External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-19 10:01:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

tests: redo test argv file line wrapping

Browse Source 
Back in

  commit bd6c46fa0cfe275c24debc1152cfc5206c04b59b
  Author: Juerg Haefliger <juerg.haefliger@hp.com>
  Date:   Mon Jan 31 06:42:57 2011 -0500

    tests: handle backspace-newline pairs in test input files

all the test argv files were line wrapped so that the args
were less than 80 characters.

The way the line wrapping was done turns out to be quite
undesirable, because it often leaves multiple parameters
on the same line. If we later need to add or remove
individual parameters, then it leaves us having to redo
line wrapping.

This commit changes the line wrapping so that every
single "-param value" is one its own new line. If the
"value" is still too long, then we break on ',' or ':'
or ' ' as needed.

This means that when we come to add / remove parameters
from the test files line, the patch diffs will only
ever show a single line added/removed which will greatly
simplify review work.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2015-11-06 13:20:06 +00:00
parent edc88e2084
commit 8afd34f2d8
531 changed files with 15361 additions and 3944 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
cfg.mk
View File

@ -1068,7 +1068,7 @@ _autogen:
# regenerate HACKING as part of the syntax-check
ifneq ($(_gl-Makefile),)
syntax-check: $(top_srcdir)/HACKING bracket-spacing-check
syntax-check: $(top_srcdir)/HACKING bracket-spacing-check test-wrap-argv
endif
bracket-spacing-check:
@ -1077,6 +1077,20 @@ bracket-spacing-check:
{ echo '$(ME): incorrect formatting, see HACKING for rules' 1>&2; \
exit 1; }
test-wrap-argv:
$(AM_V_GEN)files=`$(VC_LIST) | grep -E '\.(ldargs|args)'`; \
for file in $$files ; \
do \
$(PERL) $(top_srcdir)/tests/test-wrap-argv.pl $$file > $${file}-t ; \
diff $$file $${file}-t; \
res=$$? ; \
rm $${file}-t ; \
test $$res == 0 || { \
echo "$(ME): Incorrect line wrapping in $$file." 1>&2; \
echo "$(ME): Use test-wrap-argv.pl to wrap test data files" 1>&2; \
exit 1; } \
done
# sc_po_check can fail if generated files are not built first
sc_po_check: \
$(srcdir)/daemon/remote_dispatch.h \

10
tests/bhyvexml2argvdata/bhyvexml2argv-acpiapic.args
View File

@ -1,3 +1,11 @@
/usr/sbin/bhyve -c 1 -m 214 -A -I -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-A \
-I \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd.img bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-acpiapic.ldargs
View File

@ -1 +1,3 @@
/usr/sbin/bhyveload -m 214 -d /tmp/freebsd.img bhyve
/usr/sbin/bhyveload \
-m 214 \
-d /tmp/freebsd.img bhyve

8
tests/bhyvexml2argvdata/bhyvexml2argv-base.args
View File

@ -1,3 +1,9 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd.img bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-base.ldargs
View File

@ -1 +1,3 @@
/usr/sbin/bhyveload -m 214 -d /tmp/freebsd.img bhyve
/usr/sbin/bhyveload \
-m 214 \
-d /tmp/freebsd.img bhyve

8
tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-explicitargs.args
View File

@ -1,3 +1,9 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd.img bhyve

5
tests/bhyvexml2argvdata/bhyvexml2argv-bhyveload-explicitargs.ldargs
View File

@ -1 +1,4 @@
/usr/sbin/bhyveload -X -Y -Z
/usr/sbin/bhyveload \
-X \
-Y \
-Z

11
tests/bhyvexml2argvdata/bhyvexml2argv-console.args
View File

@ -1,4 +1,11 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd.img \
-s 1,lpc -l com1,/dev/nmdm0A bhyve
-s 1,lpc \
-l com1,/dev/nmdm0A bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-console.ldargs
View File

@ -1 +1,3 @@
/usr/sbin/bhyveload -m 214 -d /tmp/freebsd.img bhyve
/usr/sbin/bhyveload \
-m 214 \
-d /tmp/freebsd.img bhyve

8
tests/bhyvexml2argvdata/bhyvexml2argv-custom-loader.args
View File

@ -1,3 +1,9 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd.img bhyve

5
tests/bhyvexml2argvdata/bhyvexml2argv-custom-loader.ldargs
View File

@ -1 +1,4 @@
/fizz_buzz_bazz -X -Y -Z
/fizz_buzz_bazz \
-X \
-Y \
-Z

8
tests/bhyvexml2argvdata/bhyvexml2argv-disk-cdrom-grub.args
View File

@ -1,3 +1,9 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-cd,/tmp/cdrom.iso bhyve

6
tests/bhyvexml2argvdata/bhyvexml2argv-disk-cdrom-grub.ldargs
View File

@ -1,2 +1,4 @@
/usr/local/sbin/grub-bhyve --root cd --device-map '<device.map>' --memory 214 \
bhyve
/usr/local/sbin/grub-bhyve \
--root cd \
--device-map '<device.map>' \
--memory 214 bhyve

8
tests/bhyvexml2argvdata/bhyvexml2argv-disk-cdrom.args
View File

@ -1,3 +1,9 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-cd,/tmp/cdrom.iso bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-disk-cdrom.ldargs
View File

@ -1 +1,3 @@
/usr/sbin/bhyveload -m 214 -d /tmp/cdrom.iso bhyve
/usr/sbin/bhyveload \
-m 214 \
-d /tmp/cdrom.iso bhyve

8
tests/bhyvexml2argvdata/bhyvexml2argv-disk-virtio.args
View File

@ -1,3 +1,9 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,virtio-blk,/tmp/freebsd.img bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-disk-virtio.ldargs
View File

@ -1 +1,3 @@
/usr/sbin/bhyveload -m 214 -d /tmp/freebsd.img bhyve
/usr/sbin/bhyveload \
-m 214 \
-d /tmp/freebsd.img bhyve

11
tests/bhyvexml2argvdata/bhyvexml2argv-grub-bootorder.args
View File

@ -1,6 +1,11 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd1.img \
-s 2:0,ahci-hd,/tmp/freebsd2.img \
-s 2:0,ahci-hd,/tmp/freebsd3.img \
bhyve
-s 2:0,ahci-hd,/tmp/freebsd3.img bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-grub-bootorder.ldargs
View File

@ -1,2 +1,4 @@
/usr/local/sbin/grub-bhyve --root hd0,msdos1 --device-map '<device.map>' \
/usr/local/sbin/grub-bhyve \
--root hd0,msdos1 \
--device-map '<device.map>' \
--memory 214 bhyve

11
tests/bhyvexml2argvdata/bhyvexml2argv-grub-bootorder2.args
View File

@ -1,6 +1,11 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd1.img \
-s 2:0,ahci-hd,/tmp/freebsd2.img \
-s 2:0,ahci-hd,/tmp/freebsd3.img \
bhyve
-s 2:0,ahci-hd,/tmp/freebsd3.img bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-grub-bootorder2.ldargs
View File

@ -1,2 +1,4 @@
/usr/local/sbin/grub-bhyve --root hd0,msdos1 --device-map '<device.map>' \
/usr/local/sbin/grub-bhyve \
--root hd0,msdos1 \
--device-map '<device.map>' \
--memory 214 bhyve

8
tests/bhyvexml2argvdata/bhyvexml2argv-grub-defaults.args
View File

@ -1,3 +1,9 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd.img bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-grub-defaults.ldargs
View File

@ -1,2 +1,4 @@
/usr/local/sbin/grub-bhyve --root hd0,msdos1 --device-map '<device.map>' \
/usr/local/sbin/grub-bhyve \
--root hd0,msdos1 \
--device-map '<device.map>' \
--memory 214 bhyve

7
tests/bhyvexml2argvdata/bhyvexml2argv-localtime.args
View File

@ -1,3 +1,8 @@
/usr/sbin/bhyve -c 1 -m 214 -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd.img bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-localtime.ldargs
View File

@ -1 +1,3 @@
/usr/sbin/bhyveload -m 214 -d /tmp/freebsd.img bhyve
/usr/sbin/bhyveload \
-m 214 \
-d /tmp/freebsd.img bhyve

8
tests/bhyvexml2argvdata/bhyvexml2argv-macaddr.args
View File

@ -1,3 +1,9 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:22:ee:11 \
-s 2:0,ahci-hd,/tmp/freebsd.img bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-macaddr.ldargs
View File

@ -1 +1,3 @@
/usr/sbin/bhyveload -m 214 -d /tmp/freebsd.img bhyve
/usr/sbin/bhyveload \
-m 214 \
-d /tmp/freebsd.img bhyve

11
tests/bhyvexml2argvdata/bhyvexml2argv-serial-grub-nocons.args
View File

@ -1,4 +1,11 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd.img \
-s 1,lpc -l com1,/dev/nmdm0A bhyve
-s 1,lpc \
-l com1,/dev/nmdm0A bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-serial-grub-nocons.ldargs
View File

@ -1,2 +1,4 @@
/usr/local/sbin/grub-bhyve --root hd0,msdos1 --device-map '<device.map>' \
/usr/local/sbin/grub-bhyve \
--root hd0,msdos1 \
--device-map '<device.map>' \
--memory 214 bhyve

11
tests/bhyvexml2argvdata/bhyvexml2argv-serial-grub.args
View File

@ -1,4 +1,11 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd.img \
-s 1,lpc -l com1,/dev/nmdm0A bhyve
-s 1,lpc \
-l com1,/dev/nmdm0A bhyve

7
tests/bhyvexml2argvdata/bhyvexml2argv-serial-grub.ldargs
View File

@ -1,2 +1,5 @@
/usr/local/sbin/grub-bhyve --root hd0,msdos1 --device-map '<device.map>' \
--memory 214 --cons-dev /dev/nmdm0A bhyve
/usr/local/sbin/grub-bhyve \
--root hd0,msdos1 \
--device-map '<device.map>' \
--memory 214 \
--cons-dev /dev/nmdm0A bhyve

11
tests/bhyvexml2argvdata/bhyvexml2argv-serial.args
View File

@ -1,4 +1,11 @@
/usr/sbin/bhyve -c 1 -m 214 -u -H -P -s 0:0,hostbridge \
/usr/sbin/bhyve \
-c 1 \
-m 214 \
-u \
-H \
-P \
-s 0:0,hostbridge \
-s 3:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \
-s 2:0,ahci-hd,/tmp/freebsd.img \
-s 1,lpc -l com1,/dev/nmdm0A bhyve
-s 1,lpc \
-l com1,/dev/nmdm0A bhyve

4
tests/bhyvexml2argvdata/bhyvexml2argv-serial.ldargs
View File

@ -1 +1,3 @@
/usr/sbin/bhyveload -m 214 -d /tmp/freebsd.img bhyve
/usr/sbin/bhyveload \
-m 214 \
-d /tmp/freebsd.img bhyve

137
tests/networkxml2firewalldata/nat-default-linux.args
View File

@ -1,30 +1,107 @@
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
--destination-port 68 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --in-interface virbr0 \
--out-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
--in-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 --jump MASQUERADE
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
--destination 255.255.255.255/32 --jump RETURN
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
--destination 224.0.0.0/24 --jump RETURN
iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert OUTPUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--out-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--destination 192.168.122.0/24 \
--out-interface virbr0 \
--match conntrack \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
-p udp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
-p tcp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
--table mangle \
--insert POSTROUTING \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump CHECKSUM \
--checksum-fill

