Commit 6f1fe072 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

test: filter-log: zero limit

parent dde0cffd
......@@ -4,7 +4,8 @@
"mirror": { "mirror": [ "10.0.0.1", "10.0.0.2", "fc00::2" ] },
"nflog": { "mode": "nflog", "group": 1, "range": 128 },
"none": { "mode": "none" },
"ulog": { "mode": "ulog", "limit": { "interval": 5 } }
"ulog": { "mode": "ulog", "limit": { "interval": 5 } },
"zero": { "mode": "log", "limit": 0 }
},
"packet-log": [
{ "out": "_fw" },
......
......@@ -9,7 +9,9 @@ json = require('cjson')
res = {}
for _, log in ipairs{'', false, true, 'dual', 'mirror', 'none', 'ulog'} do
for _, log in ipairs{
'', false, true, 'dual', 'mirror', 'none', 'ulog', 'zero'
} do
for _, action in ipairs{false, 'drop', 'pass'} do
if log == '' then log = nil end
table.insert(res, {log=log, action=action or nil})
......
......@@ -7865,6 +7865,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......
......@@ -162,6 +162,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......
......@@ -143,6 +143,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......
......@@ -163,6 +163,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......
......@@ -59293,6 +59293,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......@@ -245,11 +245,48 @@ Filter 21 {"action":"pass","log":"ulog"}
inet/filter/OUTPUT -j logpass-3
inet/filter/logpass-3 -m limit --limit 12/minute -j ULOG
Filter 22 {"action":"pass","in":"_fw","log":"ulog"}
Filter 22 {"log":"zero"}
(filter-log)
inet/filter/FORWARD -j logaccept-4
inet/filter/INPUT -j logaccept-4
inet/filter/OUTPUT -j logaccept-4
inet/filter/logaccept-4 -m limit --limit 0/day -j LOG
inet/filter/logaccept-4 -j ACCEPT
inet6/filter/FORWARD -j logaccept-4
inet6/filter/INPUT -j logaccept-4
inet6/filter/OUTPUT -j logaccept-4
inet6/filter/logaccept-4 -m limit --limit 0/day -j LOG
inet6/filter/logaccept-4 -j ACCEPT
Filter 23 {"action":"drop","log":"zero"}
(filter-log)
inet/filter/FORWARD -j logdrop-5
inet/filter/INPUT -j logdrop-5
inet/filter/OUTPUT -j logdrop-5
inet/filter/logdrop-5 -m limit --limit 0/day -j LOG
inet/filter/logdrop-5 -j DROP
inet6/filter/FORWARD -j logdrop-5
inet6/filter/INPUT -j logdrop-5
inet6/filter/OUTPUT -j logdrop-5
inet6/filter/logdrop-5 -m limit --limit 0/day -j LOG
inet6/filter/logdrop-5 -j DROP
Filter 24 {"action":"pass","log":"zero"}
(filter-log)
inet/filter/FORWARD -j logpass-4
inet/filter/INPUT -j logpass-4
inet/filter/OUTPUT -j logpass-4
inet/filter/logpass-4 -m limit --limit 0/day -j LOG
inet6/filter/FORWARD -j logpass-4
inet6/filter/INPUT -j logpass-4
inet6/filter/OUTPUT -j logpass-4
inet6/filter/logpass-4 -m limit --limit 0/day -j LOG
Filter 25 {"action":"pass","in":"_fw","log":"ulog"}
(log)
inet/filter/OUTPUT -m limit --limit 12/minute -j ULOG
Filter 23 {"in":["_fw","A"]}
Filter 26 {"in":["_fw","A"]}
(zone)
inet/filter/FORWARD -i eth0 -j ACCEPT
inet/filter/INPUT -i eth0 -j ACCEPT
......@@ -258,12 +295,12 @@ Filter 23 {"in":["_fw","A"]}
inet6/filter/INPUT -i eth0 -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 24 {"in":"B","out":"C"}
Filter 27 {"in":"B","out":"C"}
