mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 09:53:10 +00:00
5c6405a058
This patch adds a test case for testing the XML parser's and instantiator's support of the state attribute. The other test case tests existing capabilities. Both test cases will be used in TCK again.
38 lines
1.2 KiB
XML
38 lines
1.2 KiB
XML
<filter name='testcase'>
|
|
<uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid>
|
|
|
|
<!-- VM outgoing: allow all established and related connections -->
|
|
<rule action='accept' direction='out' priority='100'>
|
|
<all state='ESTABLISHED,RELATED'
|
|
comment='out: existing and related (ftp) connections'/>
|
|
</rule>
|
|
|
|
<!-- VM incoming: allow all established connections -->
|
|
<rule action='accept' direction='in' priority='100'>
|
|
<all state='ESTABLISHED'
|
|
comment='in: existing connections'/>
|
|
</rule>
|
|
|
|
<!-- allow incoming ssh and ftp traffic -->
|
|
<rule action='accept' direction='in' priority='200'>
|
|
<tcp dstportstart='21' dstportend='22' state='NEW'
|
|
comment='in: ftp and ssh'/>
|
|
</rule>
|
|
|
|
<!-- allow incoming ICMP (ping) packets -->
|
|
<rule action='accept' direction='in' priority='300'>
|
|
<icmp state='NEW' comment='in: icmp'/>
|
|
</rule>
|
|
|
|
<!-- allow outgong DNS lookups -->
|
|
<rule action='accept' direction='out' priority='300'>
|
|
<udp dstportstart='53' state='NEW' comment='out: DNS lookups'/>
|
|
</rule>
|
|
|
|
<!-- drop all other traffic -->
|
|
<rule action='drop' direction='inout' priority='1000'>
|
|
<all comment='inout: drop all non-accepted traffic'/>
|
|
</rule>
|
|
|
|
</filter>
|