200
tests/networkxml2firewalldata/nat-ipv6-linux.args
View File

@ -1,44 +1,156 @@
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
--destination-port 68 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --in-interface virbr0 \
--out-interface virbr0 --jump ACCEPT
ip6tables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
ip6tables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
ip6tables --table filter --insert FORWARD --in-interface virbr0 \
--out-interface virbr0 --jump ACCEPT
ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 53 --jump ACCEPT
ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 53 --jump ACCEPT
ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 547 --jump ACCEPT
iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
--in-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 --jump MASQUERADE
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
--destination 255.255.255.255/32 --jump RETURN
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
--destination 224.0.0.0/24 --jump RETURN
ip6tables --table filter --insert FORWARD --source 2001:db8:ca2:2::/64 \
--in-interface virbr0 --jump ACCEPT
ip6tables --table filter --insert FORWARD --destination 2001:db8:ca2:2::/64 \
--out-interface virbr0 --jump ACCEPT
iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert OUTPUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--out-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--jump REJECT
ip6tables \
--table filter \
--insert FORWARD \
--out-interface virbr0 \
--jump REJECT
ip6tables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 547 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--destination 192.168.122.0/24 \
--out-interface virbr0 \
--match conntrack \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
-p udp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
-p tcp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
ip6tables \
--table filter \
--insert FORWARD \
--source 2001:db8:ca2:2::/64 \
--in-interface virbr0 \
--jump ACCEPT
ip6tables \
--table filter \
--insert FORWARD \
--destination 2001:db8:ca2:2::/64 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
--table mangle \
--insert POSTROUTING \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump CHECKSUM \
--checksum-fill

261
tests/networkxml2firewalldata/nat-many-ips-linux.args
View File

@ -1,58 +1,203 @@
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
--destination-port 68 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --in-interface virbr0 \
--out-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
--in-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 --jump MASQUERADE
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
--destination 255.255.255.255/32 --jump RETURN
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
--destination 224.0.0.0/24 --jump RETURN
iptables --table filter --insert FORWARD --source 192.168.128.0/24 \
--in-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --destination 192.168.128.0/24 \
--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 '!' \
--destination 192.168.128.0/24 --jump MASQUERADE
iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
-p udp '!' --destination 192.168.128.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
-p tcp '!' --destination 192.168.128.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
--destination 255.255.255.255/32 --jump RETURN
iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
--destination 224.0.0.0/24 --jump RETURN
iptables --table filter --insert FORWARD --source 192.168.150.0/24 \
--in-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --destination 192.168.150.0/24 \
--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 '!' \
--destination 192.168.150.0/24 --jump MASQUERADE
iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
-p udp '!' --destination 192.168.150.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
-p tcp '!' --destination 192.168.150.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
--destination 255.255.255.255/32 --jump RETURN
iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
--destination 224.0.0.0/24 --jump RETURN
iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert OUTPUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--out-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--destination 192.168.122.0/24 \
--out-interface virbr0 \
--match conntrack \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
-p udp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
-p tcp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
--table filter \
--insert FORWARD \
--source 192.168.128.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--destination 192.168.128.0/24 \
--out-interface virbr0 \
--match conntrack \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.128.0/24 '!' \
--destination 192.168.128.0/24 \
--jump MASQUERADE
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.128.0/24 \
-p udp '!' \
--destination 192.168.128.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.128.0/24 \
-p tcp '!' \
--destination 192.168.128.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.128.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.128.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
--table filter \
--insert FORWARD \
--source 192.168.150.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--destination 192.168.150.0/24 \
--out-interface virbr0 \
--match conntrack \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.150.0/24 '!' \
--destination 192.168.150.0/24 \
--jump MASQUERADE
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.150.0/24 \
-p udp '!' \
--destination 192.168.150.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.150.0/24 \
-p tcp '!' \
--destination 192.168.150.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.150.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.150.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
--table mangle \
--insert POSTROUTING \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump CHECKSUM \
--checksum-fill

190
tests/networkxml2firewalldata/nat-no-dhcp-linux.args
View File

@ -1,42 +1,148 @@
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
--destination-port 68 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --in-interface virbr0 \
--out-interface virbr0 --jump ACCEPT
ip6tables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
ip6tables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
ip6tables --table filter --insert FORWARD --in-interface virbr0 \
--out-interface virbr0 --jump ACCEPT
ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 53 --jump ACCEPT
ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 53 --jump ACCEPT
ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 547 --jump ACCEPT
iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
--in-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 --jump MASQUERADE
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
--destination 255.255.255.255/32 --jump RETURN
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
--destination 224.0.0.0/24 --jump RETURN
ip6tables --table filter --insert FORWARD --source 2001:db8:ca2:2::/64 \
--in-interface virbr0 --jump ACCEPT
ip6tables --table filter --insert FORWARD --destination 2001:db8:ca2:2::/64 \
--out-interface virbr0 --jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert OUTPUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--out-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--jump REJECT
ip6tables \
--table filter \
--insert FORWARD \
--out-interface virbr0 \
--jump REJECT
ip6tables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 547 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--destination 192.168.122.0/24 \
--out-interface virbr0 \
--match conntrack \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
-p udp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
-p tcp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
ip6tables \
--table filter \
--insert FORWARD \
--source 2001:db8:ca2:2::/64 \
--in-interface virbr0 \
--jump ACCEPT
ip6tables \
--table filter \
--insert FORWARD \
--destination 2001:db8:ca2:2::/64 \
--out-interface virbr0 \
--jump ACCEPT

146
tests/networkxml2firewalldata/nat-tftp-linux.args
View File

@ -1,32 +1,114 @@
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
--destination-port 68 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 69 --jump ACCEPT
iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --in-interface virbr0 \
--out-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
--in-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 --jump MASQUERADE
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
--destination 255.255.255.255/32 --jump RETURN
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
--destination 224.0.0.0/24 --jump RETURN
iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert OUTPUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 69 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--out-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--destination 192.168.122.0/24 \
--out-interface virbr0 \
--match conntrack \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
-p udp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
-p tcp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
--table nat \
--insert POSTROUTING \
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
iptables \
--table mangle \
--insert POSTROUTING \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump CHECKSUM \
--checksum-fill

91
tests/networkxml2firewalldata/route-default-linux.args
View File

@ -1,20 +1,71 @@
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 67 --jump ACCEPT
iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
--destination-port 68 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
--destination-port 53 --jump ACCEPT
iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
iptables --table filter --insert FORWARD --in-interface virbr0 \
--out-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
--in-interface virbr0 --jump ACCEPT
iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
--out-interface virbr0 --jump ACCEPT
iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 67 \
--jump ACCEPT
iptables \
--table filter \
--insert OUTPUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert INPUT \
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--out-interface virbr0 \
--jump REJECT
iptables \
--table filter \
--insert FORWARD \
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
--table filter \
--insert FORWARD \
--destination 192.168.122.0/24 \
--out-interface virbr0 \
--jump ACCEPT
iptables \
--table mangle \
--insert POSTROUTING \
--out-interface virbr0 \
--protocol udp \
--destination-port 68 \
--jump CHECKSUM \
--checksum-fill

112
tests/nwfilterxml2firewalldata/ah-ipv6-linux.args
View File

@ -1,20 +1,92 @@
ip6tables -A FJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \
--state NEW,ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p ah --destination f:e:d::c:b:a/127 \
--source a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \
--state NEW,ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p ah --destination a:b:c::/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p ah --destination a:b:c::/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p ah --destination ::10.1.2.3/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p ah --destination ::10.1.2.3/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables \
-A FJ-vnet0 \
-p ah \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p ah \
--destination f:e:d::c:b:a/127 \
--source a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p ah \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p ah \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p ah \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p ah \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p ah \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p ah \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p ah \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN

107
tests/nwfilterxml2firewalldata/ah-linux.args
View File

@ -1,18 +1,89 @@
iptables -A FJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p ah --source 10.1.2.3/32 -m dscp --dscp 2 -m state \
--state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p ah --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p ah --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p ah --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p ah --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables \
-A FJ-vnet0 \
-p ah \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p ah \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p ah \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p ah \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p ah \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p ah \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p ah \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p ah \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p ah \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN

112
tests/nwfilterxml2firewalldata/all-ipv6-linux.args
View File

@ -1,20 +1,92 @@
ip6tables -A FJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \
--state NEW,ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p all --destination f:e:d::c:b:a/127 \
--source a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \
--state NEW,ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p all --destination a:b:c::/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p all --destination a:b:c::/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p all --destination ::10.1.2.3/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p all --destination ::10.1.2.3/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables \
-A FJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p all \
--destination f:e:d::c:b:a/127 \
--source a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p all \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p all \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p all \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p all \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN

107
tests/nwfilterxml2firewalldata/all-linux.args
View File

@ -1,18 +1,89 @@
iptables -A FJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p all --source 10.1.2.3/32 -m dscp --dscp 2 -m state \
--state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN

54
tests/nwfilterxml2firewalldata/arp-linux.args
View File

@ -1,11 +1,45 @@
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x806 --arp-htype 12 --arp-opcode 1 \
--arp-ptype 0x22 --arp-mac-src 01:02:03:04:05:06 --arp-mac-dst 0a:0b:0c:0d:0e:0f \
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x806 \
--arp-htype 12 \
--arp-opcode 1 \
--arp-ptype 0x22 \
--arp-mac-src 01:02:03:04:05:06 \
--arp-mac-dst 0a:0b:0c:0d:0e:0f \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
--arp-htype 255 \
--arp-opcode 1 \
--arp-ptype 0xff \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
--arp-htype 256 \
--arp-opcode 11 \
--arp-ptype 0x100 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
--arp-htype 65535 \
--arp-opcode 65535 \
--arp-ptype 0xffff \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-p 0x806 \
--arp-gratuitous \
-j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 --arp-htype 255 --arp-opcode 1 --arp-ptype 0xff -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 --arp-htype 256 --arp-opcode 11 --arp-ptype 0x100 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 --arp-htype 65535 --arp-opcode 65535 --arp-ptype 0xffff -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -p 0x806 --arp-gratuitous -j ACCEPT

