diff options
Diffstat (limited to 'test/network/net_netfilter.exp')
-rwxr-xr-x | test/network/net_netfilter.exp | 77 |
1 files changed, 7 insertions, 70 deletions
diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp index 97170a1b9..56480251e 100755 --- a/test/network/net_netfilter.exp +++ b/test/network/net_netfilter.exp | |||
@@ -8,83 +8,20 @@ spawn $env(SHELL) | |||
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
10 | # check default netfilter on br0 | 10 | # check default netfilter on br0 |
11 | send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter\r" | 11 | send -- "firejail --name=test --net=br0 --netfilter\r" |
12 | expect { | 12 | expect { |
13 | timeout {puts "TESTING ERROR 0\n";exit} | 13 | timeout {puts "TESTING ERROR 0\n";exit} |
14 | "Installing firewall" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "Chain INPUT (policy DROP" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "ACCEPT all -- any any anywhere" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "ACCEPT icmp -- any any anywhere" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 4\n";exit} | ||
30 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 14 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
31 | } | 15 | } |
32 | sleep 1 | 16 | sleep 2 |
33 | send -- "exit\r" | 17 | spawn $env(SHELL) |
34 | sleep 1 | ||
35 | 18 | ||
36 | # check default netfilter no new network | 19 | # check default netfilter no new network |
37 | send -- "firejail --debug --noprofile --netfilter\r" | 20 | send -- "firejail --netfilter.print=test\r" |
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 5\n";exit} | ||
40 | "Installing network filter" {puts "TESTING ERROR 5.1\n";exit} | ||
41 | "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit} | ||
42 | "ACCEPT all -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} | ||
43 | "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} | ||
44 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
45 | } | ||
46 | sleep 1 | ||
47 | send -- "exit\r" | ||
48 | sleep 1 | ||
49 | |||
50 | # check file filter netfilter on br0 | ||
51 | send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 6\n";exit} | ||
54 | "Installing firewall" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
58 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
59 | } | ||
60 | sleep 1 | ||
61 | send -- "ping -c 1 -w 3 10.10.20.1\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
64 | "0 received, 100% packet loss" | ||
65 | } | ||
66 | |||
67 | send -- "exit\r" | ||
68 | sleep 1 | ||
69 | |||
70 | # check profile netfilter on br0 | ||
71 | send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r" | ||
72 | expect { | 21 | expect { |
73 | timeout {puts "TESTING ERROR 7\n";exit} | 22 | timeout {puts "TESTING ERROR 1\n";exit} |
74 | "Installing firewall" | 23 | "ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED" |
75 | } | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
78 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
79 | } | ||
80 | sleep 2 | ||
81 | send -- "ping -c 1 -w 3 10.10.20.1\r" | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 7.2\n";exit} | ||
84 | "0 received, 100% packet loss" | ||
85 | } | 24 | } |
86 | 25 | ||
87 | send -- "exit\r" | 26 | after 500 |
88 | after 100 | ||
89 | |||
90 | puts "all done\n" | 27 | puts "all done\n" |