Skip to content

awall
awall
Commit 8341a2f6 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen
Browse files
Options

test: no-track

parent 1d22026c
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 195 additions and 4 deletions
test/mandatory/no-track.json 0 → 100644
View file @ 8341a2f6
{
"filter": [
{ "in": "_fw", "service": "http", "no-track": true },
{
"src": "172.16.0.0/16",
"dest": "172.17.0.0/16",
"service": "radius",
"no-track": true
},
{
"dest": "172.18.0.0/16",
"service": "ssh",
"no-track": true
},
{ "out": "_fw", "service": "ipsec", "no-track": true }
]
}
test/output/dump
View file @ 8341a2f6
This diff is collapsed.
test/output/rules-save
View file @ 8341a2f6
......@@ -190,6 +190,12 @@
-A FORWARD -j ACCEPT
-A FORWARD -j DROP
-A FORWARD
-A FORWARD -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A FORWARD -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A FORWARD -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
-A FORWARD -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
-A FORWARD -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT
-A FORWARD -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
......@@ -338,6 +344,15 @@
-A INPUT -j ACCEPT
-A INPUT -j DROP
-A INPUT
-A INPUT -p tcp --sport 80 -j ACCEPT
-A INPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
-A INPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
-A INPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT
-A INPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmp -j icmp-routing
......@@ -439,6 +454,15 @@
-A OUTPUT -j ACCEPT
-A OUTPUT -j DROP
-A OUTPUT
-A OUTPUT -p tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
-A OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
-A OUTPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT
-A OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT
-A OUTPUT -p esp -j ACCEPT
-A OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT
-A OUTPUT -p icmp -j icmp-routing
......@@ -665,8 +689,26 @@ COMMIT
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
-A OUTPUT -j CT --notrack
-A OUTPUT -p tcp --dport 80 -j CT --notrack
-A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack
-A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack
-A OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack
-A OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack
-A OUTPUT -p tcp --dport 22 -d 172.18.0.0/16 -j CT --notrack
-A OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j CT --notrack
-A OUTPUT -p esp -j CT --notrack
-A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack
-A OUTPUT -j CT --notrack
-A PREROUTING -j CT --notrack
-A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack
-A PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack
-A PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack
-A PREROUTING -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack
-A PREROUTING -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack
-A PREROUTING -p tcp --dport 22 -d 172.18.0.0/16 -j CT --notrack
-A PREROUTING -p tcp --sport 22 -s 172.18.0.0/16 -j CT --notrack
-A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack
-A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack
-A PREROUTING -i eth0 -j CT --notrack
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j CT --notrack
-A PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
......
test/output/rules6-save
View file @ 8341a2f6
......@@ -314,6 +314,9 @@
-A INPUT -j ACCEPT
-A INPUT -j DROP
-A INPUT
-A INPUT -p tcp --sport 80 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
......@@ -415,6 +418,9 @@
-A OUTPUT -j ACCEPT
-A OUTPUT -j DROP
-A OUTPUT
-A OUTPUT -p tcp --dport 80 -j ACCEPT
-A OUTPUT -p esp -j ACCEPT
-A OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
-A OUTPUT -p icmpv6 -j ACCEPT
......@@ -625,8 +631,14 @@ COMMIT
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
-A OUTPUT -j CT --notrack
-A OUTPUT -p tcp --dport 80 -j CT --notrack
-A OUTPUT -p esp -j CT --notrack
-A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack
-A OUTPUT -j CT --notrack
-A PREROUTING -j CT --notrack
-A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack
-A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack
-A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack
-A PREROUTING -i eth0 -j CT --notrack
-A PREROUTING -i eth1 -s fc00::/7 -j CT --notrack
-A PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment