diff options
Diffstat (limited to 'contrib/ipfilter/test/regress')
| -rw-r--r-- | contrib/ipfilter/test/regress/f20 | 4 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/i1 | 4 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/i10 | 1 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/i11 | 3 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/i15 | 1 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/i17 | 2 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/i18 | 3 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/i5 | 4 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/i8 | 2 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/i9 | 7 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/in2 | 2 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/in5 | 3 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/ni19.ipf | 3 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/ni19.nat | 1 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/ni20.ipf | 3 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/ni20.nat | 1 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/ni21.ipf | 1 | ||||
| -rw-r--r-- | contrib/ipfilter/test/regress/ni21.nat | 1 |
18 files changed, 38 insertions, 8 deletions
diff --git a/contrib/ipfilter/test/regress/f20 b/contrib/ipfilter/test/regress/f20 new file mode 100644 index 0000000..279523e --- /dev/null +++ b/contrib/ipfilter/test/regress/f20 @@ -0,0 +1,4 @@ +block out quick on de0 head 100 +skip 1 out group 100 +block out quick group 100 +pass out quick group 100 diff --git a/contrib/ipfilter/test/regress/i1 b/contrib/ipfilter/test/regress/i1 index c86c320..0fd2c6e 100644 --- a/contrib/ipfilter/test/regress/i1 +++ b/contrib/ipfilter/test/regress/i1 @@ -4,12 +4,12 @@ all log in all log body in all count in from any to any -pass in from !any to any +pass in from !any to any pps 10 block in from any to !any pass in on ed0 from localhost to localhost pass in on ed0,vx0 from localhost to localhost block in log first on lo0 from any to any -pass in log body quick from any to any +pass in log body or-block quick from any to any block return-rst in quick on le0 proto tcp from any to any block return-icmp in on qe0 from any to any block return-icmp(1) in on qe0 from any to any diff --git a/contrib/ipfilter/test/regress/i10 b/contrib/ipfilter/test/regress/i10 index ece2712..640ac84 100644 --- a/contrib/ipfilter/test/regress/i10 +++ b/contrib/ipfilter/test/regress/i10 @@ -1,4 +1,5 @@ pass in from localhost to localhost with opt sec +pass in from localhost to localhost with opt lsrr not opt sec block in from any to any with not opt sec-class topsecret block in from any to any with not opt sec-class topsecret,secret pass in from any to any with opt sec-class topsecret,confid not opt sec-class unclass diff --git a/contrib/ipfilter/test/regress/i11 b/contrib/ipfilter/test/regress/i11 index 89b3589..cb7d683 100644 --- a/contrib/ipfilter/test/regress/i11 +++ b/contrib/ipfilter/test/regress/i11 @@ -7,4 +7,5 @@ pass in on ed0 out-via vx0 proto udp from any to any keep state pass out on ppp0 in-via le0 proto tcp from any to any keep state pass in on ed0,vx0 out-via vx0,ed0 proto udp from any to any keep state pass in proto tcp from any port gt 1024 to localhost port eq 1024 keep state -pass in proto tcp all flags S keep state(strict,newisn,no-icmp-err,limit 101) +pass in proto tcp all flags S keep state(strict,newisn,no-icmp-err,limit 101,age 600) +pass in proto udp all keep state(age 10/20,sync) diff --git a/contrib/ipfilter/test/regress/i15 b/contrib/ipfilter/test/regress/i15 index 5268ec35..0e6b0d1 100644 --- a/contrib/ipfilter/test/regress/i15 +++ b/contrib/ipfilter/test/regress/i15 @@ -2,4 +2,3 @@ pass out on fxp0 all set-tag(log=100) pass out on fxp0 all set-tag(nat=foo) pass out on fxp0 all set-tag(log=100, nat=200) pass out on fxp0 all set-tag(log=2147483648, nat=overtherainbowisapotof) - diff --git a/contrib/ipfilter/test/regress/i17 b/contrib/ipfilter/test/regress/i17 index a995ae5..e399248 100644 --- a/contrib/ipfilter/test/regress/i17 +++ b/contrib/ipfilter/test/regress/i17 @@ -9,3 +9,5 @@ pass in from localhost to any @0 pass in from 1.1.1.1 to any @1 110 pass in from 2.2.2.2 to any @2 pass in from 3.3.3.3 to any +call fr_srcgrpmap/100 out from 10.1.0.0/16 to any +call now fr_dstgrpmap/200 in from 10.2.0.0/16 to any diff --git a/contrib/ipfilter/test/regress/i18 b/contrib/ipfilter/test/regress/i18 index c2845d1..03ce713 100644 --- a/contrib/ipfilter/test/regress/i18 +++ b/contrib/ipfilter/test/regress/i18 @@ -1,2 +1,3 @@ -pass in tos (80,0x80,40) all +pass in tos (80,0x80) all +pass in tos (0x80,80) all block in ttl (0,1,2,3,4,5,6) all diff --git a/contrib/ipfilter/test/regress/i5 b/contrib/ipfilter/test/regress/i5 index 38482f3..788f971 100644 --- a/contrib/ipfilter/test/regress/i5 +++ b/contrib/ipfilter/test/regress/i5 @@ -3,3 +3,7 @@ count in tos 0x80 from any to any pass in on ed0 tos 64 from localhost to localhost block in log on lo0 ttl 0 from any to any pass in quick ttl 1 from any to any +skip 3 out from 127.0.0.1 to any +auth out on foo0 proto tcp from any to any port = 80 +preauth out on foo0 proto tcp from any to any port = 22 +nomatch out on foo0 proto tcp from any port < 1024 to any diff --git a/contrib/ipfilter/test/regress/i8 b/contrib/ipfilter/test/regress/i8 index cc984b2..c30f8bd 100644 --- a/contrib/ipfilter/test/regress/i8 +++ b/contrib/ipfilter/test/regress/i8 @@ -29,3 +29,5 @@ pass in proto icmp all icmp-type squench pass in proto icmp all icmp-type timest pass in proto icmp all icmp-type timestrep pass in proto icmp all icmp-type timex +pass in proto icmp all icmp-type 254 +pass in proto icmp all icmp-type 253 code 254 diff --git a/contrib/ipfilter/test/regress/i9 b/contrib/ipfilter/test/regress/i9 index a966bed..441cfa9 100644 --- a/contrib/ipfilter/test/regress/i9 +++ b/contrib/ipfilter/test/regress/i9 @@ -5,8 +5,13 @@ pass in from any to any with opt nop,rr,zsu not opt ssrr,lsrr pass in from localhost to localhost and not frag pass in from localhost to localhost with frags,frag-body pass in proto tcp all flags S with not oow keep state +block in proto tcp all with oow pass in proto tcp all flags S with not bad,bad-src,bad-nat +block in proto tcp all flags S with bad,not bad-src,not bad-nat +pass in quick all with not short block in quick all with not nat +pass in quick all with not frag-body block in quick all with not lowttl -pass in all with mbcast,not bcast,multicast,not state +pass in all with mbcast,not bcast,multicast,not state,not ipopts +block in all with not mbcast,bcast,not multicast,state pass in from any to any with opt mtur,mtup,encode,ts,tr,sec,cipso,satid,ssrr,visa,imitd,eip,finn,dps,sdb,nsapa,rtralrt,ump,addext,e-sec diff --git a/contrib/ipfilter/test/regress/in2 b/contrib/ipfilter/test/regress/in2 index 4a86de7..83a2ca5 100644 --- a/contrib/ipfilter/test/regress/in2 +++ b/contrib/ipfilter/test/regress/in2 @@ -1,5 +1,5 @@ rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 tcp -rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 ip +rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 255 rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp rdr le0 9.8.7.6/32 -> 1.1.1.1 ip rdr le0 9.8.7.6/0xff000000 -> 1.1.1.1 ip diff --git a/contrib/ipfilter/test/regress/in5 b/contrib/ipfilter/test/regress/in5 index c539b03..766c3e3 100644 --- a/contrib/ipfilter/test/regress/in5 +++ b/contrib/ipfilter/test/regress/in5 @@ -1,7 +1,8 @@ map le0 from 9.8.7.6/32 port > 1024 to any -> 1.1.1.1 portmap 10000:20000 tcp +map le0 from 9.8.7.6/32 port > 1024 to ! 1.2.3.4 -> 1.1.1.1 portmap 10000:20000 tcp rdr le0 from any to 9.8.7.6/32 port = 0 -> 1.1.1.1 port 0 tcp rdr le0 from any to 9.8.7.6/0xffffffff port = 0 -> 1.1.1.1 port 0 ip -rdr le0 from any to 9.8.7.6 port = 8888 -> 1.1.1.1 port 888 tcp +rdr le0 ! from 1.2.3.4 to 9.8.7.6 port = 8888 -> 1.1.1.1 port 888 tcp rdr le0 from any to 9.8.7.6/255.255.255.255 port = 8888 -> 1.1.1.1 port 888 ip rdr le0 from any to 9.8.7.6 mask 0xffffffff port = 8888 -> 1.1.1.1 port 888 tcp rdr le0 from any to 9.8.7.6 mask 255.255.255.255 port = 8888 -> 1.1.1.1 port 888 udp diff --git a/contrib/ipfilter/test/regress/ni19.ipf b/contrib/ipfilter/test/regress/ni19.ipf new file mode 100644 index 0000000..c6fcec1 --- /dev/null +++ b/contrib/ipfilter/test/regress/ni19.ipf @@ -0,0 +1,3 @@ +block in all +pass out quick on bge0 proto tcp from any to any port = shell flags S keep state +block out all diff --git a/contrib/ipfilter/test/regress/ni19.nat b/contrib/ipfilter/test/regress/ni19.nat new file mode 100644 index 0000000..56b81a9 --- /dev/null +++ b/contrib/ipfilter/test/regress/ni19.nat @@ -0,0 +1 @@ +map bge0 192.168.113.0/24 -> 10.1.1.1/32 proxy port shell rcmd/tcp diff --git a/contrib/ipfilter/test/regress/ni20.ipf b/contrib/ipfilter/test/regress/ni20.ipf new file mode 100644 index 0000000..c6f6d84 --- /dev/null +++ b/contrib/ipfilter/test/regress/ni20.ipf @@ -0,0 +1,3 @@ +block in all +pass in quick on bge0 proto tcp from any to any port = shell flags S keep state +block out all diff --git a/contrib/ipfilter/test/regress/ni20.nat b/contrib/ipfilter/test/regress/ni20.nat new file mode 100644 index 0000000..f2dd0a7 --- /dev/null +++ b/contrib/ipfilter/test/regress/ni20.nat @@ -0,0 +1 @@ +rdr bge0 10.1.1.4/32 port shell -> 192.168.113.4 port shell tcp proxy rcmd diff --git a/contrib/ipfilter/test/regress/ni21.ipf b/contrib/ipfilter/test/regress/ni21.ipf new file mode 100644 index 0000000..6d6ed08 --- /dev/null +++ b/contrib/ipfilter/test/regress/ni21.ipf @@ -0,0 +1 @@ +pass out on lan0 to eri0:1.1.1.1 from 2.2.2.2 to any diff --git a/contrib/ipfilter/test/regress/ni21.nat b/contrib/ipfilter/test/regress/ni21.nat new file mode 100644 index 0000000..6b2d46a --- /dev/null +++ b/contrib/ipfilter/test/regress/ni21.nat @@ -0,0 +1 @@ +map lan0,eri0 2.2.2.2 -> 4.4.4.4 |
