0 -p ah --destination a:b:c::/128 -m dscp --dscp 33 \`
			`-m state --state ESTABLISHED -j RETURN`
			`ip6tables -A FJ-vnet0 -p ah --destination ::10.1.2.3/128 -m dscp --dscp 33 \`
			`-m state --state ESTABLISHED -j RETURN`
			`ip6tables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \`
			`--source ::10.1.2.3/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT`
			`ip6tables -A HJ-vnet0 -p ah --destination ::10.1.2.3/128 -m dscp --dscp 33 \`
			`-m state --state ESTABLISHED -j RETURN`