minor tweak for the test - added "catch all" rule in ipv6 branch to make sure it compiles for ipv6

2026-05-01 22:57:33 +02:00 · 2011-05-15 12:04:24 -07:00 · 2011-05-15 12:04:24 -07:00 · d2e74f445d
commit d2e74f445d
parent 7739ebbcd2
2 changed files with 57 additions and 5 deletions
--- a/test/ipt/firewall-ipv6-8.fw.orig
+++ b/test/ipt/firewall-ipv6-8.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_ipt v4.3.0.3542
 #
-#  Generated Sat May 14 15:41:56 2011 PDT by vadim
+#  Generated Sun May 15 12:01:42 2011 PDT by vadim
 #
 # files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw
 #
@ -320,6 +320,31 @@ configure_interfaces() {
 }

 script_body() {
+    # ================ IPv4
+
+
+
+    (
+
+    echo '*filter'
+
+    # ================ Table 'filter', rule set Policy_OSPF
+    # 
+    # Rule  Policy_OSPF 2 (global)
+    echo ":Policy_OSPF - [0:0]"
+    echo "-A Policy_OSPF  -j DROP "
+    #
+    echo COMMIT
+
+
+
+
+    ) | $IPTABLES_RESTORE; IPTABLES_RESTORE_RES=$?
+    test $IPTABLES_RESTORE_RES != 0 && run_epilog_and_exit $IPTABLES_RESTORE_RES
+
+
+
+
    # ================ IPv6


@ -363,6 +388,9 @@ script_body() {
    # Rule  Policy_OSPF 1 (global)
    echo "-A Policy_OSPF  -s fe80::/10   -d ff00::/8   -j ACCEPT "
    echo "-A Policy_OSPF  -s fe80::/10   -d fe80::/10   -j ACCEPT "
+    # 
+    # Rule  Policy_OSPF 2 (global)
+    echo "-A Policy_OSPF  -j DROP "
    #
    # ================ Table 'filter', rule set Policy_v6
    # 
@ -461,7 +489,8 @@ echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

 reset_all() {
    :
-    reset_iptables_v6
+    reset_iptables_v4
+  reset_iptables_v6
 }

 block_action() {
@ -470,6 +499,9 @@ block_action() {

 stop_action() {
    reset_all
+    $IPTABLES -P OUTPUT  ACCEPT
+    $IPTABLES -P INPUT   ACCEPT
+    $IPTABLES -P FORWARD ACCEPT
    $IP6TABLES -P OUTPUT  ACCEPT
    $IP6TABLES -P INPUT   ACCEPT
    $IP6TABLES -P FORWARD ACCEPT
@ -507,7 +539,7 @@ test -z "$cmd" && {

 case "$cmd" in
    start)
-        log "Activating firewall script generated Sat May 14 15:41:56 2011 by vadim"
+        log "Activating firewall script generated Sun May 15 12:01:42 2011 by vadim"
        check_tools
         prolog_commands 
        check_run_time_address_table_files
--- a/test/ipt/objects-for-regression-tests.fwb
+++ b/test/ipt/objects-for-regression-tests.fwb
@ -57768,7 +57768,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
          <Option name="verify_interfaces">True</Option>
        </FirewallOptions>
      </Firewall>
-      <Firewall id="id654160X7324" host_OS="linux24" inactive="False" lastCompiled="1280426747" lastInstalled="0" lastModified="1276815782" platform="iptables" version="1.4.0" name="firewall-ipv6-8" comment="matching multicast with different directions" ro="False">
+      <Firewall id="id654160X7324" host_OS="linux24" inactive="False" lastCompiled="1280426747" lastInstalled="0" lastModified="1305486097" platform="iptables" version="1.4.0" name="firewall-ipv6-8" comment="matching multicast with different directions" ro="False">
        <NAT id="id654194X7324" name="NAT" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="True" top_rule_set="True">
          <RuleSetOptions/>
        </NAT>
@ -58516,7 +58516,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
            <Option name="mangle_only_rule_set">False</Option>
          </RuleSetOptions>
        </Policy>
-        <Policy id="id1825785X7324" name="Policy_OSPF" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="True" top_rule_set="False">
+        <Policy id="id1825785X7324" name="Policy_OSPF" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="True" top_rule_set="False">
          <PolicyRule id="id2502746X7324" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="">
            <Src neg="False">
              <ObjectRef ref="id2383X75851"/>
@ -58611,6 +58611,26 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
              <Option name="ulog_nlgroup">1</Option>
            </PolicyRuleOptions>
          </PolicyRule>
+          <PolicyRule id="id100679X23217" disabled="False" group="" log="False" position="2" action="Deny" direction="Both" comment="">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">True</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
          <RuleSetOptions>
            <Option name="mangle_only_rule_set">False</Option>
          </RuleSetOptions>