How to use add_rule method in autotest

Best Python code snippet using autotest_python

test_iptables_firewall.py

Source:test_iptables_firewall.py Github

copy

Full Screen

...54 def test_prepare_port_filter_with_no_sg(self):55 port = self._fake_port()56 self.firewall.prepare_port_filter(port)57 calls = [call.add_chain('sg-fallback'),58 call.add_rule('sg-fallback', '-j DROP'),59 call.ensure_remove_chain('sg-chain'),60 call.add_chain('sg-chain'),61 call.add_chain('ifake_dev'),62 call.add_rule('FORWARD',63 '-m physdev --physdev-is-bridged '64 '--physdev-out tapfake_dev '65 '-j $sg-chain'),66 call.add_rule('sg-chain',67 '-m physdev --physdev-is-bridged '68 '--physdev-out tapfake_dev '69 '-j $ifake_dev'),70 call.add_rule(71 'ifake_dev', '-m state --state INVALID -j DROP'),72 call.add_rule(73 'ifake_dev',74 '-m state --state ESTABLISHED,RELATED -j RETURN'),75 call.add_rule('ifake_dev', '-j $sg-fallback'),76 call.add_chain('ofake_dev'),77 call.add_rule('FORWARD',78 '-m physdev --physdev-is-bridged '79 '--physdev-in tapfake_dev '80 '-j $sg-chain'),81 call.add_rule('sg-chain',82 '-m physdev --physdev-is-bridged '83 '--physdev-in tapfake_dev '84 '-j $ofake_dev'),85 call.add_rule('INPUT',86 '-m physdev --physdev-is-bridged '87 '--physdev-in tapfake_dev '88 '-j $ofake_dev'),89 call.add_rule(90 'ofake_dev', '-m mac ! --mac-source ff:ff:ff:ff -j DROP'),91 call.add_rule(92 'ofake_dev',93 '-p udp --sport 68 --dport 67 -j RETURN'),94 call.add_rule('ofake_dev', '! -s 10.0.0.1 -j DROP'),95 call.add_rule(96 'ofake_dev',97 '-p udp --sport 67 --dport 68 -j DROP'),98 call.add_rule(99 'ofake_dev', '-m state --state INVALID -j DROP'),100 call.add_rule(101 'ofake_dev',102 '-m state --state ESTABLISHED,RELATED -j RETURN'),103 call.add_rule('ofake_dev', '-j $sg-fallback'),104 call.add_rule('sg-chain', '-j ACCEPT')]105 self.v4filter_inst.assert_has_calls(calls)106 def test_filter_ipv4_ingress(self):107 rule = {'ethertype': 'IPv4',108 'direction': 'ingress'}109 ingress = call.add_rule('ifake_dev', '-j RETURN')110 egress = None111 self._test_prepare_port_filter(rule, ingress, egress)112 def test_filter_ipv4_ingress_prefix(self):113 prefix = FAKE_PREFIX['IPv4']114 rule = {'ethertype': 'IPv4',115 'direction': 'ingress',116 'source_ip_prefix': prefix}117 ingress = call.add_rule('ifake_dev', '-j RETURN -s %s' % prefix)118 egress = None119 self._test_prepare_port_filter(rule, ingress, egress)120 def test_filter_ipv4_ingress_tcp(self):121 rule = {'ethertype': 'IPv4',122 'direction': 'ingress',123 'protocol': 'tcp'}124 ingress = call.add_rule('ifake_dev', '-j RETURN -p tcp')125 egress = None126 self._test_prepare_port_filter(rule, ingress, egress)127 def test_filter_ipv4_ingress_tcp_prefix(self):128 prefix = FAKE_PREFIX['IPv4']129 rule = {'ethertype': 'IPv4',130 'direction': 'ingress',131 'protocol': 'tcp',132 'source_ip_prefix': prefix}133 ingress = call.add_rule('ifake_dev', '-j RETURN -p tcp -s %s' % prefix)134 egress = None135 self._test_prepare_port_filter(rule, ingress, egress)136 def test_filter_ipv4_ingress_icmp(self):137 rule = {'ethertype': 'IPv4',138 'direction': 'ingress',139 'protocol': 'icmp'}140 ingress = call.add_rule('ifake_dev', '-j