diff options
Diffstat (limited to 'test/net_netfilter.exp')
-rwxr-xr-x | test/net_netfilter.exp | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/test/net_netfilter.exp b/test/net_netfilter.exp new file mode 100755 index 000000000..8583d4625 --- /dev/null +++ b/test/net_netfilter.exp | |||
@@ -0,0 +1,88 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check default netfilter on br0 | ||
8 | send -- "firejail --debug --net=br0 --ip=10.10.20.5 --netfilter\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Installing network filter" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
15 | "Chain INPUT (policy DROP" | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 2\n";exit} | ||
19 | "ACCEPT all -- any any anywhere" | ||
20 | } | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 3\n";exit} | ||
23 | "ACCEPT icmp -- any any anywhere" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 4\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | sleep 2 | ||
30 | send -- "exit\r" | ||
31 | sleep 1 | ||
32 | |||
33 | # check default netfilter no new network | ||
34 | send -- "firejail --debug --netfilter\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 5\n";exit} | ||
37 | "Installing network filter" {puts "TESTING ERROR 5.1\n";exit} | ||
38 | "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit} | ||
39 | "ACCEPT all -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} | ||
40 | "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | sleep 2 | ||
44 | send -- "exit\r" | ||
45 | sleep 1 | ||
46 | |||
47 | # check file filter netfilter on br0 | ||
48 | send -- "firejail --debug --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 6\n";exit} | ||
51 | "Installing network filter" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
55 | "Child process initialized" | ||
56 | } | ||
57 | sleep 2 | ||
58 | send -- "ping -c 1 -w 3 10.10.20.1\r" | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
61 | "0 received, 100% packet loss" | ||
62 | } | ||
63 | |||
64 | send -- "exit\r" | ||
65 | sleep 1 | ||
66 | |||
67 | # check profile netfilter on br0 | ||
68 | send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r" | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 7\n";exit} | ||
71 | "Installing network filter" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
75 | "Child process initialized" | ||
76 | } | ||
77 | sleep 2 | ||
78 | send -- "ping -c 1 -w 3 10.10.20.1\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 7.2\n";exit} | ||
81 | "0 received, 100% packet loss" | ||
82 | } | ||
83 | |||
84 | send -- "exit\r" | ||
85 | sleep 1 | ||
86 | |||
87 | puts "\n" | ||
88 | |||