libvirt/tests/nwfilterxml2firewalldata/target2-linux.args

iptables -A FP-vnet0 -p tcp --dport 22 -j ACCEPT
iptables -A FJ-vnet0 -p tcp --sport 22 -j RETURN
iptables -A HJ-vnet0 -p tcp --sport 22 -j RETURN
iptables -A FJ-vnet0 -p tcp --sport 80 -m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED \
-j ACCEPT
iptables -A HJ-vnet0 -p tcp --sport 80 -m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p tcp -j REJECT
iptables -A FP-vnet0 -p tcp -j REJECT
iptables -A HJ-vnet0 -p tcp -j REJECT
iptables -A FJ-vnet0 -p all -j DROP
iptables -A FP-vnet0 -p all -j DROP
iptables -A HJ-vnet0 -p all -j DROP
Add a test suite for nwfilter ebiptables tech driver Create a nwfilterxml2firewalltest to exercise the ebiptables_driver.applyNewRules method with a variety of different XML input files. The XML input files are taken from the libvirt-tck nwfilter tests. While the nwfilter tests verify the final state of the iptables chains, this test verifies the set of commands invoked to create the chains. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> 2014-04-01 06:19:38 +00:00			`iptables -A FP-vnet0 -p tcp --dport 22 -j ACCEPT`
			`iptables -A FJ-vnet0 -p tcp --sport 22 -j RETURN`
			`iptables -A HJ-vnet0 -p tcp --sport 22 -j RETURN`
			`iptables -A FJ-vnet0 -p tcp --sport 80 -m state --state ESTABLISHED -j RETURN`
			`iptables -A FP-vnet0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED \`
			`-j ACCEPT`
			`iptables -A HJ-vnet0 -p tcp --sport 80 -m state --state ESTABLISHED -j RETURN`
			`iptables -A FJ-vnet0 -p tcp -j REJECT`
			`iptables -A FP-vnet0 -p tcp -j REJECT`
			`iptables -A HJ-vnet0 -p tcp -j REJECT`
			`iptables -A FJ-vnet0 -p all -j DROP`
			`iptables -A FP-vnet0 -p all -j DROP`
			`iptables -A HJ-vnet0 -p all -j DROP`