RETURN -p icmp')141 egress = None142 self._test_prepare_port_filter(rule, ingress, egress)143 def test_filter_ipv4_ingress_icmp_prefix(self):144 prefix = FAKE_PREFIX['IPv4']145 rule = {'ethertype': 'IPv4',146 'direction': 'ingress',147 'protocol': 'icmp',148 'source_ip_prefix': prefix}149 ingress = call.add_rule(150 'ifake_dev', '-j RETURN -p icmp -s %s' % prefix)151 egress = None152 self._test_prepare_port_filter(rule, ingress, egress)153 def test_filter_ipv4_ingress_tcp_port(self):154 rule = {'ethertype': 'IPv4',155 'direction': 'ingress',156 'protocol': 'tcp',157 'port_range_min': 10,158 'port_range_max': 10}159 ingress = call.add_rule('ifake_dev', '-j RETURN -p tcp --dport 10')160 egress = None161 self._test_prepare_port_filter(rule, ingress, egress)162 def test_filter_ipv4_ingress_tcp_mport(self):163 rule = {'ethertype': 'IPv4',164 'direction': 'ingress',165 'protocol': 'tcp',166 'port_range_min': 10,167 'port_range_max': 100}168 ingress = call.add_rule(169 'ifake_dev',170 '-j RETURN -p tcp -m multiport --dports 10:100')171 egress = None172 self._test_prepare_port_filter(rule, ingress, egress)173 def test_filter_ipv4_ingress_tcp_mport_prefix(self):174 prefix = FAKE_PREFIX['IPv4']175 rule = {'ethertype': 'IPv4',176 'direction': 'ingress',177 'protocol': 'tcp',178 'port_range_min': 10,179 'port_range_max': 100,180 'source_ip_prefix': prefix}181 ingress = call.add_rule(182 'ifake_dev',183 '-j RETURN -p tcp -m multiport '184 '--dports 10:100 -s %s' % prefix)185 egress = None186 self._test_prepare_port_filter(rule, ingress, egress)187 def test_filter_ipv4_ingress_udp(self):188 rule = {'ethertype': 'IPv4',189 'direction': 'ingress',190 'protocol': 'udp'}191 ingress = call.add_rule('ifake_dev', '-j RETURN -p udp')192 egress = None193 self._test_prepare_port_filter(rule, ingress, egress)194 def test_filter_ipv4_ingress_udp_prefix(self):195 prefix = FAKE_PREFIX['IPv4']196 rule = {'ethertype': 'IPv4',197 'direction': 'ingress',198 'protocol': 'udp',199 'source_ip_prefix': prefix}200 ingress = call.add_rule('ifake_dev', '-j RETURN -p udp -s %s' % prefix)201 egress = None202 self._test_prepare_port_filter(rule, ingress, egress)203 def test_filter_ipv4_ingress_udp_port(self):204 rule = {'ethertype': 'IPv4',205 'direction': 'ingress',206 'protocol': 'udp',207 'port_range_min': 10,208 'port_range_max': 10}209 ingress = call.add_rule('ifake_dev', '-j RETURN -p udp --dport 10')210 egress = None211 self._test_prepare_port_filter(rule, ingress, egress)212 def test_filter_ipv4_ingress_udp_mport(self):213 rule = {'ethertype': 'IPv4',214 'direction': 'ingress',215 'protocol': 'udp',216 'port_range_min': 10,217 'port_range_max': 100}218 ingress = call.add_rule(219 'ifake_dev',220 '-j RETURN -p udp -m multiport --dports 10:100')221 egress = None222 self._test_prepare_port_filter(rule, ingress, egress)223 def test_filter_ipv4_ingress_udp_mport_prefix(self):224 prefix = FAKE_PREFIX['IPv4']225 rule = {'ethertype': 'IPv4',226 'direction': 'ingress',227 'protocol': 'udp',228 'port_range_min': 10,229 'port_range_max': 100,230 'source_ip_prefix': prefix}231 ingress = call.add_rule(232 'ifake_dev',233 '-j RETURN -p udp -m multiport '234 '--dports 10:100 -s %s' % prefix)235 egress = None236 self._test_prepare_port_filter(rule, ingress, egress)237 def test_filter_ipv4_egress(self):238 rule = {'ethertype': 'IPv4',239 'direction': 'egress'}240 egress = call.add_rule('ofake_dev', '-j RETURN')241 ingress = None242 self._test_prepare_port_filter(rule, ingress, egress)243 def test_filter_ipv4_egress_prefix(self):244 prefix = FAKE_PREFIX['IPv4']245 rule = {'ethertype': 'IPv4',246 'direction': 'egress',247 'source_ip_prefix': prefix}248 egress = call.add_rule('ofake_dev', '-j RETURN -s %s' % prefix)249 ingress = None250 self._test_prepare_port_filter(rule, ingress, egress)251 def test_filter_ipv4_egress_tcp(self):252 rule = {'ethertype': 'IPv4',253 'direction': 'egress',254 'protocol': 'tcp'}255 egress = call.add_rule('ofake_dev', '-j RETURN -p tcp')256 ingress = None257 self._test_prepare_port_filter(rule, ingress, egress)258 def test_filter_ipv4_egress_tcp_prefix(self):259 prefix = FAKE_PREFIX['IPv4']260 rule = {'ethertype': 'IPv4',261 'direction': 'egress',262 'protocol': 'tcp',263 'source_ip_prefix': prefix}264 egress = call.add_rule('ofake_dev', '-j RETURN -p tcp -s %s' % prefix)265 ingress = None266 self._test_prepare_port_filter(rule, ingress, egress)267 def test_filter_ipv4_egress_icmp(self):268 rule = {'ethertype': 'IPv4',269 'direction': 'egress',270 'protocol': 'icmp'}271 egress = call.add_rule('ofake_dev', '-j RETURN -p icmp')272 ingress = None273 self._test_prepare_port_filter(rule, ingress, egress)274 def test_filter_ipv4_egress_icmp_prefix(self):275 prefix = FAKE_PREFIX['IPv4']276 rule = {'ethertype': 'IPv4',277 'direction': 'egress',278 'protocol': 'icmp',279 'source_ip_prefix': prefix}280 egress = call.add_rule(281 'ofake_dev', '-j RETURN -p icmp -s %s' % prefix)282 ingress = None283 self._test_prepare_port_filter(rule, ingress, egress)284 def test_filter_ipv4_egress_tcp_port(self):285 rule = {'ethertype': 'IPv4',286 'direction': 'egress',287 'protocol': 'tcp',288 'port_range_min': 10,289 'port_range_max': 10}290 egress = call.add_rule('ofake_dev', '-j RETURN -p tcp --dport 10')291 ingress = None292 self._test_prepare_port_filter(rule, ingress, egress)293 def test_filter_ipv4_egress_tcp_mport(self):294 rule = {'ethertype': 'IPv4',295 'direction': 'egress',296 'protocol': 'tcp',297 'port_range_min': 10,298 'port_range_max': 100}299 egress = call.add_rule(300 'ofake_dev',301 '-j RETURN -p tcp -m multiport --dports 10:100')302 ingress = None303 self._test_prepare_port_filter(rule, ingress, egress)304 def test_filter_ipv4_egress_tcp_mport_prefix(self):305 prefix = FAKE_PREFIX['IPv4']306 rule = {'ethertype': 'IPv4',307 'direction': 'egress',308 'protocol': 'tcp',309 'port_range_min': 10,310 'port_range_max': 100,311 'source_ip_prefix': prefix}312 egress = call.add_rule(313 'ofake_dev',314 '-j RETURN -p tcp -m multiport '315 '--dports 10:100 -s %s' % prefix)316 ingress = None317 self._test_prepare_port_filter(rule, ingress, egress)318 def test_filter_ipv4_egress_udp(self):319 rule = {'ethertype': 'IPv4',320 'direction': 'egress',321 'protocol': 'udp'}322 egress = call.add_rule('ofake_dev', '-j RETURN -p udp')323 ingress = None324 