248
tests/nwfilterxml2firewalldata/comment-linux.args
View File

@ -1,49 +1,201 @@
ebtables -t nat -A libvirt-P-vnet0 -p 0x1234 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p ipv4 --ip-source 10.1.2.3/32 \
--ip-destination 10.1.2.3/32 --ip-protocol 17 --ip-source-port 291:564 \
--ip-destination-port 13398:17767 --ip-tos 0x32 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:80 -p ipv6 --ip6-source ::10.1.2.3/22 \
--ip6-destination ::10.1.2.3/113 --ip6-protocol 6 --ip6-source-port 273:400 \
--ip6-destination-port 13107:65535 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x806 --arp-htype 18 --arp-opcode 1 \
--arp-ptype 0x56 --arp-mac-src 01:02:03:04:05:06 --arp-mac-dst 0a:0b:0c:0d:0e:0f \
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-p 0x1234 \
-j ACCEPT
iptables -A FJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 34 --sport 291:400 --dport 564:1092 -m state \
--state NEW,ESTABLISHED -m comment --comment 'udp rule' -j RETURN
iptables -A FP-vnet0 -p udp --source 10.1.2.3/32 -m dscp --dscp 34 \
--dport 291:400 --sport 564:1092 -m state --state ESTABLISHED -m comment \
--comment 'udp rule' -j ACCEPT
iptables -A HJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 34 --sport 291:400 --dport 564:1092 -m state \
--state NEW,ESTABLISHED -m comment --comment 'udp rule' -j RETURN
ip6tables -A FJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 57 \
--dport 32:33 --sport 256:4369 -m state --state ESTABLISHED -m comment \
--comment 'tcp/ipv6 rule' -j RETURN
ip6tables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 -m dscp --dscp 57 --sport 32:33 --dport 256:4369 -m state \
--state NEW,ESTABLISHED -m comment --comment 'tcp/ipv6 rule' -j ACCEPT
ip6tables -A HJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 57 \
--dport 32:33 --sport 256:4369 -m state --state ESTABLISHED -m comment \
--comment 'tcp/ipv6 rule' -j RETURN
ip6tables -A FJ-vnet0 -p udp -m state --state ESTABLISHED -m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' -j RETURN
ip6tables -A FP-vnet0 -p udp -m state --state NEW,ESTABLISHED -m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' -j ACCEPT
ip6tables -A HJ-vnet0 -p udp -m state --state ESTABLISHED -m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' -j RETURN
ip6tables -A FJ-vnet0 -p sctp -m state --state ESTABLISHED -m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' -j RETURN
ip6tables -A FP-vnet0 -p sctp -m state --state NEW,ESTABLISHED -m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' -j ACCEPT
ip6tables -A HJ-vnet0 -p sctp -m state --state ESTABLISHED -m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' -j RETURN
ip6tables -A FJ-vnet0 -p ah -m state --state ESTABLISHED -m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' -j RETURN
ip6tables -A FP-vnet0 -p ah -m state --state NEW,ESTABLISHED -m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' -j ACCEPT
ip6tables -A HJ-vnet0 -p ah -m state --state ESTABLISHED -m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' -j RETURN
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p ipv4 \
--ip-source 10.1.2.3/32 \
--ip-destination 10.1.2.3/32 \
--ip-protocol 17 \
--ip-source-port 291:564 \
--ip-destination-port 13398:17767 \
--ip-tos 0x32 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:80 \
-p ipv6 \
--ip6-source ::10.1.2.3/22 \
--ip6-destination ::10.1.2.3/113 \
--ip6-protocol 6 \
--ip6-source-port 273:400 \
--ip6-destination-port 13107:65535 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x806 \
--arp-htype 18 \
--arp-opcode 1 \
--arp-ptype 0x56 \
--arp-mac-src 01:02:03:04:05:06 \
--arp-mac-dst 0a:0b:0c:0d:0e:0f \
-j ACCEPT
iptables \
-A FJ-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 34 \
--sport 291:400 \
--dport 564:1092 \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment 'udp rule' \
-j RETURN
iptables \
-A FP-vnet0 \
-p udp \
--source 10.1.2.3/32 \
-m dscp \
--dscp 34 \
--dport 291:400 \
--sport 564:1092 \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'udp rule' \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 34 \
--sport 291:400 \
--dport 564:1092 \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment 'udp rule' \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
-m dscp \
--dscp 57 \
--dport 32:33 \
--sport 256:4369 \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'tcp/ipv6 rule' \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 \
-m dscp \
--dscp 57 \
--sport 32:33 \
--dport 256:4369 \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment 'tcp/ipv6 rule' \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
-m dscp \
--dscp 57 \
--dport 32:33 \
--sport 256:4369 \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'tcp/ipv6 rule' \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p udp \
-m state \
--state ESTABLISHED \
-m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p udp \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p udp \
-m state \
--state ESTABLISHED \
-m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p sctp \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p sctp \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p sctp \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p ah \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm \
-f ${tmp}' \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p ah \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm \
-f ${tmp}' \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p ah \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm \
-f ${tmp}' \
-j RETURN

49
tests/nwfilterxml2firewalldata/conntrack-linux.args
View File

@ -1,7 +1,42 @@
iptables -A FJ-vnet0 -p icmp -m connlimit --connlimit-above 1 -j DROP
iptables -A HJ-vnet0 -p icmp -m connlimit --connlimit-above 1 -j DROP
iptables -A FJ-vnet0 -p tcp -m connlimit --connlimit-above 2 -j DROP
iptables -A HJ-vnet0 -p tcp -m connlimit --connlimit-above 2 -j DROP
iptables -A FJ-vnet0 -p all -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p all -m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p all -m state --state NEW,ESTABLISHED -j RETURN
iptables \
-A FJ-vnet0 \
-p icmp \
-m connlimit \
--connlimit-above 1 \
-j DROP
iptables \
-A HJ-vnet0 \
-p icmp \
-m connlimit \
--connlimit-above 1 \
-j DROP
iptables \
-A FJ-vnet0 \
-p tcp \
-m connlimit \
--connlimit-above 2 \
-j DROP
iptables \
-A HJ-vnet0 \
-p tcp \
-m connlimit \
--connlimit-above 2 \
-j DROP
iptables \
-A FJ-vnet0 \
-p all \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m state \
--state NEW,ESTABLISHED \
-j RETURN

112
tests/nwfilterxml2firewalldata/esp-ipv6-linux.args
View File

@ -1,20 +1,92 @@
ip6tables -A FJ-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \
--state NEW,ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p esp --destination f:e:d::c:b:a/127 \
--source a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \
--state NEW,ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p esp --destination a:b:c::/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p esp --destination a:b:c::/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p esp --destination ::10.1.2.3/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p esp --destination ::10.1.2.3/128 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
ip6tables \
-A FJ-vnet0 \
-p esp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p esp \
--destination f:e:d::c:b:a/127 \
--source a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p esp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p esp \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p esp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p esp \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p esp \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p esp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p esp \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN

107
tests/nwfilterxml2firewalldata/esp-linux.args
View File

@ -1,18 +1,89 @@
iptables -A FJ-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p esp --source 10.1.2.3/32 -m dscp --dscp 2 -m state \
--state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p esp --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p esp --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p esp --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p esp --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables \
-A FJ-vnet0 \
-p esp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p esp \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p esp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p esp \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p esp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p esp \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p esp \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p esp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p esp \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN

80
tests/nwfilterxml2firewalldata/example-1-linux.args
View File

@ -1,13 +1,69 @@
iptables -A FJ-vnet0 -p tcp --sport 22 -m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED \
iptables \
-A FJ-vnet0 \
-p tcp \
--sport 22 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p tcp \
--dport 22 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables -A HJ-vnet0 -p tcp --sport 22 -m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p icmp -m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p icmp -m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p all -m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p all -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p all -m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p all -j DROP
iptables -A FP-vnet0 -p all -j DROP
iptables -A HJ-vnet0 -p all -j DROP
iptables \
-A HJ-vnet0 \
-p tcp \
--sport 22 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p icmp \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p icmp \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p icmp \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-j DROP
iptables \
-A FP-vnet0 \
-p all \
-j DROP
iptables \
-A HJ-vnet0 \
-p all \
-j DROP

97
tests/nwfilterxml2firewalldata/example-2-linux.args
View File

@ -1,20 +1,77 @@
iptables -A FJ-vnet0 -p all -m state --state ESTABLISHED,RELATED -m comment \
--comment 'out: existing and related (ftp) connections' -j RETURN
iptables -A HJ-vnet0 -p all -m state --state ESTABLISHED,RELATED -m comment \
--comment 'out: existing and related (ftp) connections' -j RETURN
iptables -A FP-vnet0 -p all -m state --state ESTABLISHED -m comment \
--comment 'in: existing connections' -j ACCEPT
iptables -A FP-vnet0 -p tcp --dport 21:22 -m state --state NEW -m comment \
--comment 'in: ftp and ssh' -j ACCEPT
iptables -A FP-vnet0 -p icmp -m state --state NEW -m comment \
--comment 'in: icmp' -j ACCEPT
iptables -A FJ-vnet0 -p udp --dport 53 -m state --state NEW -m comment \
--comment 'out: DNS lookups' -j RETURN
iptables -A HJ-vnet0 -p udp --dport 53 -m state --state NEW -m comment \
--comment 'out: DNS lookups' -j RETURN
iptables -A FJ-vnet0 -p all -m comment \
--comment 'inout: drop all non-accepted traffic' -j DROP
iptables -A FP-vnet0 -p all -m comment \
--comment 'inout: drop all non-accepted traffic' -j DROP
iptables -A HJ-vnet0 -p all -m comment \
--comment 'inout: drop all non-accepted traffic' -j DROP
iptables \
-A FJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED,RELATED \
-m comment \
--comment 'out: existing and related (ftp) connections' \
-j RETURN
iptables \
-A HJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED,RELATED \
-m comment \
--comment 'out: existing and related (ftp) connections' \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'in: existing connections' \
-j ACCEPT
iptables \
-A FP-vnet0 \
-p tcp \
--dport 21:22 \
-m state \
--state NEW \
-m comment \
--comment 'in: ftp and ssh' \
-j ACCEPT
iptables \
-A FP-vnet0 \
-p icmp \
-m state \
--state NEW \
-m comment \
--comment 'in: icmp' \
-j ACCEPT
iptables \
-A FJ-vnet0 \
-p udp \
--dport 53 \
-m state \
--state NEW \
-m comment \
--comment 'out: DNS lookups' \
-j RETURN
iptables \
-A HJ-vnet0 \
-p udp \
--dport 53 \
-m state \
--state NEW \
-m comment \
--comment 'out: DNS lookups' \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m comment \
--comment 'inout: drop all non-accepted traffic' \
-j DROP
iptables \
-A FP-vnet0 \
-p all \
-m comment \
--comment 'inout: drop all non-accepted traffic' \
-j DROP
iptables \
-A HJ-vnet0 \
-p all \
-m comment \
--comment 'inout: drop all non-accepted traffic' \
-j DROP

140
tests/nwfilterxml2firewalldata/hex-data-linux.args
View File

@ -1,28 +1,114 @@
ebtables -t nat -A libvirt-P-vnet0 -p 0x1234 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p ipv4 --ip-source 10.1.2.3/32 \
--ip-destination 10.1.2.3/32 --ip-protocol 17 --ip-source-port 291:564 \
--ip-destination-port 13398:17767 --ip-tos 0x32 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:80 -p ipv6 --ip6-source ::10.1.2.3/22 \
--ip6-destination ::10.1.2.3/113 --ip6-protocol 6 --ip6-source-port 273:400 \
--ip6-destination-port 13107:65535 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x806 --arp-htype 18 --arp-opcode 1 \
--arp-ptype 0x56 --arp-mac-src 01:02:03:04:05:06 --arp-mac-dst 0a:0b:0c:0d:0e:0f \
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-p 0x1234 \
-j ACCEPT
iptables -A FJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 34 --sport 291:400 --dport 564:1092 -m state \
--state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p udp --source 10.1.2.3/32 -m dscp --dscp 34 \
--dport 291:400 --sport 564:1092 -m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 34 --sport 291:400 --dport 564:1092 -m state \
--state NEW,ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 57 \
--dport 32:33 --sport 256:4369 -m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 -m dscp --dscp 57 --sport 32:33 --dport 256:4369 -m state \
--state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 57 \
--dport 32:33 --sport 256:4369 -m state --state ESTABLISHED -j RETURN
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p ipv4 \
--ip-source 10.1.2.3/32 \
--ip-destination 10.1.2.3/32 \
--ip-protocol 17 \
--ip-source-port 291:564 \
--ip-destination-port 13398:17767 \
--ip-tos 0x32 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:80 \
-p ipv6 \
--ip6-source ::10.1.2.3/22 \
--ip6-destination ::10.1.2.3/113 \
--ip6-protocol 6 \
--ip6-source-port 273:400 \
--ip6-destination-port 13107:65535 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x806 \
--arp-htype 18 \
--arp-opcode 1 \
--arp-ptype 0x56 \
--arp-mac-src 01:02:03:04:05:06 \
--arp-mac-dst 0a:0b:0c:0d:0e:0f \
-j ACCEPT
iptables \
-A FJ-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 34 \
--sport 291:400 \
--dport 564:1092 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p udp \
--source 10.1.2.3/32 \
-m dscp \
--dscp 34 \
--dport 291:400 \
--sport 564:1092 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 34 \
--sport 291:400 \
--dport 564:1092 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
-m dscp \
--dscp 57 \
--dport 32:33 \
--sport 256:4369 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 \
-m dscp \
--dscp 57 \
--sport 32:33 \
--dport 256:4369 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
-m dscp \
--dscp 57 \
--dport 32:33 \
--sport 256:4369 \
-m state \
--state ESTABLISHED \
-j RETURN