(zone)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
Filter 25 {"out":["_fw","B"]}
Filter 28 {"out":["_fw","B"]}
(zone)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j ACCEPT
inet/filter/INPUT -j ACCEPT
......@@ -272,7 +309,7 @@ Filter 25 {"out":["_fw","B"]}
inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
Filter 26 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]}
Filter 29 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]}
(zone)
inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth2 -d 10.1.0.0/12 -j ACCEPT
......@@ -376,6 +413,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......@@ -685,15 +725,18 @@ hash:net family inet
:logaccept-1 - [0:0]
:logaccept-2 - [0:0]
:logaccept-3 - [0:0]
:logaccept-4 - [0:0]
:logdrop-0 - [0:0]
:logdrop-1 - [0:0]
:logdrop-2 - [0:0]
:logdrop-3 - [0:0]
:logdrop-4 - [0:0]
:logdrop-5 - [0:0]
:logpass-0 - [0:0]
:logpass-1 - [0:0]
:logpass-2 - [0:0]
:logpass-3 - [0:0]
:logpass-4 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
......@@ -716,6 +759,9 @@ hash:net family inet
-A FORWARD -j logaccept-3
-A FORWARD -j logdrop-4
-A FORWARD -j logpass-3
-A FORWARD -j logaccept-4
-A FORWARD -j logdrop-5
-A FORWARD -j logpass-4
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
......@@ -794,6 +840,9 @@ hash:net family inet
-A INPUT -j logaccept-3
-A INPUT -j logdrop-4
-A INPUT -j logpass-3
-A INPUT -j logaccept-4
-A INPUT -j logdrop-5
-A INPUT -j logpass-4
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmp -j icmp-routing
......@@ -820,6 +869,9 @@ hash:net family inet
-A OUTPUT -j logaccept-3
-A OUTPUT -j logdrop-4
-A OUTPUT -j logpass-3
-A OUTPUT -j logaccept-4
-A OUTPUT -j logdrop-5
-A OUTPUT -j logpass-4
-A OUTPUT -m limit --limit 12/minute -j ULOG
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT
......@@ -836,6 +888,8 @@ hash:net family inet
-A logaccept-2 -j ACCEPT
-A logaccept-3 -m limit --limit 12/minute -j ULOG
-A logaccept-3 -j ACCEPT
-A logaccept-4 -m limit --limit 0/day -j LOG
-A logaccept-4 -j ACCEPT
-A logdrop-0 -m limit --limit 1/second -j LOG
-A logdrop-0 -j DROP
-A logdrop-1 -m limit --limit 1/second -j LOG
......@@ -847,11 +901,14 @@ hash:net family inet
-A logdrop-3 -j DROP
-A logdrop-4 -m limit --limit 12/minute -j ULOG
-A logdrop-4 -j DROP
-A logdrop-5 -m limit --limit 0/day -j LOG
-A logdrop-5 -j DROP
-A logpass-0 -m limit --limit 1/second -j LOG
-A logpass-1 -j LOG
-A logpass-2 -j TEE --gateway 10.0.0.1
-A logpass-2 -j TEE --gateway 10.0.0.2
-A logpass-3 -m limit --limit 12/minute -j ULOG
-A logpass-4 -m limit --limit 0/day -j LOG
COMMIT
*mangle
:FORWARD ACCEPT [0:0]
......@@ -900,14 +957,17 @@ COMMIT
:logaccept-1 - [0:0]
:logaccept-2 - [0:0]
:logaccept-3 - [0:0]
:logaccept-4 - [0:0]
:logdrop-0 - [0:0]
:logdrop-1 - [0:0]
:logdrop-2 - [0:0]
:logdrop-3 - [0:0]
:logdrop-4 - [0:0]
:logdrop-5 - [0:0]
:logpass-0 - [0:0]
:logpass-1 - [0:0]
:logpass-2 - [0:0]
:logpass-4 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
......@@ -929,6 +989,9 @@ COMMIT
-A FORWARD
-A FORWARD -j logaccept-3
-A FORWARD -j logdrop-4
-A FORWARD -j logaccept-4
-A FORWARD -j logdrop-5
