github.com/jfrazelle/docker@v1.1.2-0.20210712172922-bf78e25fe508/libnetwork/iptables/firewalld_test.go

github.com/jfrazelle/docker@v1.1.2-0.20210712172922-bf78e25fe508/libnetwork/iptables/firewalld_test.go (about)

     1  // +build linux
     2  
     3  package iptables
     4  
     5  import (
     6  	"net"
     7  	"strconv"
     8  	"testing"
     9  )
    10  
    11  func TestFirewalldInit(t *testing.T) {
    12  	if !checkRunning() {
    13  		t.Skip("firewalld is not running")
    14  	}
    15  	if err := FirewalldInit(); err != nil {
    16  		t.Fatal(err)
    17  	}
    18  }
    19  
    20  func TestReloaded(t *testing.T) {
    21  	var err error
    22  	var fwdChain *ChainInfo
    23  
    24  	iptable := GetIptable(IPv4)
    25  	fwdChain, err = iptable.NewChain("FWD", Filter, false)
    26  	if err != nil {
    27  		t.Fatal(err)
    28  	}
    29  	bridgeName := "lo"
    30  
    31  	err = iptable.ProgramChain(fwdChain, bridgeName, false, true)
    32  	if err != nil {
    33  		t.Fatal(err)
    34  	}
    35  	defer fwdChain.Remove()
    36  
    37  	// copy-pasted from iptables_test:TestLink
    38  	ip1 := net.ParseIP("192.168.1.1")
    39  	ip2 := net.ParseIP("192.168.1.2")
    40  	port := 1234
    41  	proto := "tcp"
    42  
    43  	err = fwdChain.Link(Append, ip1, ip2, port, proto, bridgeName)
    44  	if err != nil {
    45  		t.Fatal(err)
    46  	} else {
    47  		// to be re-called again later
    48  		OnReloaded(func() { fwdChain.Link(Append, ip1, ip2, port, proto, bridgeName) })
    49  	}
    50  
    51  	rule1 := []string{
    52  		"-i", bridgeName,
    53  		"-o", bridgeName,
    54  		"-p", proto,
    55  		"-s", ip1.String(),
    56  		"-d", ip2.String(),
    57  		"--dport", strconv.Itoa(port),
    58  		"-j", "ACCEPT"}
    59  
    60  	if !iptable.Exists(fwdChain.Table, fwdChain.Name, rule1...) {
    61  		t.Fatal("rule1 does not exist")
    62  	}
    63  
    64  	// flush all rules
    65  	fwdChain.Remove()
    66  
    67  	reloaded()
    68  
    69  	// make sure the rules have been recreated
    70  	if !iptable.Exists(fwdChain.Table, fwdChain.Name, rule1...) {
    71  		t.Fatal("rule1 hasn't been recreated")
    72  	}
    73  }
    74  
    75  func TestPassthrough(t *testing.T) {
    76  	rule1 := []string{
    77  		"-i", "lo",
    78  		"-p", "udp",
    79  		"--dport", "123",
    80  		"-j", "ACCEPT"}
    81  
    82  	iptable := GetIptable(IPv4)
    83  	if firewalldRunning {
    84  		_, err := Passthrough(Iptables, append([]string{"-A"}, rule1...)...)
    85  		if err != nil {
    86  			t.Fatal(err)
    87  		}
    88  		if !iptable.Exists(Filter, "INPUT", rule1...) {
    89  			t.Fatal("rule1 does not exist")
    90  		}
    91  	}
    92  
    93  }