36
tests/nwfilterxml2firewalldata/icmp-direction-linux.args
View File

@ -1,9 +1,33 @@
iptables -A FP-vnet0 -p icmp --icmp-type 0 -m state --state NEW,ESTABLISHED \
iptables \
-A FP-vnet0 \
-p icmp \
--icmp-type 0 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables -A FJ-vnet0 -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED \
iptables \
-A FJ-vnet0 \
-p icmp \
--icmp-type 8 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables -A HJ-vnet0 -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED \
iptables \
-A HJ-vnet0 \
-p icmp \
--icmp-type 8 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables -A FJ-vnet0 -p icmp -j DROP
iptables -A FP-vnet0 -p icmp -j DROP
iptables -A HJ-vnet0 -p icmp -j DROP
iptables \
-A FJ-vnet0 \
-p icmp \
-j DROP
iptables \
-A FP-vnet0 \
-p icmp \
-j DROP
iptables \
-A HJ-vnet0 \
-p icmp \
-j DROP

36
tests/nwfilterxml2firewalldata/icmp-direction2-linux.args
View File

@ -1,9 +1,33 @@
iptables -A FP-vnet0 -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED \
iptables \
-A FP-vnet0 \
-p icmp \
--icmp-type 8 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables -A FJ-vnet0 -p icmp --icmp-type 0 -m state --state NEW,ESTABLISHED \
iptables \
-A FJ-vnet0 \
-p icmp \
--icmp-type 0 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables -A HJ-vnet0 -p icmp --icmp-type 0 -m state --state NEW,ESTABLISHED \
iptables \
-A HJ-vnet0 \
-p icmp \
--icmp-type 0 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables -A FJ-vnet0 -p icmp -j DROP
iptables -A FP-vnet0 -p icmp -j DROP
iptables -A HJ-vnet0 -p icmp -j DROP
iptables \
-A FJ-vnet0 \
-p icmp \
-j DROP
iptables \
-A FP-vnet0 \
-p icmp \
-j DROP
iptables \
-A HJ-vnet0 \
-p icmp \
-j DROP

36
tests/nwfilterxml2firewalldata/icmp-direction3-linux.args
View File

@ -1,6 +1,30 @@
iptables -A FJ-vnet0 -p icmp -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p icmp -m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p icmp -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p all -j DROP
iptables -A FP-vnet0 -p all -j DROP
iptables -A HJ-vnet0 -p all -j DROP
iptables \
-A FJ-vnet0 \
-p icmp \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p icmp \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p icmp \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-j DROP
iptables \
-A FP-vnet0 \
-p all \
-j DROP
iptables \
-A HJ-vnet0 \
-p all \
-j DROP

45
tests/nwfilterxml2firewalldata/icmp-linux.args
View File

@ -1,9 +1,36 @@
iptables -A FJ-vnet0 -p icmp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 --icmp-type 12/11 -m state \
--state NEW,ESTABLISHED -j RETURN
iptables -A HJ-vnet0 -p icmp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 --icmp-type 12/11 -m state \
--state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p icmp -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 --icmp-type 255/255 -m state \
--state NEW,ESTABLISHED -j ACCEPT
iptables \
-A FJ-vnet0 \
-p icmp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
--icmp-type 12/11 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A HJ-vnet0 \
-p icmp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
--icmp-type 12/11 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p icmp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
--icmp-type 255/255 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT

62
tests/nwfilterxml2firewalldata/icmpv6-linux.args
View File

@ -1,12 +1,50 @@
ip6tables -A FJ-vnet0 -p icmpv6 -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 \
--icmpv6-type 12/11 -m state --state NEW,ESTABLISHED -j RETURN
ip6tables -A HJ-vnet0 -p icmpv6 -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 \
--icmpv6-type 12/11 -m state --state NEW,ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p icmpv6 -m mac --mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 -m dscp --dscp 33 --icmpv6-type 255/255 -m state \
--state NEW,ESTABLISHED -j ACCEPT
ip6tables -A FP-vnet0 -p icmpv6 -m mac --mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 -m dscp --dscp 33 --icmpv6-type 255/255 -m state \
--state NEW,ESTABLISHED -j ACCEPT
ip6tables \
-A FJ-vnet0 \
-p icmpv6 \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
--icmpv6-type 12/11 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A HJ-vnet0 \
-p icmpv6 \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
--icmpv6-type 12/11 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p icmpv6 \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 \
-m dscp \
--dscp 33 \
--icmpv6-type 255/255 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A FP-vnet0 \
-p icmpv6 \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
--icmpv6-type 255/255 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT

107
tests/nwfilterxml2firewalldata/igmp-linux.args
View File

@ -1,18 +1,89 @@
iptables -A FJ-vnet0 -p igmp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p igmp --source 10.1.2.3/32 -m dscp --dscp 2 -m state \
--state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p igmp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p igmp --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p igmp -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p igmp --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p igmp --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p igmp -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p igmp --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -j RETURN
iptables \
-A FJ-vnet0 \
-p igmp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p igmp \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p igmp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p igmp \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p igmp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p igmp \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p igmp \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p igmp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p igmp \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN

38
tests/nwfilterxml2firewalldata/ip-linux.args
View File

@ -1,8 +1,30 @@
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p ipv4 --ip-source 10.1.2.3/32 \
--ip-destination 10.1.2.3/32 --ip-protocol 17 --ip-source-port 20:22 \
--ip-destination-port 100:101 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -p ipv4 --ip-source 10.1.2.3/17 \
--ip-destination 10.1.2.3/24 --ip-protocol 17 --ip-tos 0x3f -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -p ipv4 --ip-source 10.1.2.3/31 \
--ip-destination 10.1.2.3/25 --ip-protocol 255 --ip-tos 0x3f -j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p ipv4 \
--ip-source 10.1.2.3/32 \
--ip-destination 10.1.2.3/32 \
--ip-protocol 17 \
--ip-source-port 20:22 \
--ip-destination-port 100:101 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-p ipv4 \
--ip-source 10.1.2.3/17 \
--ip-destination 10.1.2.3/24 \
--ip-protocol 17 \
--ip-tos 0x3f \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-p ipv4 \
--ip-source 10.1.2.3/31 \
--ip-destination 10.1.2.3/25 \
--ip-protocol 255 \
--ip-tos 0x3f \
-j ACCEPT

180
tests/nwfilterxml2firewalldata/ipset-linux.args
View File

@ -1,36 +1,144 @@
iptables -A FJ-vnet0 -p all -m state --state NEW,ESTABLISHED -m set \
--match-set tck_test src,dst -j RETURN
iptables -A FP-vnet0 -p all -m state --state ESTABLISHED -m set \
--match-set tck_test dst,src -j ACCEPT
iptables -A HJ-vnet0 -p all -m state --state NEW,ESTABLISHED -m set \
--match-set tck_test src,dst -j RETURN
iptables -A FP-vnet0 -p all -m set --match-set tck_test src,dst -m comment \
--comment in+NONE -j ACCEPT
iptables -A FJ-vnet0 -p all -m set --match-set tck_test src,dst -m comment \
--comment out+NONE -j RETURN
iptables -A HJ-vnet0 -p all -m set --match-set tck_test src,dst -m comment \
--comment out+NONE -j RETURN
iptables -A FJ-vnet0 -p all -m state --state ESTABLISHED -m set \
--match-set tck_test dst,src,dst -j RETURN
iptables -A FP-vnet0 -p all -m state --state NEW,ESTABLISHED -m set \
--match-set tck_test src,dst,src -j ACCEPT
iptables -A HJ-vnet0 -p all -m state --state ESTABLISHED -m set \
--match-set tck_test dst,src,dst -j RETURN
iptables -A FJ-vnet0 -p all -m state --state ESTABLISHED -m set \
--match-set tck_test dst,src,dst -j RETURN
iptables -A FP-vnet0 -p all -m state --state NEW,ESTABLISHED -m set \
--match-set tck_test src,dst,src -j ACCEPT
iptables -A HJ-vnet0 -p all -m state --state ESTABLISHED -m set \
--match-set tck_test dst,src,dst -j RETURN
iptables -A FJ-vnet0 -p all -m state --state ESTABLISHED -m set \
--match-set tck_test dst,src -j RETURN
iptables -A FP-vnet0 -p all -m state --state NEW,ESTABLISHED -m set \
--match-set tck_test src,dst -j ACCEPT
iptables -A HJ-vnet0 -p all -m state --state ESTABLISHED -m set \
--match-set tck_test dst,src -j RETURN
iptables -A FJ-vnet0 -p all -m set --match-set tck_test dst,src -m comment \
--comment inout -j RETURN
iptables -A FP-vnet0 -p all -m set --match-set tck_test src,dst -m comment \
--comment inout -j ACCEPT
iptables -A HJ-vnet0 -p all -m set --match-set tck_test dst,src -m comment \
--comment inout -j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m state \
--state NEW,ESTABLISHED \
-m set \
--match-set tck_test src,dst \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-m set \
--match-set tck_test dst,src \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m state \
--state NEW,ESTABLISHED \
-m set \
--match-set tck_test src,dst \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m set \
--match-set tck_test src,dst \
-m comment \
--comment in+NONE \
-j ACCEPT
iptables \
-A FJ-vnet0 \
-p all \
-m set \
--match-set tck_test src,dst \
-m comment \
--comment out+NONE \
-j RETURN
iptables \
-A HJ-vnet0 \
-p all \
-m set \
--match-set tck_test src,dst \
-m comment \
--comment out+NONE \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-m set \
--match-set tck_test dst,src,dst \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m state \
--state NEW,ESTABLISHED \
-m set \
--match-set tck_test src,dst,src \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-m set \
--match-set tck_test dst,src,dst \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-m set \
--match-set tck_test dst,src,dst \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m state \
--state NEW,ESTABLISHED \
-m set \
--match-set tck_test src,dst,src \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-m set \
--match-set tck_test dst,src,dst \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-m set \
--match-set tck_test dst,src \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m state \
--state NEW,ESTABLISHED \
-m set \
--match-set tck_test src,dst \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m state \
--state ESTABLISHED \
-m set \
--match-set tck_test dst,src \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m set \
--match-set tck_test dst,src \
-m comment \
--comment inout \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m set \
--match-set tck_test src,dst \
-m comment \
--comment inout \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m set \
--match-set tck_test dst,src \
-m comment \
--comment inout \
-j RETURN

14
tests/nwfilterxml2firewalldata/ipt-no-macspoof-linux.args
View File

@ -1,2 +1,12 @@
iptables -A FP-vnet0 -p all -m mac '!' --mac-source 12:34:56:78:9a:bc -j DROP
iptables -A FP-vnet0 -p all -m mac '!' --mac-source aa:aa:aa:aa:aa:aa -j DROP
iptables \
-A FP-vnet0 \
-p all \
-m mac '!' \
--mac-source 12:34:56:78:9a:bc \
-j DROP
iptables \
-A FP-vnet0 \
-p all \
-m mac '!' \
--mac-source aa:aa:aa:aa:aa:aa \
-j DROP