self._test_prepare_port_filter(rule, ingress, egress)325 def test_filter_ipv4_egress_udp_prefix(self):326 prefix = FAKE_PREFIX['IPv4']327 rule = {'ethertype': 'IPv4',328 'direction': 'egress',329 'protocol': 'udp',330 'source_ip_prefix': prefix}331 egress = call.add_rule('ofake_dev', '-j RETURN -p udp -s %s' % prefix)332 ingress = None333 self._test_prepare_port_filter(rule, ingress, egress)334 def test_filter_ipv4_egress_udp_port(self):335 rule = {'ethertype': 'IPv4',336 'direction': 'egress',337 'protocol': 'udp',338 'port_range_min': 10,339 'port_range_max': 10}340 egress = call.add_rule('ofake_dev', '-j RETURN -p udp --dport 10')341 ingress = None342 self._test_prepare_port_filter(rule, ingress, egress)343 def test_filter_ipv4_egress_udp_mport(self):344 rule = {'ethertype': 'IPv4',345 'direction': 'egress',346 'protocol': 'udp',347 'port_range_min': 10,348 'port_range_max': 100}349 egress = call.add_rule(350 'ofake_dev',351 '-j RETURN -p udp -m multiport --dports 10:100')352 ingress = None353 self._test_prepare_port_filter(rule, ingress, egress)354 def test_filter_ipv4_egress_udp_mport_prefix(self):355 prefix = FAKE_PREFIX['IPv4']356 rule = {'ethertype': 'IPv4',357 'direction': 'egress',358 'protocol': 'udp',359 'port_range_min': 10,360 'port_range_max': 100,361 'source_ip_prefix': prefix}362 egress = call.add_rule(363 'ofake_dev',364 '-j RETURN -p udp -m multiport '365 '--dports 10:100 -s %s' % prefix)366 ingress = None367 self._test_prepare_port_filter(rule, ingress, egress)368 def test_filter_ipv6_ingress(self):369 rule = {'ethertype': 'IPv6',370 'direction': 'ingress'}371 ingress = call.add_rule('ifake_dev', '-j RETURN')372 egress = None373 self._test_prepare_port_filter(rule, ingress, egress)374 def test_filter_ipv6_ingress_prefix(self):375 prefix = FAKE_PREFIX['IPv6']376 rule = {'ethertype': 'IPv6',377 'direction': 'ingress',378 'source_ip_prefix': prefix}379 ingress = call.add_rule('ifake_dev', '-j RETURN -s %s' % prefix)380 egress = None381 self._test_prepare_port_filter(rule, ingress, egress)382 def test_filter_ipv6_ingress_tcp(self):383 rule = {'ethertype': 'IPv6',384 'direction': 'ingress',385 'protocol': 'tcp'}386 ingress = call.add_rule('ifake_dev', '-j RETURN -p tcp')387 egress = None388 self._test_prepare_port_filter(rule, ingress, egress)389 def test_filter_ipv6_ingress_tcp_prefix(self):390 prefix = FAKE_PREFIX['IPv6']391 rule = {'ethertype': 'IPv6',392 'direction': 'ingress',393 'protocol': 'tcp',394 'source_ip_prefix': prefix}395 ingress = call.add_rule('ifake_dev', '-j RETURN -p tcp -s %s' % prefix)396 egress = None397 self._test_prepare_port_filter(rule, ingress, egress)398 def test_filter_ipv6_ingress_tcp_port(self):399 rule = {'ethertype': 'IPv6',400 'direction': 'ingress',401 'protocol': 'tcp',402 'port_range_min': 10,403 'port_range_max': 10}404 ingress = call.add_rule('ifake_dev', '-j RETURN -p tcp --dport 10')405 egress = None406 self._test_prepare_port_filter(rule, ingress, egress)407 def test_filter_ipv6_ingress_icmp(self):408 rule = {'ethertype': 'IPv6',409 'direction': 'ingress',410 'protocol': 'icmp'}411 ingress = call.add_rule('ifake_dev', '-j RETURN -p icmpv6')412 egress = None413 