projects / project / firewall4.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ruleset: emit time ranges when both start and stop times are specified
[project/firewall4.git] / tests / 03_rules / 09_time
1 Ensure that time constraints are properly rendered.
2
3 -- Testcase --
4 {%
5 include("./root/usr/share/firewall4/main.uc", {
6 getenv: function(varname) {
7 switch (varname) {
8 case 'ACTION':
9 return 'print';
10 }
11 }
12 })
13 %}
14 -- End --
15
16 -- File uci/helpers.json --
17 {}
18 -- End --
19
20 -- File uci/firewall.json --
21 {
22 "rule": [
23 {
24 ".description": "Check parsing a complete ISO datetime stamp",
25 "name": "Time rule #1",
26 "proto": "all",
27 "start_date": "2022-05-30T21:51:23",
28 "target": "ACCEPT"
29 },
30 {
31 ".description": "Check parsing a datetime stamp without seconds",
32 "name": "Time rule #2",
33 "proto": "all",
34 "start_date": "2022-05-30T21:51",
35 "target": "ACCEPT"
36 },
37 {
38 ".description": "Check parsing a datetime stamp without minutes and seconds",
39 "name": "Time rule #3",
40 "proto": "all",
41 "start_date": "2022-05-30T21",
42 "target": "ACCEPT"
43 },
44 {
45 ".description": "Check parsing a datetime stamp without time",
46 "name": "Time rule #4",
47 "proto": "all",
48 "start_date": "2022-05-30",
49 "target": "ACCEPT"
50 },
51 {
52 ".description": "Check parsing a datetime stamp without day and time",
53 "name": "Time rule #5",
54 "proto": "all",
55 "start_date": "2022-05",
56 "target": "ACCEPT"
57 },
58 {
59 ".description": "Check parsing a datetime stamp without month, day and time",
60 "name": "Time rule #6",
61 "proto": "all",
62 "start_date": "2022",
63 "target": "ACCEPT"
64 },
65
66 {
67 ".description": "Check parsing a complete timestamp",
68 "name": "Time rule #7",
69 "proto": "all",
70 "start_time": "21:51:23",
71 "target": "ACCEPT"
72 },
73 {
74 ".description": "Check parsing a timestamp without seconds",
75 "name": "Time rule #8",
76 "proto": "all",
77 "start_time": "21:51",
78 "target": "ACCEPT"
79 },
80 {
81 ".description": "Check parsing a timestamp without minutes and seconds",
82 "name": "Time rule #9",
83 "proto": "all",
84 "start_time": "21",
85 "target": "ACCEPT"
86 },
87
88 {
89 ".description": "Check emitting datetime ranges",
90 "name": "Time rule #10",
91 "proto": "all",
92 "start_date": "2022-05-30T21:51:23",
93 "stop_date": "2022-06-01T23:51:23",
94 "target": "ACCEPT"
95 },
96 {
97 ".description": "Check emitting time ranges",
98 "name": "Time rule #11",
99 "proto": "all",
100 "start_time": "21:51:23",
101 "stop_time": "23:51:23",
102 "target": "ACCEPT"
103 },
104
105 {
106 ".description": "Check parsing weekdays",
107 "name": "Time rule #12",
108 "proto": "all",
109 "weekdays": "Monday tuEsday wed SUN Th",
110 "target": "ACCEPT"
111 },
112 ]
113 }
114 -- End --
115
116 -- Expect stdout --
117 table inet fw4
118 flush table inet fw4
119
120 table inet fw4 {
121 #
122 # Set definitions
123 #
124
125
126 #
127 # Defines
128 #
129
130
131 #
132 # User includes
133 #
134
135 include "/etc/nftables.d/*.nft"
136
137
138 #
139 # Filter rules
140 #
141
142 chain input {
143 type filter hook input priority filter; policy drop;
144
145 iifname "lo" accept comment "!fw4: Accept traffic from loopback"
146
147 ct state established,related accept comment "!fw4: Allow inbound established and related flows"
148 }
149
150 chain forward {
151 type filter hook forward priority filter; policy drop;
152
153 ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
154 }
155
156 chain output {
157 type filter hook output priority filter; policy drop;
158
159 oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
160
161 ct state established,related accept comment "!fw4: Allow outbound established and related flows"
162 meta time >= "2022-05-30 21:51:23" counter accept comment "!fw4: Time rule #1"
163 meta time >= "2022-05-30 21:51:00" counter accept comment "!fw4: Time rule #2"
164 meta time >= "2022-05-30 21:00:00" counter accept comment "!fw4: Time rule #3"
165 meta time >= "2022-05-30 00:00:00" counter accept comment "!fw4: Time rule #4"
166 meta time >= "2022-05-01 00:00:00" counter accept comment "!fw4: Time rule #5"
167 meta time >= "2022-01-01 00:00:00" counter accept comment "!fw4: Time rule #6"
168 meta hour >= "21:51:23" counter accept comment "!fw4: Time rule #7"
169 meta hour >= "21:51:00" counter accept comment "!fw4: Time rule #8"
170 meta hour >= "21:00:00" counter accept comment "!fw4: Time rule #9"
171 meta time "2022-05-30 21:51:23"-"2022-06-01 23:51:23" counter accept comment "!fw4: Time rule #10"
172 meta hour "21:51:23"-"23:51:23" counter accept comment "!fw4: Time rule #11"
173 meta day { "Monday", "Tuesday", "Wednesday", "Sunday", "Thursday" } counter accept comment "!fw4: Time rule #12"
174 }
175
176 chain handle_reject {
177 meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
178 reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
179 }
180
181
182 #
183 # NAT rules
184 #
185
186 chain dstnat {
187 type nat hook prerouting priority dstnat; policy accept;
188 }
189
190 chain srcnat {
191 type nat hook postrouting priority srcnat; policy accept;
192 }
193
194
195 #
196 # Raw rules (notrack & helper)
197 #
198
199 chain raw_prerouting {
200 type filter hook prerouting priority raw; policy accept;
201 }
202
203 chain raw_output {
204 type filter hook output priority raw; policy accept;
205 }
206
207
208 #
209 # Mangle rules
210 #
211
212 chain mangle_prerouting {
213 type filter hook prerouting priority mangle; policy accept;
214 }
215
216 chain mangle_postrouting {
217 type filter hook postrouting priority mangle; policy accept;
218 }
219
220 chain mangle_input {
221 type filter hook input priority mangle; policy accept;
222 }
223
224 chain mangle_output {
225 type route hook output priority mangle; policy accept;
226 }
227
228 chain mangle_forward {
229 type filter hook forward priority mangle; policy accept;
230 }
231 }
232 -- End --
OpenWrt nftables firewall