176
tests/nwfilterxml2firewalldata/ipv6-linux.args
View File

@ -1,36 +1,140 @@
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:80 -p ipv6 --ip6-source ::10.1.2.3/22 \
--ip6-destination ::10.1.2.3/113 --ip6-protocol 17 --ip6-source-port 20:22 \
--ip6-destination-port 100:101 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 --ip6-protocol 6 --ip6-destination-port 20:22 \
--ip6-source-port 100:101 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 --ip6-protocol 6 --ip6-source-port 20:22 \
--ip6-destination-port 100:101 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 --ip6-protocol 6 --ip6-destination-port 255:256 \
--ip6-source-port 65535:65535 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 --ip6-protocol 6 --ip6-source-port 255:256 \
--ip6-destination-port 65535:65535 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 --ip6-protocol 18 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 --ip6-protocol 18 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:11/10:11 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:11/10:11 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/10:10 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/10:10 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 0:255/10:10 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 0:255/10:10 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/0:255 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/0:255 -j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:80 \
-p ipv6 \
--ip6-source ::10.1.2.3/22 \
--ip6-destination ::10.1.2.3/113 \
--ip6-protocol 17 \
--ip6-source-port 20:22 \
--ip6-destination-port 100:101 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
--ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 \
--ip6-protocol 6 \
--ip6-destination-port 20:22 \
--ip6-source-port 100:101 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
--ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 \
--ip6-protocol 6 \
--ip6-source-port 20:22 \
--ip6-destination-port 100:101 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
--ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 \
--ip6-protocol 6 \
--ip6-destination-port 255:256 \
--ip6-source-port 65535:65535 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
--ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 \
--ip6-protocol 6 \
--ip6-source-port 255:256 \
--ip6-destination-port 65535:65535 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
--ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 \
--ip6-protocol 18 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
--ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 \
--ip6-protocol 18 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
--ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 \
--ip6-protocol 58 \
--ip6-icmp-type 1:11/10:11 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
--ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 \
--ip6-protocol 58 \
--ip6-icmp-type 1:11/10:11 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
--ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 \
--ip6-protocol 58 \
--ip6-icmp-type 1:1/10:10 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
--ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 \
--ip6-protocol 58 \
--ip6-icmp-type 1:1/10:10 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
--ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 \
--ip6-protocol 58 \
--ip6-icmp-type 0:255/10:10 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
--ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 \
--ip6-protocol 58 \
--ip6-icmp-type 0:255/10:10 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-p ipv6 \
--ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 \
--ip6-protocol 58 \
--ip6-icmp-type 1:1/0:255 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-p ipv6 \
--ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 \
--ip6-protocol 58 \
--ip6-icmp-type 1:1/0:255 \
-j ACCEPT

108
tests/nwfilterxml2firewalldata/iter1-linux.args
View File

@ -1,18 +1,90 @@
iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 2 --sport 80 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 2 --dport 80 \
-m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 2 --sport 80 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 2 --sport 90 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p tcp --destination 2.2.2.2 -m dscp --dscp 2 --dport 90 \
-m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 2 --sport 90 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 2 --sport 80 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p tcp --destination 3.3.3.3 -m dscp --dscp 2 --dport 80 \
-m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 2 --sport 80 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
-m dscp \
--dscp 2 \
--sport 80 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
-m dscp \
--dscp 2 \
--dport 80 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
-m dscp \
--dscp 2 \
--sport 80 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
-m dscp \
--dscp 2 \
--sport 90 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p tcp \
--destination 2.2.2.2 \
-m dscp \
--dscp 2 \
--dport 90 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p tcp \
--source 2.2.2.2 \
-m dscp \
--dscp 2 \
--sport 90 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
-m dscp \
--dscp 2 \
--sport 80 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p tcp \
--destination 3.3.3.3 \
-m dscp \
--dscp 2 \
--dport 80 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p tcp \
--source 3.3.3.3 \
-m dscp \
--dscp 2 \
--sport 80 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN

2160
tests/nwfilterxml2firewalldata/iter2-linux.args
View File

File diff suppressed because it is too large Load Diff

183
tests/nwfilterxml2firewalldata/iter3-linux.args
View File

@ -1,30 +1,153 @@
iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 1 --sport 80 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 1 --dport 80 \
-m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 1 --sport 80 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 1 --sport 90 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 1 --dport 90 \
-m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 1 --sport 90 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 80 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p udp --destination 2.2.2.2 -m dscp --dscp 2 --dport 80 \
-m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 80 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 90 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p udp --destination 2.2.2.2 -m dscp --dscp 2 --dport 90 \
-m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 90 \
-m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 80 \
--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p sctp --destination 2.2.2.2 -m dscp --dscp 3 \
--dport 80 --sport 1100 -m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 80 \
--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN
iptables \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
-m dscp \
--dscp 1 \
--sport 80 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
-m dscp \
--dscp 1 \
--dport 80 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
-m dscp \
--dscp 1 \
--sport 80 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
-m dscp \
--dscp 1 \
--sport 90 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p tcp \
--destination 1.1.1.1 \
-m dscp \
--dscp 1 \
--dport 90 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p tcp \
--source 1.1.1.1 \
-m dscp \
--dscp 1 \
--sport 90 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p udp \
--source 2.2.2.2 \
-m dscp \
--dscp 2 \
--sport 80 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p udp \
--destination 2.2.2.2 \
-m dscp \
--dscp 2 \
--dport 80 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p udp \
--source 2.2.2.2 \
-m dscp \
--dscp 2 \
--sport 80 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p udp \
--source 2.2.2.2 \
-m dscp \
--dscp 2 \
--sport 90 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p udp \
--destination 2.2.2.2 \
-m dscp \
--dscp 2 \
--dport 90 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p udp \
--source 2.2.2.2 \
-m dscp \
--dscp 2 \
--sport 90 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
-m dscp \
--dscp 3 \
--sport 80 \
--dport 1100 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p sctp \
--destination 2.2.2.2 \
-m dscp \
--dscp 3 \
--dport 80 \
--sport 1100 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p sctp \
--source 2.2.2.2 \
-m dscp \
--dscp 3 \
--sport 80 \
--dport 1100 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN

32
tests/nwfilterxml2firewalldata/mac-linux.args
View File

@ -1,8 +1,24 @@
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x600 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0xffff -j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x600 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0xffff \
-j ACCEPT

57
tests/nwfilterxml2firewalldata/rarp-linux.args
View File

@ -1,12 +1,47 @@
ebtables -t nat -N libvirt-J-vnet0
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8035 --arp-htype 12 --arp-opcode 1 \
--arp-ptype 0x22 --arp-mac-src 01:02:03:04:05:06 --arp-mac-dst 0a:0b:0c:0d:0e:0f \
ebtables \
-t nat \
-N libvirt-J-vnet0
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x8035 \
--arp-htype 12 \
--arp-opcode 1 \
--arp-ptype 0x22 \
--arp-mac-src 01:02:03:04:05:06 \
--arp-mac-dst 0a:0b:0c:0d:0e:0f \
-j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x8035 --arp-htype 255 --arp-opcode 1 --arp-ptype 0xff -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x8035 --arp-htype 256 --arp-opcode 11 --arp-ptype 0x100 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x8035 --arp-htype 65535 --arp-opcode 65535 --arp-ptype 0xffff -j ACCEPT
ebtables -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x8035 \
--arp-htype 255 \
--arp-opcode 1 \
--arp-ptype 0xff \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x8035 \
--arp-htype 256 \
--arp-opcode 11 \
--arp-ptype 0x100 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x8035 \
--arp-htype 65535 \
--arp-opcode 65535 \
--arp-ptype 0xffff \
-j ACCEPT
ebtables \
-t nat \
-A PREROUTING \
-i vnet0 \
-j libvirt-J-vnet0

119
tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args
View File

@ -1,22 +1,101 @@
ip6tables -A FJ-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \
ip6tables \
-A FJ-vnet0 \
-p sctp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables -A FP-vnet0 -p sctp --source a:b:c::d:e:f/128 -m dscp --dscp 2 \
-m state --state ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \
ip6tables \
-A FP-vnet0 \
-p sctp \
--source a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p sctp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p sctp \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p sctp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 \
-m dscp \
--dscp 33 \
--sport 20:21 \
--dport 100:1111 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p sctp \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p sctp \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p sctp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 \
-m dscp \
--dscp 63 \
--sport 255:256 \
--dport 65535:65535 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p sctp \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables -A FJ-vnet0 -p sctp --destination a:b:c::/128 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -m state \
--state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p sctp --destination a:b:c::/128 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p sctp --destination ::10.1.2.3/128 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 -m state \
--state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p sctp --destination ::10.1.2.3/128 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN

121
tests/nwfilterxml2firewalldata/sctp-linux.args
View File

@ -1,20 +1,101 @@
iptables -A FJ-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p sctp --source 10.1.2.3/32 -m dscp --dscp 2 -m state \
--state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p sctp --destination 10.1.2.3/32 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -m state \
--state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p sctp --destination 10.1.2.3/32 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p sctp --destination 10.1.2.3/32 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 -m state \
--state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p sctp --destination 10.1.2.3/32 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN
iptables \
-A FJ-vnet0 \
-p sctp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p sctp \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p sctp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p sctp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p sctp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--sport 20:21 \
--dport 100:1111 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p sctp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p sctp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p sctp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--sport 255:256 \
--dport 65535:65535 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p sctp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m state \
--state ESTABLISHED \
-j RETURN

74
tests/nwfilterxml2firewalldata/stp-linux.args
View File

@ -1,18 +1,58 @@
ebtables -t nat -F J-vnet0-stp-xyz
ebtables -t nat -X J-vnet0-stp-xyz
ebtables -t nat -N J-vnet0-stp-xyz
ebtables -t nat -A libvirt-J-vnet0 -d 01:80:c2:00:00:00 -j J-vnet0-stp-xyz
ebtables -t nat -F P-vnet0-stp-xyz
ebtables -t nat -X P-vnet0-stp-xyz
ebtables -t nat -N P-vnet0-stp-xyz
ebtables -t nat -A libvirt-P-vnet0 -d 01:80:c2:00:00:00 -j P-vnet0-stp-xyz
ebtables -t nat -A P-vnet0-stp-xyz -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d 01:80:c2:00:00:00 --stp-type 18 --stp-flags 68 -j CONTINUE
ebtables -t nat -A J-vnet0-stp-xyz -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d 01:80:c2:00:00:00 --stp-root-pri 4660:9029 \
ebtables \
-t nat \
-F J-vnet0-stp-xyz
ebtables \
-t nat \
-X J-vnet0-stp-xyz
ebtables \
-t nat \
-N J-vnet0-stp-xyz
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-d 01:80:c2:00:00:00 \
-j J-vnet0-stp-xyz
ebtables \
-t nat \
-F P-vnet0-stp-xyz
ebtables \
-t nat \
-X P-vnet0-stp-xyz
ebtables \
-t nat \
-N P-vnet0-stp-xyz
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-d 01:80:c2:00:00:00 \
-j P-vnet0-stp-xyz
ebtables \
-t nat \
-A P-vnet0-stp-xyz \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d 01:80:c2:00:00:00 \
--stp-type 18 \
--stp-flags 68 \
-j CONTINUE
ebtables \
-t nat \
-A J-vnet0-stp-xyz \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d 01:80:c2:00:00:00 \
--stp-root-pri 4660:9029 \
--stp-root-addr 06:05:04:03:02:01/ff:ff:ff:ff:ff:ff \
--stp-root-cost 287454020:573785173 -j RETURN
ebtables -t nat -A P-vnet0-stp-xyz -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d 01:80:c2:00:00:00 --stp-sender-prio 4660 --stp-sender-addr 06:05:04:03:02:01 \
--stp-port 123:234 --stp-msg-age 5544:5555 --stp-max-age 7777:8888 \
--stp-hello-time 12345:12346 --stp-forward-delay 54321:65432 -j DROP
--stp-root-cost 287454020:573785173 \
-j RETURN
ebtables \
-t nat \
-A P-vnet0-stp-xyz \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d 01:80:c2:00:00:00 \
--stp-sender-prio 4660 \
--stp-sender-addr 06:05:04:03:02:01 \
--stp-port 123:234 \
--stp-msg-age 5544:5555 \
--stp-max-age 7777:8888 \
--stp-hello-time 12345:12346 \
--stp-forward-delay 54321:65432 \
-j DROP