self._test_prepare_port_filter(rule, ingress, egress)414 def test_filter_ipv6_ingress_icmp_prefix(self):415 prefix = FAKE_PREFIX['IPv6']416 rule = {'ethertype': 'IPv6',417 'direction': 'ingress',418 'protocol': 'icmp',419 'source_ip_prefix': prefix}420 ingress = call.add_rule(421 'ifake_dev', '-j RETURN -p icmpv6 -s %s' % prefix)422 egress = None423 self._test_prepare_port_filter(rule, ingress, egress)424 def test_filter_ipv6_ingress_tcp_mport(self):425 rule = {'ethertype': 'IPv6',426 'direction': 'ingress',427 'protocol': 'tcp',428 'port_range_min': 10,429 'port_range_max': 100}430 ingress = call.add_rule(431 'ifake_dev',432 '-j RETURN -p tcp -m multiport --dports 10:100')433 egress = None434 self._test_prepare_port_filter(rule, ingress, egress)435 def test_filter_ipv6_ingress_tcp_mport_prefix(self):436 prefix = FAKE_PREFIX['IPv6']437 rule = {'ethertype': 'IPv6',438 'direction': 'ingress',439 'protocol': 'tcp',440 'port_range_min': 10,441 'port_range_max': 100,442 'source_ip_prefix': prefix}443 ingress = call.add_rule(444 'ifake_dev',445 '-j RETURN -p tcp -m multiport '446 '--dports 10:100 -s %s' % prefix)447 egress = None448 self._test_prepare_port_filter(rule, ingress, egress)449 def test_filter_ipv6_ingress_udp(self):450 rule = {'ethertype': 'IPv6',451 'direction': 'ingress',452 'protocol': 'udp'}453 ingress = call.add_rule('ifake_dev', '-j RETURN -p udp')454 egress = None455 self._test_prepare_port_filter(rule, ingress, egress)456 def test_filter_ipv6_ingress_udp_prefix(self):457 prefix = FAKE_PREFIX['IPv6']458 rule = {'ethertype': 'IPv6',459 'direction': 'ingress',460 'protocol': 'udp',461 'source_ip_prefix': prefix}462 ingress = call.add_rule('ifake_dev', '-j RETURN -p udp -s %s' % prefix)463 egress = None464 self._test_prepare_port_filter(rule, ingress, egress)465 def test_filter_ipv6_ingress_udp_port(self):466 rule = {'ethertype': 'IPv6',467 'direction': 'ingress',468 'protocol': 'udp',469 'port_range_min': 10,470 'port_range_max': 10}471 ingress = call.add_rule('ifake_dev', '-j RETURN -p udp --dport 10')472 egress = None473 self._test_prepare_port_filter(rule, ingress, egress)474 def test_filter_ipv6_ingress_udp_mport(self):475 rule = {'ethertype': 'IPv6',476 'direction': 'ingress',477 'protocol': 'udp',478 'port_range_min': 10,479 'port_range_max': 100}480 ingress = call.add_rule(481 'ifake_dev',482 '-j RETURN -p udp -m multiport --dports 10:100')483 egress = None484 self._test_prepare_port_filter(rule, ingress, egress)485 def test_filter_ipv6_ingress_udp_mport_prefix(self):486 prefix = FAKE_PREFIX['IPv6']487 rule = {'ethertype': 'IPv6',488 'direction': 'ingress',489 'protocol': 'udp',490 'port_range_min': 10,491 'port_range_max': 100,492 'source_ip_prefix': prefix}493 ingress = call.add_rule(494 'ifake_dev',495 '-j RETURN -p udp -m multiport '496 '--dports 10:100 -s %s' % prefix)497 egress = None498 self._test_prepare_port_filter(rule, ingress, egress)499 def test_filter_ipv6_egress(self):500 rule = {'ethertype': 'IPv6',501 'direction': 'egress'}502 egress = call.add_rule('ofake_dev', '-j RETURN')503 ingress = None504 self._test_prepare_port_filter(rule, ingress, egress)505 def