Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/tests/sys/netpfil/common/pass_block.sh
39507 views
1
#-

2
# SPDX-License-Identifier: BSD-2-Clause

3
#

4
# Copyright (c) 2019 Ahsan Barkati

5
#

6
# Redistribution and use in source and binary forms, with or without

7
# modification, are permitted provided that the following conditions

8
# are met:

9
# 1. Redistributions of source code must retain the above copyright

10
#    notice, this list of conditions and the following disclaimer.

11
# 2. Redistributions in binary form must reproduce the above copyright

12
#    notice, this list of conditions and the following disclaimer in the

13
#    documentation and/or other materials provided with the distribution.

14
#

15
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

16
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

17
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

18
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

19
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

20
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

21
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

22
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

23
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

24
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

25
# SUCH DAMAGE.

26
#

27
#

28


29
. $(atf_get_srcdir)/utils.subr

30
. $(atf_get_srcdir)/runner.subr

31


32
v4_head()

33
{

34
	atf_set require.user root

35
}

36


37
v4_body()

38
{   

39
	firewall=$1

40
	firewall_init $firewall

41
	

42
	epair=$(vnet_mkepair)

43
	ifconfig ${epair}a 192.0.2.1/24 up

44
	vnet_mkjail iron ${epair}b

45
	jexec iron ifconfig ${epair}b 192.0.2.2/24 up

46
	

47
	# Block All

48
	firewall_config "iron" ${firewall} \

49
		"pf" \

50
			"block in" \

51
		"ipfw" \

52
			"ipfw -q add 100 deny all from any to any" \

53
		"ipf" \

54
			"block in all"

55


56
	atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2

57
	

58
	# Pass All

59
	firewall_config "iron" ${firewall} \

60
		"pf" \

61
			"pass in" \

62
		"ipfw" \

63
			"ipfw -q add 100 allow all from any to any" \

64
		"ipf" \

65
			"pass in all"

66


67
	atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2

68
}

69


70
v4_cleanup()

71
{

72
	firewall=$1

73
	firewall_cleanup $firewall

74
}

75


76
v6_head()

77
{

78
	atf_set require.user root

79
}

80


81
v6_body()

82
{   

83
	firewall=$1

84
	firewall_init $firewall

85
	

86
	epair=$(vnet_mkepair)

87
	ifconfig ${epair}a inet6 fd7a:803f:cc4b::1/64 up no_dad

88


89
	vnet_mkjail iron ${epair}b

90
	jexec iron ifconfig ${epair}b inet6 fd7a:803f:cc4b::2/64 up no_dad

91
	

92
	# Block All

93
	firewall_config "iron" ${firewall} \

94
		"pf" \

95
			"block in" \

96
		"ipfw" \

97
			"ipfw -q add 100 deny all from any to any" \

98
		"ipf" \

99
			"block in all"

100


101
	atf_check -s exit:2 -o ignore ping -6 -c 1 -W 1 fd7a:803f:cc4b::2

102
	

103
	# Pass All

104
	firewall_config "iron" ${firewall} \

105
		"pf" \

106
			"pass in" \

107
		"ipfw" \

108
			"ipfw -q add 100 allow all from any to any" \

109
		"ipf" \

110
			"pass in all"

111


112
	atf_check -s exit:0 -o ignore ping -6 -c 1 -W 1 fd7a:803f:cc4b::2

113
}

114


115
v6_cleanup()

116
{

117
	firewall=$1

118
	firewall_cleanup $firewall

119
}

120


121
setup_tests "v4" \

122
				"pf" \

123
				"ipfw" \

124
				"ipf" \

125
			"v6" \

126
				"pf" \

127
				"ipfw" \

128
				"ipf"

129


130