368
tests/nwfilterxml2firewalldata/target-linux.args
View File

@ -1,75 +1,309 @@
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 -j ACCEPT
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 -j DROP
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 -j DROP
ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 -j DROP
ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 -j DROP
iptables -A FJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -m comment \
--comment 'accept rule -- dir out' -j RETURN
iptables -A FP-vnet0 -p all --source 10.1.2.3/32 -m dscp --dscp 2 -m state \
--state ESTABLISHED -m comment --comment 'accept rule -- dir out' -j ACCEPT
iptables -A HJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -m comment \
--comment 'accept rule -- dir out' -j RETURN
iptables -A FJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m comment \
--comment 'drop rule -- dir out' -j DROP
iptables -A FP-vnet0 -p all --source 10.1.2.3/32 -m dscp --dscp 2 -m comment \
--comment 'drop rule -- dir out' -j DROP
iptables -A HJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m comment \
--comment 'drop rule -- dir out' -j DROP
iptables -A FJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m comment \
--comment 'reject rule -- dir out' -j REJECT
iptables -A FP-vnet0 -p all --source 10.1.2.3/32 -m dscp --dscp 2 \
-m comment --comment 'reject rule -- dir out' -j REJECT
iptables -A HJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m comment \
--comment 'reject rule -- dir out' -j REJECT
iptables -A FJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -m comment --comment 'accept rule -- dir in' -j RETURN
iptables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -m comment \
--comment 'accept rule -- dir in' -j ACCEPT
iptables -A HJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m state --state ESTABLISHED -m comment --comment 'accept rule -- dir in' -j RETURN
iptables -A FJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m comment --comment 'drop rule -- dir in' -j DROP
iptables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m comment --comment 'drop rule -- dir in' \
-j DROP
iptables -A HJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m comment --comment 'drop rule -- dir in' -j DROP
iptables -A FJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m comment --comment 'reject rule -- dir in' -j REJECT
iptables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m comment --comment 'reject rule -- dir in' \
-j REJECT
iptables -A HJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \
-m comment --comment 'reject rule -- dir in' -j REJECT
iptables -A FJ-vnet0 -p all -m comment --comment 'accept rule -- dir inout' \
-j RETURN
iptables -A FP-vnet0 -p all -m comment --comment 'accept rule -- dir inout' \
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j ACCEPT
iptables -A HJ-vnet0 -p all -m comment --comment 'accept rule -- dir inout' \
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j DROP
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j DROP
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j DROP
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j DROP
iptables \
-A FJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir out' \
-j RETURN
iptables -A FJ-vnet0 -p all -m comment --comment 'drop rule -- dir inout' \
iptables \
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir out' \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir out' \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'drop rule \
-- dir out' \
-j DROP
iptables -A FP-vnet0 -p all -m comment --comment 'drop rule -- dir inout' \
iptables \
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'drop rule \
-- dir out' \
-j DROP
iptables -A HJ-vnet0 -p all -m comment --comment 'drop rule -- dir inout' \
iptables \
-A HJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'drop rule \
-- dir out' \
-j DROP
iptables -A FJ-vnet0 -p all -m comment --comment 'reject rule -- dir inout' \
iptables \
-A FJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'reject rule \
-- dir out' \
-j REJECT
iptables -A FP-vnet0 -p all -m comment --comment 'reject rule -- dir inout' \
iptables \
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'reject rule \
-- dir out' \
-j REJECT
iptables -A HJ-vnet0 -p all -m comment --comment 'reject rule -- dir inout' \
iptables \
-A HJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'reject rule \
-- dir out' \
-j REJECT
iptables \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir in' \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir in' \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir in' \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'drop rule \
-- dir in' \
-j DROP
iptables \
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'drop rule \
-- dir in' \
-j DROP
iptables \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'drop rule \
-- dir in' \
-j DROP
iptables \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'reject rule \
-- dir in' \
-j REJECT
iptables \
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'reject rule \
-- dir in' \
-j REJECT
iptables \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'reject rule \
-- dir in' \
-j REJECT
iptables \
-A FJ-vnet0 \
-p all \
-m comment \
--comment 'accept rule \
-- dir inout' \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m comment \
--comment 'accept rule \
-- dir inout' \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m comment \
--comment 'accept rule \
-- dir inout' \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m comment \
--comment 'drop rule \
-- dir inout' \
-j DROP
iptables \
-A FP-vnet0 \
-p all \
-m comment \
--comment 'drop rule \
-- dir inout' \
-j DROP
iptables \
-A HJ-vnet0 \
-p all \
-m comment \
--comment 'drop rule \
-- dir inout' \
-j DROP
iptables \
-A FJ-vnet0 \
-p all \
-m comment \
--comment 'reject rule \
-- dir inout' \
-j REJECT
iptables \
-A FP-vnet0 \
-p all \
-m comment \
--comment 'reject rule \
-- dir inout' \
-j REJECT
iptables \
-A HJ-vnet0 \
-p all \
-m comment \
--comment 'reject rule \
-- dir inout' \
-j REJECT

71
tests/nwfilterxml2firewalldata/target2-linux.args
View File

@ -1,13 +1,60 @@
iptables -A FP-vnet0 -p tcp --dport 22 -j ACCEPT
iptables -A FJ-vnet0 -p tcp --sport 22 -j RETURN
iptables -A HJ-vnet0 -p tcp --sport 22 -j RETURN
iptables -A FJ-vnet0 -p tcp --sport 80 -m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED \
iptables \
-A FP-vnet0 \
-p tcp \
--dport 22 \
-j ACCEPT
iptables -A HJ-vnet0 -p tcp --sport 80 -m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p tcp -j REJECT
iptables -A FP-vnet0 -p tcp -j REJECT
iptables -A HJ-vnet0 -p tcp -j REJECT
iptables -A FJ-vnet0 -p all -j DROP
iptables -A FP-vnet0 -p all -j DROP
iptables -A HJ-vnet0 -p all -j DROP
iptables \
-A FJ-vnet0 \
-p tcp \
--sport 22 \
-j RETURN
iptables \
-A HJ-vnet0 \
-p tcp \
--sport 22 \
-j RETURN
iptables \
-A FJ-vnet0 \
-p tcp \
--sport 80 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p tcp \
--dport 80 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p tcp \
--sport 80 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p tcp \
-j REJECT
iptables \
-A FP-vnet0 \
-p tcp \
-j REJECT
iptables \
-A HJ-vnet0 \
-p tcp \
-j REJECT
iptables \
-A FJ-vnet0 \
-p all \
-j DROP
iptables \
-A FP-vnet0 \
-p all \
-j DROP
iptables \
-A HJ-vnet0 \
-p all \
-j DROP

119
tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args
View File

@ -1,22 +1,101 @@
ip6tables -A FJ-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \
ip6tables \
-A FJ-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables -A FP-vnet0 -p tcp --source a:b:c::d:e:f/128 -m dscp --dscp 2 \
-m state --state ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \
ip6tables \
-A FP-vnet0 \
-p tcp \
--source a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 \
-m dscp \
--dscp 33 \
--sport 20:21 \
--dport 100:1111 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p tcp \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 \
-m dscp \
--dscp 63 \
--sport 255:256 \
--dport 65535:65535 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p tcp \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables -A FJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -m state \
--state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p tcp --destination ::10.1.2.3/128 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 -m state \
--state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p tcp --destination ::10.1.2.3/128 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN

131
tests/nwfilterxml2firewalldata/tcp-linux.args
View File

@ -1,22 +1,109 @@
iptables -A FJ-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p tcp --source 10.1.2.3/32 -m dscp --dscp 2 -m state \
--state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p tcp --destination 10.1.2.3/32 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -j RETURN
iptables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -j ACCEPT
iptables -A HJ-vnet0 -p tcp --destination 10.1.2.3/32 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -j RETURN
iptables -A FJ-vnet0 -p tcp --destination 10.1.2.3/32 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -j RETURN
iptables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 -j ACCEPT
iptables -A HJ-vnet0 -p tcp --destination 10.1.2.3/32 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -j RETURN
iptables -A FP-vnet0 -p tcp --tcp-flags SYN ALL -j ACCEPT
iptables -A FP-vnet0 -p tcp --tcp-flags SYN SYN,ACK -j ACCEPT
iptables -A FP-vnet0 -p tcp --tcp-flags RST NONE -j ACCEPT
iptables -A FP-vnet0 -p tcp --tcp-flags PSH NONE -j ACCEPT
iptables \
-A FJ-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p tcp \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-j RETURN
iptables \
-A FP-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--sport 20:21 \
--dport 100:1111 \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-j RETURN
iptables \
-A FJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-j RETURN
iptables \
-A FP-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--sport 255:256 \
--dport 65535:65535 \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-j RETURN
iptables \
-A FP-vnet0 \
-p tcp \
--tcp-flags SYN ALL \
-j ACCEPT
iptables \
-A FP-vnet0 \
-p tcp \
--tcp-flags SYN SYN,ACK \
-j ACCEPT
iptables \
-A FP-vnet0 \
-p tcp \
--tcp-flags RST NONE \
-j ACCEPT
iptables \
-A FP-vnet0 \
-p tcp \
--tcp-flags PSH NONE \
-j ACCEPT

119
tests/nwfilterxml2firewalldata/udp-ipv6-linux.args
View File

@ -1,22 +1,101 @@
ip6tables -A FJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \
ip6tables \
-A FJ-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables -A FP-vnet0 -p udp --source a:b:c::d:e:f/128 -m dscp --dscp 2 \
-m state --state ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \
ip6tables \
-A FP-vnet0 \
-p udp \
--source a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p udp \
--destination ::a:b:c/128 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source ::a:b:c/128 \
-m dscp \
--dscp 33 \
--sport 20:21 \
--dport 100:1111 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p udp \
--destination ::a:b:c/128 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p udp \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 \
-m dscp \
--dscp 63 \
--sport 255:256 \
--dport 65535:65535 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p udp \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables -A FJ-vnet0 -p udp --destination ::a:b:c/128 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--source ::a:b:c/128 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -m state \
--state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p udp --destination ::a:b:c/128 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p udp --destination ::10.1.2.3/128 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 \
-m state --state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p udp --destination ::10.1.2.3/128 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN

121
tests/nwfilterxml2firewalldata/udp-linux.args
View File

@ -1,20 +1,101 @@
iptables -A FJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p udp --source 10.1.2.3/32 -m dscp --dscp 2 -m state \
--state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p udp --destination 10.1.2.3/32 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -m state \
--state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p udp --destination 10.1.2.3/32 -m dscp --dscp 33 \
--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p udp --destination 10.1.2.3/32 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 -m state \
--state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p udp --destination 10.1.2.3/32 -m dscp --dscp 63 \
--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN
iptables \
-A FJ-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p udp \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p udp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--sport 20:21 \
--dport 100:1111 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p udp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p udp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p udp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--sport 255:256 \
--dport 65535:65535 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p udp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m state \
--state ESTABLISHED \
-j RETURN

112
tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args
View File

@ -1,20 +1,92 @@
ip6tables -A FJ-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \
--state NEW,ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p udplite --destination f:e:d::c:b:a/127 \
--source a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \
--state NEW,ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p udplite --destination a:b:c::/128 -m dscp \
--dscp 33 -m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p udplite --destination a:b:c::/128 -m dscp \
--dscp 33 -m state --state ESTABLISHED -j RETURN
ip6tables -A FJ-vnet0 -p udplite --destination ::10.1.2.3/128 -m dscp \
--dscp 33 -m state --state ESTABLISHED -j RETURN
ip6tables -A FP-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
ip6tables -A HJ-vnet0 -p udplite --destination ::10.1.2.3/128 -m dscp \
--dscp 33 -m state --state ESTABLISHED -j RETURN
ip6tables \
-A FJ-vnet0 \
-p udplite \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p udplite \
--destination f:e:d::c:b:a/127 \
--source a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p udplite \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source f:e:d::c:b:a/127 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p udplite \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p udplite \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p udplite \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FJ-vnet0 \
-p udplite \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
ip6tables \
-A FP-vnet0 \
-p udplite \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-A HJ-vnet0 \
-p udplite \
--destination ::10.1.2.3/128 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN

107
tests/nwfilterxml2firewalldata/udplite-linux.args
View File

@ -1,18 +1,89 @@
iptables -A FJ-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p udplite --source 10.1.2.3/32 -m dscp --dscp 2 \
-m state --state ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p udplite --destination 10.1.2.3/22 -m dscp \
--dscp 33 -m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p udplite --destination 10.1.2.3/22 -m dscp \
--dscp 33 -m state --state ESTABLISHED -j RETURN
iptables -A FJ-vnet0 -p udplite --destination 10.1.2.3/22 -m dscp \
--dscp 33 -m state --state ESTABLISHED -j RETURN
iptables -A FP-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A HJ-vnet0 -p udplite --destination 10.1.2.3/22 -m dscp \
--dscp 33 -m state --state ESTABLISHED -j RETURN
iptables \
-A FJ-vnet0 \
-p udplite \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p udplite \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p udplite \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p udplite \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p udplite \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p udplite \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FJ-vnet0 \
-p udplite \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN
iptables \
-A FP-vnet0 \
-p udplite \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p udplite \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-j RETURN

70
tests/nwfilterxml2firewalldata/vlan-linux.args
View File

@ -1,14 +1,56 @@
ebtables -t nat -A libvirt-J-vnet0 -d 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-s aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-id 291 -j CONTINUE
ebtables -t nat -A libvirt-P-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-id 291 -j CONTINUE
ebtables -t nat -A libvirt-J-vnet0 -d 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-s aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-id 1234 -j RETURN
ebtables -t nat -A libvirt-P-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-id 1234 -j RETURN
ebtables -t nat -A libvirt-P-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-id 291 -j DROP
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-encap 2054 -j DROP
ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-encap 4660 -j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-d 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-s aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x8100 \
--vlan-id 291 \
-j CONTINUE
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x8100 \
--vlan-id 291 \
-j CONTINUE
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-d 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-s aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x8100 \
--vlan-id 1234 \
-j RETURN
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x8100 \
--vlan-id 1234 \
-j RETURN
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x8100 \
--vlan-id 291 \
-j DROP
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x8100 \
--vlan-encap 2054 \
-j DROP
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x8100 \
--vlan-encap 4660 \
-j ACCEPT

33
tests/qemuxml2argvdata/qemuxml2argv-aarch64-aavmf-virtio-mmio.args
View File

@ -1,14 +1,31 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 -S -M virt -cpu cortex-a53 \
-m 1024 -smp 1 -nographic \
-nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait \
-boot c -kernel /aarch64.kernel -initrd /aarch64.initrd -append \
'earlyprintk console=ttyAMA0,115200n8 rw root=/dev/vda rootwait' \
-dtb /aarch64.dtb -device virtio-serial-device,id=virtio-serial0 -usb \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 \
-S \
-M virt \
-cpu cortex-a53 \
-m 1024 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-kernel /aarch64.kernel \
-initrd /aarch64.initrd \
-append 'earlyprintk console=ttyAMA0,115200n8 rw root=/dev/vda rootwait' \
-dtb /aarch64.dtb \
-device virtio-serial-device,id=virtio-serial0 \
-usb \
-drive file=/aarch64.raw,if=none,id=drive-virtio-disk0 \
-device virtio-blk-device,drive=drive-virtio-disk0,id=virtio-disk0 \
-device virtio-net-device,vlan=0,id=net0,mac=52:54:00:09:a4:37 \
-net user,vlan=0,name=hostnet0 -chardev pty,id=charconsole0 \
-net user,vlan=0,name=hostnet0 \
-chardev pty,id=charconsole0 \
-device virtconsole,chardev=charconsole0,id=console0 \
-device virtio-balloon-device,id=balloon0 \
-object rng-random,id=objrng0,filename=/dev/random \

23
tests/qemuxml2argvdata/qemuxml2argv-aarch64-cpu-passthrough.args
View File

@ -1,5 +1,20 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 -S -M virt -cpu host -m 1024 -smp 1 -nographic \
-nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait \
-boot c -usb -drive file=/aarch64.raw,if=none,id=drive-virtio-disk0 \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 \
-S \
-M virt \
-cpu host \
-m 1024 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-usb \
-drive file=/aarch64.raw,if=none,id=drive-virtio-disk0 \
-device virtio-blk-device,drive=drive-virtio-disk0,id=virtio-disk0

25
tests/qemuxml2argvdata/qemuxml2argv-aarch64-gic.args
View File

@ -1,6 +1,23 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 -S -M virt -no-kvm -cpu cortex-a53 -m 1024 -smp 1 \
-nographic -nodefaults -monitor unix:/tmp/test-monitor,server,nowait -boot c \
-kernel /aarch64.kernel -initrd /aarch64.initrd -append console=ttyAMA0 -usb \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 \
-S \
-M virt \
-no-kvm \
-cpu cortex-a53 \
-m 1024 \
-smp 1 \
-nographic \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-kernel /aarch64.kernel \
-initrd /aarch64.initrd \
-append console=ttyAMA0 \
-usb \
-net nic,macaddr=52:54:00:09:a4:37,vlan=0,model=virtio,name=net0 \
-net user,vlan=0,name=hostnet0

25
tests/qemuxml2argvdata/qemuxml2argv-aarch64-gicv3.args
View File

@ -1,7 +1,22 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 -S -machine virt,accel=tcg,gic-version=3 \
-cpu cortex-a53 -m 1024 -smp 1 \
-nographic -nodefaults -monitor unix:/tmp/test-monitor,server,nowait -boot c \
-kernel /aarch64.kernel -initrd /aarch64.initrd -append console=ttyAMA0 -usb \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 \
-S \
-machine virt,accel=tcg,gic-version=3 \
-cpu cortex-a53 \
-m 1024 \
-smp 1 \
-nographic \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-kernel /aarch64.kernel \
-initrd /aarch64.initrd \
-append console=ttyAMA0 \
-usb \
-net nic,macaddr=52:54:00:09:a4:37,vlan=0,model=virtio,name=net0 \
-net user,vlan=0,name=hostnet0

28
tests/qemuxml2argvdata/qemuxml2argv-aarch64-kvm-32-on-64.args
View File

@ -1,10 +1,26 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 -S -M virt -cpu host,aarch64=off -m 1024 -smp 1 \
-nographic -nodefconfig -nodefaults \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 \
-S \
-M virt \
-cpu host,aarch64=off \
-m 1024 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c -kernel /arm.kernel -initrd /arm.initrd \
-boot c \
-kernel /arm.kernel \
-initrd /arm.initrd \
-append 'console=ttyAMA0,115200n8 rw root=/dev/vda rootwait physmap.enabled=0' \
-usb -drive file=/arm.raw,if=none,id=drive-virtio-disk0 \
-usb \
-drive file=/arm.raw,if=none,id=drive-virtio-disk0 \
-device virtio-blk-device,drive=drive-virtio-disk0,id=virtio-disk0 \
-device virtio-net-device,vlan=0,id=net0,mac=52:54:00:09:a4:37 \
-net user,vlan=0,name=hostnet0 -serial pty
-net user,vlan=0,name=hostnet0 \
-serial pty

34
tests/qemuxml2argvdata/qemuxml2argv-aarch64-mmio-default-pci.args
View File

@ -1,16 +1,34 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 -S -M virt -cpu cortex-a53 -m 1024 -smp 1 \
-nographic -nodefconfig -nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait -boot c \
-kernel /aarch64.kernel -initrd /aarch64.initrd \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 \
-S \
-M virt \
-cpu cortex-a53 \
-m 1024 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-kernel /aarch64.kernel \
-initrd /aarch64.initrd \
-append 'earlyprintk console=ttyAMA0,115200n8 rw root=/dev/vda rootwait' \
-dtb /aarch64.dtb -device i82801b11-bridge,id=pci.1,bus=pcie.0,addr=0x1 \
-dtb /aarch64.dtb \
-device i82801b11-bridge,id=pci.1,bus=pcie.0,addr=0x1 \
-device pci-bridge,chassis_nr=2,id=pci.2,bus=pci.1,addr=0x1 \
-device virtio-serial-device,id=virtio-serial0 -usb \
-device virtio-serial-device,id=virtio-serial0 \
-usb \
-drive file=/aarch64.raw,if=none,id=drive-virtio-disk0 \
-device virtio-blk-device,drive=drive-virtio-disk0,id=virtio-disk0 \
-device virtio-net-device,vlan=0,id=net0,mac=52:54:00:09:a4:37 \
-net user,vlan=0,name=hostnet0 -serial pty -chardev pty,id=charconsole1 \
-net user,vlan=0,name=hostnet0 \
-serial pty \
-chardev pty,id=charconsole1 \
-device virtconsole,chardev=charconsole1,id=console1 \
-device virtio-balloon-device,id=balloon0 \
-object rng-random,id=objrng0,filename=/dev/random \

28
tests/qemuxml2argvdata/qemuxml2argv-aarch64-virt-default-nic.args
View File

@ -1,7 +1,23 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 -S -M virt -cpu cortex-a53 \
-m 1024 -smp 1 -nographic \
-nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait \
-boot c -kernel /aarch64.kernel -initrd /aarch64.initrd -append console=ttyAMA0 \
-usb -device virtio-net-device,vlan=0,id=net0,mac=52:54:00:09:a4:37 \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 \
-S \
-M virt \
-cpu cortex-a53 \
-m 1024 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-kernel /aarch64.kernel \
-initrd /aarch64.initrd \
-append console=ttyAMA0 \
-usb \
-device virtio-net-device,vlan=0,id=net0,mac=52:54:00:09:a4:37 \
-net user,vlan=0,name=hostnet0

34
tests/qemuxml2argvdata/qemuxml2argv-aarch64-virt-virtio.args
View File

@ -1,14 +1,32 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 -S -M virt -cpu cortex-a53 \
-m 1024 -smp 1 -nographic \
-nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait \
-boot c -kernel /aarch64.kernel -initrd /aarch64.initrd -append \
'earlyprintk console=ttyAMA0,115200n8 rw root=/dev/vda rootwait' \
-dtb /aarch64.dtb -device virtio-serial-device,id=virtio-serial0 -usb \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 \
-S \
-M virt \
-cpu cortex-a53 \
-m 1024 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-kernel /aarch64.kernel \
-initrd /aarch64.initrd \
-append 'earlyprintk console=ttyAMA0,115200n8 rw root=/dev/vda rootwait' \
-dtb /aarch64.dtb \
-device virtio-serial-device,id=virtio-serial0 \
-usb \
-drive file=/aarch64.raw,if=none,id=drive-virtio-disk0 \
-device virtio-blk-device,drive=drive-virtio-disk0,id=virtio-disk0 \
-device virtio-net-device,vlan=0,id=net0,mac=52:54:00:09:a4:37 \
-net user,vlan=0,name=hostnet0 -serial pty -chardev pty,id=charconsole1 \
-net user,vlan=0,name=hostnet0 \
-serial pty \
-chardev pty,id=charconsole1 \
-device virtconsole,chardev=charconsole1,id=console1 \
-device virtio-balloon-device,id=balloon0 \
-object rng-random,id=objrng0,filename=/dev/random \

