1#- 2# SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3# 4# Copyright (c) 2019 Ahsan Barkati 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27# $FreeBSD$ 28# 29 30. $(atf_get_srcdir)/../../common/vnet.subr 31 32firewall_config() 33{ 34 jname=$1 35 shift 36 fw=$1 37 shift 38 39 while [ $# -gt 0 ]; do 40 if [ $(is_firewall "$1") -eq 1 ]; then 41 current_fw="$1" 42 shift 43 filename=${current_fw}.rule 44 cwd=$(pwd) 45 if [ -f ${current_fw}.rule ]; then 46 rm ${current_fw}.rule 47 fi 48 fi 49 rule=$1 50 echo $rule >> $filename 51 shift 52 done 53 54 if [ ${fw} == "ipfw" ]; then 55 jexec ${jname} ipfw -q -f flush 56 jexec ${jname} /bin/sh $cwd/ipfw.rule 57 elif [ ${fw} == "pf" ]; then 58 jexec ${jname} pfctl -e 59 jexec ${jname} pfctl -F all 60 jexec ${jname} pfctl -f $cwd/pf.rule 61 elif [ ${fw} == "ipf" ]; then 62 jexec ${jname} ipf -E 63 jexec ${jname} ipf -Fa -f $cwd/ipf.rule 64 elif [ ${fw} == "ipfnat" ]; then 65 jexec ${jname} service ipfilter start 66 jexec ${jname} ipnat -CF -f $cwd/ipfnat.rule 67 else 68 atf_fail "$fw is not a valid firewall to configure" 69 fi 70} 71 72firewall_cleanup() 73{ 74 firewall=$1 75 echo "Cleaning $firewall" 76 vnet_cleanup 77} 78 79firewall_init() 80{ 81 firewall=$1 82 vnet_init 83 84 if [ ${firewall} == "ipfw" ]; then 85 if ! kldstat -q -m ipfw; then 86 atf_skip "This test requires ipfw" 87 fi 88 elif [ ${firewall} == "pf" ]; then 89 if [ ! -c /dev/pf ]; then 90 atf_skip "This test requires pf" 91 fi 92 elif [ ${firewall} == "ipf" ]; then 93 if ! kldstat -q -m ipfilter; then 94 atf_skip "This test requires ipf" 95 fi 96 elif [ ${firewall} == "ipfnat" ]; then 97 if ! kldstat -q -m ipfilter; then 98 atf_skip "This test requires ipf" 99 fi 100 else 101 atf_fail "$fw is not a valid firewall to initialize" 102 fi 103 104} 105 106nat_init() 107{ 108 firewall=$1 109 if [ ${firewall} == "ipfw" ]; then 110 if ! kldstat -q -m ipfw_nat; then 111 atf_skip "This test requires ipfw_nat" 112 fi 113 fi 114} 115 116is_firewall() 117{ 118 if [ "$1" = "pf" -o "$1" = "ipfw" -o "$1" = "ipf" -o "$1" = "ipfnat" ]; then 119 echo 1 120 else 121 echo 0 122 fi 123} 124