projects / project / firewall4.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ruleset: reorder declarations & output tweaks
[project/firewall4.git] / tests / 03_rules / 09_time
1 Ensure that time constraints are properly rendered.
2
3 -- Testcase --
4 {%
5 include("./root/usr/share/firewall4/main.uc", {
6 getenv: function(varname) {
7 switch (varname) {
8 case 'ACTION':
9 return 'print';
10 }
11 }
12 })
13 %}
14 -- End --
15
16 -- File uci/helpers.json --
17 {}
18 -- End --
19
20 -- File uci/firewall.json --
21 {
22 "rule": [
23 {
24 ".description": "Check parsing a complete ISO datetime stamp",
25 "name": "Time rule #1",
26 "proto": "all",
27 "start_date": "2022-05-30T21:51:23",
28 "target": "ACCEPT"
29 },
30 {
31 ".description": "Check parsing a datetime stamp without seconds",
32 "name": "Time rule #2",
33 "proto": "all",
34 "start_date": "2022-05-30T21:51",
35 "target": "ACCEPT"
36 },
37 {
38 ".description": "Check parsing a datetime stamp without minutes and seconds",
39 "name": "Time rule #3",
40 "proto": "all",
41 "start_date": "2022-05-30T21",
42 "target": "ACCEPT"
43 },
44 {
45 ".description": "Check parsing a datetime stamp without time",
46 "name": "Time rule #4",
47 "proto": "all",
48 "start_date": "2022-05-30",
49 "target": "ACCEPT"
50 },
51 {
52 ".description": "Check parsing a datetime stamp without day and time",
53 "name": "Time rule #5",
54 "proto": "all",
55 "start_date": "2022-05",
56 "target": "ACCEPT"
57 },
58 {
59 ".description": "Check parsing a datetime stamp without month, day and time",
60 "name": "Time rule #6",
61 "proto": "all",
62 "start_date": "2022",
63 "target": "ACCEPT"
64 },
65
66 {
67 ".description": "Check parsing a complete timestamp",
68 "name": "Time rule #7",
69 "proto": "all",
70 "start_time": "21:51:23",
71 "target": "ACCEPT"
72 },
73 {
74 ".description": "Check parsing a timestamp without seconds",
75 "name": "Time rule #8",
76 "proto": "all",
77 "start_time": "21:51",
78 "target": "ACCEPT"
79 },
80 {
81 ".description": "Check parsing a timestamp without minutes and seconds",
82 "name": "Time rule #9",
83 "proto": "all",
84 "start_time": "21",
85 "target": "ACCEPT"
86 },
87
88 {
89 ".description": "Check emitting datetime ranges",
90 "name": "Time rule #10",
91 "proto": "all",
92 "start_date": "2022-05-30T21:51:23",
93 "stop_date": "2022-06-01T23:51:23",
94 "target": "ACCEPT"
95 },
96 {
97 ".description": "Check emitting time ranges",
98 "name": "Time rule #11",
99 "proto": "all",
100 "start_time": "21:51:23",
101 "stop_time": "23:51:23",
102 "target": "ACCEPT"
103 },
104
105 {
106 ".description": "Check parsing weekdays",
107 "name": "Time rule #12",
108 "proto": "all",
109 "weekdays": "Monday tuEsday wed SUN Th",
110 "target": "ACCEPT"
111 },
112 ]
113 }
114 -- End --
115
116 -- Expect stdout --
117 table inet fw4
118 flush table inet fw4
119
120 table inet fw4 {
121 #
122 # Defines
123 #
124
125
126 #
127 # User includes
128 #
129
130 include "/etc/nftables.d/*.nft"
131
132
133 #
134 # Filter rules
135 #
136
137 chain input {
138 type filter hook input priority filter; policy drop;
139
140 iifname "lo" accept comment "!fw4: Accept traffic from loopback"
141
142 ct state established,related accept comment "!fw4: Allow inbound established and related flows"
143 }
144
145 chain forward {
146 type filter hook forward priority filter; policy drop;
147
148 ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
149 }
150
151 chain output {
152 type filter hook output priority filter; policy drop;
153
154 oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
155
156 ct state established,related accept comment "!fw4: Allow outbound established and related flows"
157 meta time >= "2022-05-30 21:51:23" counter accept comment "!fw4: Time rule #1"
158 meta time >= "2022-05-30 21:51:00" counter accept comment "!fw4: Time rule #2"
159 meta time >= "2022-05-30 21:00:00" counter accept comment "!fw4: Time rule #3"
160 meta time >= "2022-05-30 00:00:00" counter accept comment "!fw4: Time rule #4"
161 meta time >= "2022-05-01 00:00:00" counter accept comment "!fw4: Time rule #5"
162 meta time >= "2022-01-01 00:00:00" counter accept comment "!fw4: Time rule #6"
163 meta hour >= "21:51:23" counter accept comment "!fw4: Time rule #7"
164 meta hour >= "21:51:00" counter accept comment "!fw4: Time rule #8"
165 meta hour >= "21:00:00" counter accept comment "!fw4: Time rule #9"
166 meta time "2022-05-30 21:51:23"-"2022-06-01 23:51:23" counter accept comment "!fw4: Time rule #10"
167 meta hour "21:51:23"-"23:51:23" counter accept comment "!fw4: Time rule #11"
168 meta day { "Monday", "Tuesday", "Wednesday", "Sunday", "Thursday" } counter accept comment "!fw4: Time rule #12"
169 }
170
171 chain prerouting {
172 type filter hook prerouting priority filter; policy accept;
173 }
174
175 chain handle_reject {
176 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
177 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
178 }
179
180
181 #
182 # NAT rules
183 #
184
185 chain dstnat {
186 type nat hook prerouting priority dstnat; policy accept;
187 }
188
189 chain srcnat {
190 type nat hook postrouting priority srcnat; policy accept;
191 }
192
193
194 #
195 # Raw rules (notrack)
196 #
197
198 chain raw_prerouting {
199 type filter hook prerouting priority raw; policy accept;
200 }
201
202 chain raw_output {
203 type filter hook output priority raw; policy accept;
204 }
205
206
207 #
208 # Mangle rules
209 #
210
211 chain mangle_prerouting {
212 type filter hook prerouting priority mangle; policy accept;
213 }
214
215 chain mangle_postrouting {
216 type filter hook postrouting priority mangle; policy accept;
217 }
218
219 chain mangle_input {
220 type filter hook input priority mangle; policy accept;
221 }
222
223 chain mangle_output {
224 type route hook output priority mangle; policy accept;
225 }
226
227 chain mangle_forward {
228 type filter hook forward priority mangle; policy accept;
229 }
230 }
231 -- End --
OpenWrt nftables firewall