test_filter_ipv6_egress_prefix(self):506 prefix = FAKE_PREFIX['IPv6']507 rule = {'ethertype': 'IPv6',508 'direction': 'egress',509 'source_ip_prefix': prefix}510 egress = call.add_rule('ofake_dev', '-j RETURN -s %s' % prefix)511 ingress = None512 self._test_prepare_port_filter(rule, ingress, egress)513 def test_filter_ipv6_egress_tcp(self):514 rule = {'ethertype': 'IPv6',515 'direction': 'egress',516 'protocol': 'tcp'}517 egress = call.add_rule('ofake_dev', '-j RETURN -p tcp')518 ingress = None519 self._test_prepare_port_filter(rule, ingress, egress)520 def test_filter_ipv6_egress_tcp_prefix(self):521 prefix = FAKE_PREFIX['IPv6']522 rule = {'ethertype': 'IPv6',523 'direction': 'egress',524 'protocol': 'tcp',525 'source_ip_prefix': prefix}526 egress = call.add_rule('ofake_dev', '-j RETURN -p tcp -s %s' % prefix)527 ingress = None528 self._test_prepare_port_filter(rule, ingress, egress)529 def test_filter_ipv6_egress_icmp(self):530 rule = {'ethertype': 'IPv6',531 'direction': 'egress',532 'protocol': 'icmp'}533 egress = call.add_rule('ofake_dev', '-j RETURN -p icmpv6')534 ingress = None535 self._test_prepare_port_filter(rule, ingress, egress)536 def test_filter_ipv6_egress_icmp_prefix(self):537 prefix = FAKE_PREFIX['IPv6']538 rule = {'ethertype': 'IPv6',539 'direction': 'egress',540 'protocol': 'icmp',541 'source_ip_prefix': prefix}542 egress = call.add_rule(543 'ofake_dev', '-j RETURN -p icmpv6 -s %s' % prefix)544 ingress = None545 self._test_prepare_port_filter(rule, ingress, egress)546 def test_filter_ipv6_egress_tcp_port(self):547 rule = {'ethertype': 'IPv6',548 'direction': 'egress',549 'protocol': 'tcp',550 'port_range_min': 10,551 'port_range_max': 10}552 egress = call.add_rule('ofake_dev', '-j RETURN -p tcp --dport 10')553 ingress = None554 self._test_prepare_port_filter(rule, ingress, egress)555 def test_filter_ipv6_egress_tcp_mport(self):556 rule = {'ethertype': 'IPv6',557 'direction': 'egress',558 'protocol': 'tcp',559 'port_range_min': 10,560 'port_range_max': 100}561 egress = call.add_rule(562 'ofake_dev',563 '-j RETURN -p tcp -m multiport --dports 10:100')564 ingress = None565 self._test_prepare_port_filter(rule, ingress, egress)566 def test_filter_ipv6_egress_tcp_mport_prefix(self):567 prefix = FAKE_PREFIX['IPv6']568 rule = {'ethertype': 'IPv6',569 'direction': 'egress',570 'protocol': 'tcp',571 'port_range_min': 10,572 'port_range_max': 100,573 'source_ip_prefix': prefix}574 egress = call.add_rule(575 'ofake_dev',576 '-j RETURN -p tcp -m multiport '577 '--dports 10:100 -s %s' % prefix)578 ingress = None579 self._test_prepare_port_filter(rule, ingress, egress)580 def test_filter_ipv6_egress_udp(self):581 rule = {'ethertype': 'IPv6',582 'direction': 'egress',583 'protocol': 'udp'}584 egress = call.add_rule('ofake_dev', '-j RETURN -p udp')585 ingress = None586 self._test_prepare_port_filter(rule, ingress, egress)587 def test_filter_ipv6_egress_udp_prefix(self):588 prefix = FAKE_PREFIX['IPv6']589 rule = {'ethertype': 'IPv6',590 'direction': 'egress',591 'protocol': 'udp',592 'source_ip_prefix': prefix}593 egress = call.add_rule('ofake_dev', '-j RETURN -p udp -s %s' % prefix)594 ingress = None595 