-A FORWARD -j logpass-4
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
......@@ -980,6 +1043,9 @@ COMMIT
-A INPUT
-A INPUT -j logaccept-3
-A INPUT -j logdrop-4
-A INPUT -j logaccept-4
-A INPUT -j logdrop-5
-A INPUT -j logpass-4
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
......@@ -1005,6 +1071,9 @@ COMMIT
-A OUTPUT
-A OUTPUT -j logaccept-3
-A OUTPUT -j logdrop-4
-A OUTPUT -j logaccept-4
-A OUTPUT -j logdrop-5
-A OUTPUT -j logpass-4
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
-A OUTPUT -p icmpv6 -j ACCEPT
......@@ -1020,6 +1089,8 @@ COMMIT
-A logaccept-2 -j TEE --gateway fc00::2
-A logaccept-2 -j ACCEPT
-A logaccept-3 -j ACCEPT
-A logaccept-4 -m limit --limit 0/day -j LOG
-A logaccept-4 -j ACCEPT
-A logdrop-0 -m limit --limit 1/second -j LOG
-A logdrop-0 -j DROP
-A logdrop-1 -m limit --limit 1/second -j LOG
......@@ -1030,10 +1101,13 @@ COMMIT
-A logdrop-3 -j TEE --gateway fc00::2
-A logdrop-3 -j DROP
-A logdrop-4 -j DROP
-A logdrop-5 -m limit --limit 0/day -j LOG
-A logdrop-5 -j DROP
-A logpass-0 -m limit --limit 1/second -j LOG
-A logpass-1 -j LOG
-A logpass-1 -j TEE --gateway fc00::1
-A logpass-2 -j TEE --gateway fc00::2
-A logpass-4 -m limit --limit 0/day -j LOG
COMMIT
*mangle
:INPUT ACCEPT [0:0]
......
......@@ -8,15 +8,18 @@
:logaccept-1 - [0:0]
:logaccept-2 - [0:0]
:logaccept-3 - [0:0]
:logaccept-4 - [0:0]
:logdrop-0 - [0:0]
:logdrop-1 - [0:0]
:logdrop-2 - [0:0]
:logdrop-3 - [0:0]
:logdrop-4 - [0:0]
:logdrop-5 - [0:0]
:logpass-0 - [0:0]
:logpass-1 - [0:0]
:logpass-2 - [0:0]
:logpass-3 - [0:0]
:logpass-4 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
......@@ -39,6 +42,9 @@
-A FORWARD -j logaccept-3
-A FORWARD -j logdrop-4
-A FORWARD -j logpass-3
-A FORWARD -j logaccept-4
-A FORWARD -j logdrop-5
-A FORWARD -j logpass-4
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
......@@ -117,6 +123,9 @@
-A INPUT -j logaccept-3
-A INPUT -j logdrop-4
-A INPUT -j logpass-3
-A INPUT -j logaccept-4
-A INPUT -j logdrop-5
-A INPUT -j logpass-4
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmp -j icmp-routing
......@@ -143,6 +152,9 @@
-A OUTPUT -j logaccept-3
-A OUTPUT -j logdrop-4
-A OUTPUT -j logpass-3
-A OUTPUT -j logaccept-4
-A OUTPUT -j logdrop-5
-A OUTPUT -j logpass-4
-A OUTPUT -m limit --limit 12/minute -j ULOG
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT
......@@ -159,6 +171,8 @@
-A logaccept-2 -j ACCEPT
-A logaccept-3 -m limit --limit 12/minute -j ULOG
-A logaccept-3 -j ACCEPT
-A logaccept-4 -m limit --limit 0/day -j LOG
-A logaccept-4 -j ACCEPT
-A logdrop-0 -m limit --limit 1/second -j LOG
-A logdrop-0 -j DROP
-A logdrop-1 -m limit --limit 1/second -j LOG
......@@ -170,11 +184,14 @@
-A logdrop-3 -j DROP
-A logdrop-4 -m limit --limit 12/minute -j ULOG
-A logdrop-4 -j DROP
-A logdrop-5 -m limit --limit 0/day -j LOG
-A logdrop-5 -j DROP
-A logpass-0 -m limit --limit 1/second -j LOG
-A logpass-1 -j LOG
-A logpass-2 -j TEE --gateway 10.0.0.1
-A logpass-2 -j TEE --gateway 10.0.0.2
-A logpass-3 -m limit --limit 12/minute -j ULOG
-A logpass-4 -m limit --limit 0/day -j LOG
COMMIT
*mangle
:FORWARD ACCEPT [0:0]
......
