1 files changed, 91 insertions, 0 deletions
diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp
new file mode 100755
index 000000000..737485d07
--- /dev/null
+++ b/test/network/net_netfilter.exp
@@ -0,0 +1,91 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+# check default netfilter on br0
+send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Installing network filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Chain INPUT (policy DROP"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "ACCEPT     all  --  any    any     anywhere"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "ACCEPT     icmp --  any    any     anywhere"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+# check default netfilter no new network
+send -- "firejail --debug --noprofile --netfilter\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Installing network filter" {puts "TESTING ERROR 5.1\n";exit}
+        "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit}
+        "ACCEPT     all  --  any    any     anywhere" {puts "TESTING ERROR 5.1\n";exit}
+        "ACCEPT     icmp --  any    any     anywhere" {puts "TESTING ERROR 5.1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+# check file filter netfilter on br0
+send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Installing network filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ping -c 1 -w 3 10.10.20.1\r"
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0 received, 100% packet loss"
+}
+send -- "exit\r"
+sleep 1
+# check profile netfilter on br0
+send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "Installing network filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 7.1\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "ping -c 1 -w 3 10.10.20.1\r"
+expect {
+        timeout {puts "TESTING ERROR 7.2\n";exit}
+        "0 received, 100% packet loss"
+}
+send -- "exit\r"
+after 100
+puts "all done\n"

diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp new file mode 100755 index 000000000..737485d07 --- /dev/null +++ b/test/network/net_netfilter.exp
@@ -0,0 +1,91 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2016 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	# check default netfilter on br0
	11	send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter\r"
	12	expect {
	13	timeout {puts "TESTING ERROR 0\n";exit}
	14	"Installing network filter"
	15	}
	16	expect {
	17	timeout {puts "TESTING ERROR 1\n";exit}
	18	"Chain INPUT (policy DROP"
	19	}
	20	expect {
	21	timeout {puts "TESTING ERROR 2\n";exit}
	22	"ACCEPT all -- any any anywhere"
	23	}
	24	expect {
	25	timeout {puts "TESTING ERROR 3\n";exit}
	26	"ACCEPT icmp -- any any anywhere"
	27	}
	28	expect {
	29	timeout {puts "TESTING ERROR 4\n";exit}
	30	"Child process initialized"
	31	}
	32	sleep 1
	33	send -- "exit\r"
	34	sleep 1
	35
	36	# check default netfilter no new network
	37	send -- "firejail --debug --noprofile --netfilter\r"
	38	expect {
	39	timeout {puts "TESTING ERROR 5\n";exit}
	40	"Installing network filter" {puts "TESTING ERROR 5.1\n";exit}
	41	"Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit}
	42	"ACCEPT all -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit}
	43	"ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit}
	44	"Child process initialized"
	45	}
	46	sleep 1
	47	send -- "exit\r"
	48	sleep 1
	49
	50	# check file filter netfilter on br0
	51	send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r"
	52	expect {
	53	timeout {puts "TESTING ERROR 6\n";exit}
	54	"Installing network filter"
	55	}
	56	expect {
	57	timeout {puts "TESTING ERROR 6.1\n";exit}
	58	"Child process initialized"
	59	}
	60	sleep 1
	61	send -- "ping -c 1 -w 3 10.10.20.1\r"
	62	expect {
	63	timeout {puts "TESTING ERROR 6.2\n";exit}
	64	"0 received, 100% packet loss"
	65	}
	66
	67	send -- "exit\r"
	68	sleep 1
	69
	70	# check profile netfilter on br0
	71	send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r"
	72	expect {
	73	timeout {puts "TESTING ERROR 7\n";exit}
	74	"Installing network filter"
	75	}
	76	expect {
	77	timeout {puts "TESTING ERROR 7.1\n";exit}
	78	"Child process initialized"
	79	}
	80	sleep 2
	81	send -- "ping -c 1 -w 3 10.10.20.1\r"
	82	expect {
	83	timeout {puts "TESTING ERROR 7.2\n";exit}
	84	"0 received, 100% packet loss"
	85	}
	86
	87	send -- "exit\r"
	88	after 100
	89
	90	puts "all done\n"
	91