github.com/adityamillind98/moby@v23.0.0-rc.4+incompatible/libnetwork/iptables/firewalld_test.go (about)

     1  //go:build linux
     2  // +build linux
     3  
     4  package iptables
     5  
     6  import (
     7  	"net"
     8  	"strconv"
     9  	"testing"
    10  )
    11  
    12  func TestFirewalldInit(t *testing.T) {
    13  	if !checkRunning() {
    14  		t.Skip("firewalld is not running")
    15  	}
    16  	if err := FirewalldInit(); err != nil {
    17  		t.Fatal(err)
    18  	}
    19  }
    20  
    21  func TestReloaded(t *testing.T) {
    22  	var err error
    23  	var fwdChain *ChainInfo
    24  
    25  	iptable := GetIptable(IPv4)
    26  	fwdChain, err = iptable.NewChain("FWD", Filter, false)
    27  	if err != nil {
    28  		t.Fatal(err)
    29  	}
    30  	bridgeName := "lo"
    31  
    32  	err = iptable.ProgramChain(fwdChain, bridgeName, false, true)
    33  	if err != nil {
    34  		t.Fatal(err)
    35  	}
    36  	defer fwdChain.Remove()
    37  
    38  	// copy-pasted from iptables_test:TestLink
    39  	ip1 := net.ParseIP("192.168.1.1")
    40  	ip2 := net.ParseIP("192.168.1.2")
    41  	port := 1234
    42  	proto := "tcp"
    43  
    44  	err = fwdChain.Link(Append, ip1, ip2, port, proto, bridgeName)
    45  	if err != nil {
    46  		t.Fatal(err)
    47  	} else {
    48  		// to be re-called again later
    49  		OnReloaded(func() { fwdChain.Link(Append, ip1, ip2, port, proto, bridgeName) })
    50  	}
    51  
    52  	rule1 := []string{
    53  		"-i", bridgeName,
    54  		"-o", bridgeName,
    55  		"-p", proto,
    56  		"-s", ip1.String(),
    57  		"-d", ip2.String(),
    58  		"--dport", strconv.Itoa(port),
    59  		"-j", "ACCEPT"}
    60  
    61  	if !iptable.Exists(fwdChain.Table, fwdChain.Name, rule1...) {
    62  		t.Fatal("rule1 does not exist")
    63  	}
    64  
    65  	// flush all rules
    66  	fwdChain.Remove()
    67  
    68  	reloaded()
    69  
    70  	// make sure the rules have been recreated
    71  	if !iptable.Exists(fwdChain.Table, fwdChain.Name, rule1...) {
    72  		t.Fatal("rule1 hasn't been recreated")
    73  	}
    74  }
    75  
    76  func TestPassthrough(t *testing.T) {
    77  	rule1 := []string{
    78  		"-i", "lo",
    79  		"-p", "udp",
    80  		"--dport", "123",
    81  		"-j", "ACCEPT"}
    82  
    83  	iptable := GetIptable(IPv4)
    84  	if firewalldRunning {
    85  		_, err := Passthrough(Iptables, append([]string{"-A"}, rule1...)...)
    86  		if err != nil {
    87  			t.Fatal(err)
    88  		}
    89  		if !iptable.Exists(Filter, "INPUT", rule1...) {
    90  			t.Fatal("rule1 does not exist")
    91  		}
    92  	}
    93  }