......@@ -8,14 +8,17 @@
:logaccept-1 - [0:0]
:logaccept-2 - [0:0]
:logaccept-3 - [0:0]
:logaccept-4 - [0:0]
:logdrop-0 - [0:0]
:logdrop-1 - [0:0]
:logdrop-2 - [0:0]
:logdrop-3 - [0:0]
:logdrop-4 - [0:0]
:logdrop-5 - [0:0]
:logpass-0 - [0:0]
:logpass-1 - [0:0]
:logpass-2 - [0:0]
:logpass-4 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
......@@ -37,6 +40,9 @@
-A FORWARD
-A FORWARD -j logaccept-3
-A FORWARD -j logdrop-4
-A FORWARD -j logaccept-4
-A FORWARD -j logdrop-5
-A FORWARD -j logpass-4
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
......@@ -88,6 +94,9 @@
-A INPUT
-A INPUT -j logaccept-3
-A INPUT -j logdrop-4
-A INPUT -j logaccept-4
-A INPUT -j logdrop-5
-A INPUT -j logpass-4
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
......@@ -113,6 +122,9 @@
-A OUTPUT
-A OUTPUT -j logaccept-3
-A OUTPUT -j logdrop-4
-A OUTPUT -j logaccept-4
-A OUTPUT -j logdrop-5
-A OUTPUT -j logpass-4
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
-A OUTPUT -p icmpv6 -j ACCEPT
......@@ -128,6 +140,8 @@
-A logaccept-2 -j TEE --gateway fc00::2
-A logaccept-2 -j ACCEPT
-A logaccept-3 -j ACCEPT
-A logaccept-4 -m limit --limit 0/day -j LOG
-A logaccept-4 -j ACCEPT
-A logdrop-0 -m limit --limit 1/second -j LOG
-A logdrop-0 -j DROP
-A logdrop-1 -m limit --limit 1/second -j LOG
......@@ -138,10 +152,13 @@
-A logdrop-3 -j TEE --gateway fc00::2
-A logdrop-3 -j DROP
-A logdrop-4 -j DROP
-A logdrop-5 -m limit --limit 0/day -j LOG
-A logdrop-5 -j DROP
-A logpass-0 -m limit --limit 1/second -j LOG
-A logpass-1 -j LOG
-A logpass-1 -j TEE --gateway fc00::1
-A logpass-2 -j TEE --gateway fc00::2
-A logpass-4 -m limit --limit 0/day -j LOG
COMMIT
*mangle
:INPUT ACCEPT [0:0]
......
......@@ -213,6 +213,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......
......@@ -160,6 +160,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......
......@@ -289,6 +289,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......
......@@ -209,6 +209,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......
......@@ -143,6 +143,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......
......@@ -143,6 +143,9 @@ Log none {"mode":"none"}
Log ulog {"limit":{"interval":5},"mode":"ulog"}
(log)
Log zero {"limit":0,"mode":"log"}
(log)
Mark 1 {"in":["_fw","A"],"mark":1}
(zone)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment