diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-05-03 08:41:24 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-05-03 08:41:24 -0400 |
| commit | 57bea6c8c4d1bd666ce57057b1cbb681b3cc4afc (patch) | |
| tree | 60f90718665a1a812b552f589bc4d85616232df1 /test/network/net_netfilter.exp | |
| parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
| download | firejail-57bea6c8c4d1bd666ce57057b1cbb681b3cc4afc.tar.gz firejail-57bea6c8c4d1bd666ce57057b1cbb681b3cc4afc.tar.zst firejail-57bea6c8c4d1bd666ce57057b1cbb681b3cc4afc.zip | |
networking features testing
Diffstat (limited to 'test/network/net_netfilter.exp')
| -rwxr-xr-x | test/network/net_netfilter.exp | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp new file mode 100755 index 000000000..989fcc407 --- /dev/null +++ b/test/network/net_netfilter.exp | |||
| @@ -0,0 +1,88 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | |||
| 3 | set timeout 10 | ||
| 4 | spawn $env(SHELL) | ||
| 5 | match_max 100000 | ||
| 6 | |||
| 7 | # check default netfilter on br0 | ||
| 8 | send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter\r" | ||
| 9 | expect { | ||
| 10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 11 | "Installing network filter" | ||
| 12 | } | ||
| 13 | expect { | ||
| 14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 15 | "Chain INPUT (policy DROP" | ||
| 16 | } | ||
| 17 | expect { | ||
| 18 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 19 | "ACCEPT all -- any any anywhere" | ||
| 20 | } | ||
| 21 | expect { | ||
| 22 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 23 | "ACCEPT icmp -- any any anywhere" | ||
| 24 | } | ||
| 25 | expect { | ||
| 26 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 27 | "Child process initialized" | ||
| 28 | } | ||
| 29 | sleep 2 | ||
| 30 | send -- "exit\r" | ||
| 31 | sleep 1 | ||
| 32 | |||
| 33 | # check default netfilter no new network | ||
| 34 | send -- "firejail --debug --noprofile --netfilter\r" | ||
| 35 | expect { | ||
| 36 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 37 | "Installing network filter" {puts "TESTING ERROR 5.1\n";exit} | ||
| 38 | "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit} | ||
| 39 | "ACCEPT all -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} | ||
| 40 | "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} | ||
| 41 | "Child process initialized" | ||
| 42 | } | ||
| 43 | sleep 2 | ||
| 44 | send -- "exit\r" | ||
| 45 | sleep 1 | ||
| 46 | |||
| 47 | # check file filter netfilter on br0 | ||
| 48 | send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r" | ||
| 49 | expect { | ||
| 50 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 51 | "Installing network filter" | ||
| 52 | } | ||
| 53 | expect { | ||
| 54 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
| 55 | "Child process initialized" | ||
| 56 | } | ||
| 57 | sleep 2 | ||
| 58 | send -- "ping -c 1 -w 3 10.10.20.1\r" | ||
| 59 | expect { | ||
| 60 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
| 61 | "0 received, 100% packet loss" | ||
| 62 | } | ||
| 63 | |||
| 64 | send -- "exit\r" | ||
| 65 | sleep 1 | ||
| 66 | |||
| 67 | # check profile netfilter on br0 | ||
| 68 | send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r" | ||
| 69 | expect { | ||
| 70 | timeout {puts "TESTING ERROR 7\n";exit} | ||
| 71 | "Installing network filter" | ||
| 72 | } | ||
| 73 | expect { | ||
| 74 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
| 75 | "Child process initialized" | ||
| 76 | } | ||
| 77 | sleep 2 | ||
| 78 | send -- "ping -c 1 -w 3 10.10.20.1\r" | ||
| 79 | expect { | ||
| 80 | timeout {puts "TESTING ERROR 7.2\n";exit} | ||
| 81 | "0 received, 100% packet loss" | ||
| 82 | } | ||
| 83 | |||
| 84 | send -- "exit\r" | ||
| 85 | after 100 | ||
| 86 | |||
| 87 | puts "all done\n" | ||
| 88 | |||