1#- 2# SPDX-License-Identifier: BSD-2-Clause 3# 4# Copyright (c) 2019 Ahsan Barkati 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27# $FreeBSD$ 28# 29 30. $(atf_get_srcdir)/utils.subr 31. $(atf_get_srcdir)/runner.subr 32 33v4_head() 34{ 35 atf_set require.user root 36} 37 38v4_body() 39{ 40 firewall=$1 41 firewall_init $firewall 42 43 epair=$(vnet_mkepair) 44 ifconfig ${epair}a 192.0.2.1/24 up 45 vnet_mkjail iron ${epair}b 46 jexec iron ifconfig ${epair}b 192.0.2.2/24 up 47 48 # Block All 49 firewall_config "iron" ${firewall} \ 50 "pf" \ 51 "block in" \ 52 "ipfw" \ 53 "ipfw -q add 100 deny all from any to any" \ 54 "ipf" \ 55 "block in all" 56 57 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 58 59 # Pass All 60 firewall_config "iron" ${firewall} \ 61 "pf" \ 62 "pass in" \ 63 "ipfw" \ 64 "ipfw -q add 100 allow all from any to any" \ 65 "ipf" \ 66 "pass in all" 67 68 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2 69} 70 71v4_cleanup() 72{ 73 firewall=$1 74 firewall_cleanup $firewall 75} 76 77v6_head() 78{ 79 atf_set require.user root 80} 81 82v6_body() 83{ 84 firewall=$1 85 firewall_init $firewall 86 87 epair=$(vnet_mkepair) 88 ifconfig ${epair}a inet6 fd7a:803f:cc4b::1/64 up no_dad 89 90 vnet_mkjail iron ${epair}b 91 jexec iron ifconfig ${epair}b inet6 fd7a:803f:cc4b::2/64 up no_dad 92 93 # Block All 94 firewall_config "iron" ${firewall} \ 95 "pf" \ 96 "block in" \ 97 "ipfw" \ 98 "ipfw -q add 100 deny all from any to any" \ 99 "ipf" \ 100 "block in all" 101 102 atf_check -s exit:2 -o ignore ping -6 -c 1 -W 1 fd7a:803f:cc4b::2 103 104 # Pass All 105 firewall_config "iron" ${firewall} \ 106 "pf" \ 107 "pass in" \ 108 "ipfw" \ 109 "ipfw -q add 100 allow all from any to any" \ 110 "ipf" \ 111 "pass in all" 112 113 atf_check -s exit:0 -o ignore ping -6 -c 1 -W 1 fd7a:803f:cc4b::2 114} 115 116v6_cleanup() 117{ 118 firewall=$1 119 firewall_cleanup $firewall 120} 121 122setup_tests "v4" \ 123 "pf" \ 124 "ipfw" \ 125 "ipf" \ 126 "v6" \ 127 "pf" \ 128 "ipfw" \ 129 "ipf" 130