37
tests/qemuxml2argvdata/qemuxml2argv-aarch64-virtio-pci.args
View File

@ -1,15 +1,30 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 -S -M virt -cpu cortex-a53 -m 1024 -smp 1 \
-nographic -nodefconfig -nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait -boot c \
-kernel /aarch64.kernel -initrd /aarch64.initrd \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-aarch64 \
-S \
-M virt \
-cpu cortex-a53 \
-m 1024 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-kernel /aarch64.kernel \
-initrd /aarch64.initrd \
-append 'earlyprintk console=ttyAMA0,115200n8 rw root=/dev/vda rootwait' \
-dtb /aarch64.dtb -device i82801b11-bridge,id=pci.1,bus=pcie.0,addr=0x1 \
-dtb /aarch64.dtb \
-device i82801b11-bridge,id=pci.1,bus=pcie.0,addr=0x1 \
-device pci-bridge,chassis_nr=2,id=pci.2,bus=pci.1,addr=0x1 \
-device virtio-scsi-pci,id=scsi0,bus=pcie.0,addr=0x3 \
-usb -drive file=/aarch64.raw,if=none,id=drive-scsi0-0-0-0 \
-device scsi-disk,bus=scsi0.0,channel=0,scsi-id=0,lun=0,\
drive=drive-scsi0-0-0-0,id=scsi0-0-0-0 \
-device virtio-net-pci,vlan=0,id=net0,\
mac=52:54:00:09:a4:37,bus=pcie.0,addr=0x2 \
-usb \
-drive file=/aarch64.raw,if=none,id=drive-scsi0-0-0-0 \
-device scsi-disk,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,\
id=scsi0-0-0-0 \
-device virtio-net-pci,vlan=0,id=net0,mac=52:54:00:09:a4:37,bus=pcie.0,addr=0x2 \
-net user,vlan=0,name=hostnet0

32
tests/qemuxml2argvdata/qemuxml2argv-arm-vexpressa9-basic.args
View File

@ -1,8 +1,26 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-arm -S -M vexpress-a9 -m 1024 -smp 1 -nographic \
-nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait \
-boot c -kernel /arm.kernel -initrd /arm.initrd -append \
'console=ttyAMA0,115200n8 rw root=/dev/mmcblk0p3 rootwait physmap.enabled=0' \
-dtb /arm.dtb -usb -drive file=/arm.raw,if=sd,index=0 \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-arm \
-S \
-M vexpress-a9 \
-m 1024 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-kernel /arm.kernel \
-initrd /arm.initrd \
-append 'console=ttyAMA0,\
115200n8 rw root=/dev/mmcblk0p3 rootwait physmap.enabled=0' \
-dtb /arm.dtb \
-usb \
-drive file=/arm.raw,if=sd,index=0 \
-net nic,macaddr=52:54:00:09:a4:37,vlan=0,model=lan9118,name=net0 \
-net user,vlan=0,name=hostnet0 -serial pty
-net user,vlan=0,name=hostnet0 \
-serial pty

26
tests/qemuxml2argvdata/qemuxml2argv-arm-vexpressa9-nodevs.args
View File

@ -1,5 +1,21 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-arm -S -M vexpress-a9 -m 1024 -smp 1 -nographic \
-nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait \
-boot c -kernel /arm.kernel -initrd /arm.initrd \
-append console=ttyAMA0,115200n8 -dtb /arm.dtb -usb
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-arm \
-S \
-M vexpress-a9 \
-m 1024 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-kernel /arm.kernel \
-initrd /arm.initrd \
-append console=ttyAMA0,115200n8 \
-dtb /arm.dtb \
-usb

32
tests/qemuxml2argvdata/qemuxml2argv-arm-vexpressa9-virtio.args
View File

@ -1,13 +1,31 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-arm -S -M vexpress-a9 -m 1024 -smp 1 -nographic \
-nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait \
-boot c -kernel /arm.kernel -initrd /arm.initrd -append \
'console=ttyAMA0,115200n8 rw root=/dev/vda3 rootwait physmap.enabled=0' \
-dtb /arm.dtb -device virtio-serial-device,id=virtio-serial0 -usb \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-arm \
-S \
-M vexpress-a9 \
-m 1024 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-kernel /arm.kernel \
-initrd /arm.initrd \
-append 'console=ttyAMA0,115200n8 rw root=/dev/vda3 rootwait physmap.enabled=0' \
-dtb /arm.dtb \
-device virtio-serial-device,id=virtio-serial0 \
-usb \
-drive file=/arm.raw,if=none,id=drive-virtio-disk0 \
-device virtio-blk-device,drive=drive-virtio-disk0,id=virtio-disk0 \
-device virtio-net-device,vlan=0,id=net0,mac=52:54:00:09:a4:37 \
-net user,vlan=0,name=hostnet0 -serial pty -chardev pty,id=charconsole1 \
-net user,vlan=0,name=hostnet0 \
-serial pty \
-chardev pty,id=charconsole1 \
-device virtconsole,chardev=charconsole1,id=console1 \
-device virtio-balloon-device,id=balloon0 \
-object rng-random,id=objrng0,filename=/dev/random \

32
tests/qemuxml2argvdata/qemuxml2argv-arm-virt-virtio.args
View File

@ -1,13 +1,31 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-arm -S -M virt -m 1024 -smp 1 -nographic \
-nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait \
-boot c -kernel /arm.kernel -initrd /arm.initrd -append \
'console=ttyAMA0,115200n8 rw root=/dev/vda rootwait physmap.enabled=0' \
-dtb /arm.dtb -device virtio-serial-device,id=virtio-serial0 -usb \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-arm \
-S \
-M virt \
-m 1024 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-kernel /arm.kernel \
-initrd /arm.initrd \
-append 'console=ttyAMA0,115200n8 rw root=/dev/vda rootwait physmap.enabled=0' \
-dtb /arm.dtb \
-device virtio-serial-device,id=virtio-serial0 \
-usb \
-drive file=/arm.raw,if=none,id=drive-virtio-disk0 \
-device virtio-blk-device,drive=drive-virtio-disk0,id=virtio-disk0 \
-device virtio-net-device,vlan=0,id=net0,mac=52:54:00:09:a4:37 \
-net user,vlan=0,name=hostnet0 -serial pty -chardev pty,id=charconsole1 \
-net user,vlan=0,name=hostnet0 \
-serial pty \
-chardev pty,id=charconsole1 \
-device virtconsole,chardev=charconsole1,id=console1 \
-device virtio-balloon-device,id=balloon0 \
-object rng-random,id=objrng0,filename=/dev/random \

26
tests/qemuxml2argvdata/qemuxml2argv-balloon-device-auto.args
View File

@ -1,6 +1,20 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu -S -M \
pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -monitor \
unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \
/dev/HostVG/QEMUGuest1 -device virtio-balloon-pci,id=balloon0,bus=pci.0,\
addr=0x3
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-S \
-M pc \
-m 214 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-no-acpi \
-boot c \
-usb \
-hda /dev/HostVG/QEMUGuest1 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3

26
tests/qemuxml2argvdata/qemuxml2argv-balloon-device-period.args
View File

@ -1,6 +1,20 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu -S -M \
pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -monitor \
unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \
/dev/HostVG/QEMUGuest1 -device virtio-balloon-pci,id=balloon0,bus=pci.0,\
addr=0x12
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-S \
-M pc \
-m 214 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-no-acpi \
-boot c \
-usb \
-hda /dev/HostVG/QEMUGuest1 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x12

26
tests/qemuxml2argvdata/qemuxml2argv-balloon-device.args
View File

@ -1,6 +1,20 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu -S -M \
pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -monitor \
unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \
/dev/HostVG/QEMUGuest1 -device virtio-balloon-pci,id=balloon0,bus=pci.0,\
addr=0x12
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-S \
-M pc \
-m 214 \
-smp 1 \
-nographic \
-nodefconfig \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-no-acpi \
-boot c \
-usb \
-hda /dev/HostVG/QEMUGuest1 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x12

23
tests/qemuxml2argvdata/qemuxml2argv-bios-nvram.args
View File

@ -1,10 +1,23 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu -S -M pc \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-S \
-M pc \
-drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on \
-drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw,unit=1 \
-m 1024 -smp 1 -nographic -nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait -boot c -usb \
-m 1024 \
-smp 1 \
-nographic \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-boot c \
-usb \
-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-ide0-0-0,format=raw \
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
-serial pty -device usb-tablet,id=input0 \
-serial pty \
-device usb-tablet,id=input0 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3

26
tests/qemuxml2argvdata/qemuxml2argv-bios.args
View File

@ -1,7 +1,23 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
/usr/bin/qemu -S -M pc -bios /usr/share/seabios/bios.bin \
-m 1024 -smp 1 -nographic -nodefaults -device sga \
-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \
-usb -hda /dev/HostVG/QEMUGuest1 -serial pty \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-S \
-M pc \
-bios /usr/share/seabios/bios.bin \
-m 1024 \
-smp 1 \
-nographic \
-nodefaults \
-device sga \
-monitor unix:/tmp/test-monitor,server,nowait \
-no-acpi \
-boot c \
-usb \
-hda /dev/HostVG/QEMUGuest1 \
-serial pty \
-device usb-tablet,id=input0 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3

26
tests/qemuxml2argvdata/qemuxml2argv-blkdeviotune-max.args
View File

@ -1,10 +1,24 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-name QEMUGuest1 -S -M pc -m 214 -smp 1 -nographic -nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \
-usb -drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-ide0-0-0,cache=off,\
bps=5000,iops=6000,bps_max=10000,iops_max=11000 -device \
ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
-name QEMUGuest1 \
-S \
-M pc \
-m 214 \
-smp 1 \
-nographic \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-no-acpi \
-boot c \
-usb \
-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-ide0-0-0,cache=off,bps=5000,\
iops=6000,bps_max=10000,iops_max=11000 \
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
-drive file=/dev/HostVG/QEMUGuest2,if=none,id=drive-ide0-0-1,cache=off,\
bps_rd=5000,bps_wr=5500,iops_rd=3500,iops_wr=4000,bps_rd_max=6000,\
bps_wr_max=6500,iops_rd_max=7000,iops_wr_max=7500,iops_size=2000 \

30
tests/qemuxml2argvdata/qemuxml2argv-blkdeviotune.args
View File

@ -1,11 +1,25 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-name QEMUGuest1 -S -M pc -m 214 -smp 1 -nographic -nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \
-usb -drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-ide0-0-0,cache=off,\
bps=5000,iops=6000 -device \
ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
-name QEMUGuest1 \
-S \
-M pc \
-m 214 \
-smp 1 \
-nographic \
-nodefaults \
-monitor unix:/tmp/test-monitor,server,nowait \
-no-acpi \
-boot c \
-usb \
-drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-ide0-0-0,cache=off,bps=5000,\
iops=6000 \
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
-drive file=/dev/HostVG/QEMUGuest2,if=none,id=drive-ide0-0-1,cache=off,\
bps_rd=5000,bps_wr=5000,iops=7000 -device \
ide-drive,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 \
bps_rd=5000,bps_wr=5000,iops=7000 \
-device ide-drive,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3

25
tests/qemuxml2argvdata/qemuxml2argv-blkiotune-device.args
View File

@ -1,6 +1,21 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-name QEMUGuest1 -S -M pc -m 214 -smp 1 -nographic -monitor \
unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \
-usb -hda /dev/HostVG/QEMUGuest1 -net none -serial \
none -parallel none
-name QEMUGuest1 \
-S \
-M pc \
-m 214 \
-smp 1 \
-nographic \
-monitor unix:/tmp/test-monitor,server,nowait \
-no-acpi \
-boot c \
-usb \
-hda /dev/HostVG/QEMUGuest1 \
-net none \
-serial none \
-parallel none

25
tests/qemuxml2argvdata/qemuxml2argv-blkiotune.args
View File

@ -1,6 +1,21 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-name QEMUGuest1 -S -M pc -m 214 -smp 1 -nographic -monitor \
unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \
-usb -hda /dev/HostVG/QEMUGuest1 -net none -serial \
none -parallel none
-name QEMUGuest1 \
-S \
-M pc \
-m 214 \
-smp 1 \
-nographic \
-monitor unix:/tmp/test-monitor,server,nowait \
-no-acpi \
-boot c \
-usb \
-hda /dev/HostVG/QEMUGuest1 \
-net none \
-serial none \
-parallel none

Some files were not shown because too many files have changed in this diff Show More