self._test_prepare_port_filter(rule, ingress, egress)596 def test_filter_ipv6_egress_udp_port(self):597 rule = {'ethertype': 'IPv6',598 'direction': 'egress',599 'protocol': 'udp',600 'port_range_min': 10,601 'port_range_max': 10}602 egress = call.add_rule('ofake_dev', '-j RETURN -p udp --dport 10')603 ingress = None604 self._test_prepare_port_filter(rule, ingress, egress)605 def test_filter_ipv6_egress_udp_mport(self):606 rule = {'ethertype': 'IPv6',607 'direction': 'egress',608 'protocol': 'udp',609 'port_range_min': 10,610 'port_range_max': 100}611 egress = call.add_rule(612 'ofake_dev',613 '-j RETURN -p udp -m multiport --dports 10:100')614 ingress = None615 self._test_prepare_port_filter(rule, ingress, egress)616 def test_filter_ipv6_egress_udp_mport_prefix(self):617 prefix = FAKE_PREFIX['IPv6']618 rule = {'ethertype': 'IPv6',619 'direction': 'egress',620 'protocol': 'udp',621 'port_range_min': 10,622 'port_range_max': 100,623 'source_ip_prefix': prefix}624 egress = call.add_rule(625 'ofake_dev',626 '-j RETURN -p udp -m multiport '627 '--dports 10:100 -s %s' % prefix)628 ingress = None629 self._test_prepare_port_filter(rule, ingress, egress)630 def _test_prepare_port_filter(self,631 rule,632 ingress_expected_call=None,633 egress_expected_call=None):634 port = self._fake_port()635 ethertype = rule['ethertype']636 prefix = FAKE_IP[ethertype]637 filter_inst = self.v4filter_inst638 dhcp_rule = call.add_rule(639 'ofake_dev',640 '-p udp --sport 68 --dport 67 -j RETURN')641 if ethertype == 'IPv6':642 filter_inst = self.v6filter_inst643 dhcp_rule = call.add_rule('ofake_dev', '-p icmpv6 -j RETURN')644 sg = [rule]645 port['security_group_rules'] = sg646 self.firewall.prepare_port_filter(port)647 calls = [call.add_chain('sg-fallback'),648 call.add_rule('sg-fallback', '-j DROP'),649 call.ensure_remove_chain('sg-chain'),650 call.add_chain('sg-chain'),651 call.add_chain('ifake_dev'),652 call.add_rule('FORWARD',653 '-m physdev --physdev-is-bridged '654 '--physdev-out tapfake_dev '655 '-j $sg-chain'),656 call.add_rule('sg-chain',657 '-m physdev --physdev-is-bridged '658 '--physdev-out tapfake_dev '659 '-j $ifake_dev'),660 call.add_rule(661 'ifake_dev', '-m state --state INVALID -j DROP'),662 call.add_rule(663 'ifake_dev',664 '-m state --state ESTABLISHED,RELATED -j RETURN')]665 if ingress_expected_call:666 calls.append(ingress_expected_call)667 calls += [call.add_rule('ifake_dev', '-j $sg-fallback'),668 call.add_chain('ofake_dev'),669 call.add_rule('FORWARD',670 '-m physdev --physdev-is-bridged '671 '--physdev-in tapfake_dev '672 '-j $sg-chain'),673 call.add_rule('sg-chain',674 '-m physdev --physdev-is-bridged '675 '--physdev-in tapfake_dev '676 '-j $ofake_dev'),677 call.add_rule('INPUT',678 '-m physdev --physdev-is-bridged '679 '--physdev-in tapfake_dev '680 '-j $ofake_dev'),681 call.add_rule(682 'ofake_dev',683 '-m mac ! --mac-source ff:ff:ff:ff -j DROP'),684 dhcp_rule,685 call.add_rule('ofake_dev', '! -s %s -j DROP' % prefix)]686 if ethertype == 'IPv4':687 calls.append(call.add_rule(688 'ofake_dev',689 '-p udp --sport 67 --dport 68 -j DROP'))690 calls += [call.add_rule(691 'ofake_dev', '-m state --state INVALID -j DROP'),692 call.add_rule(693 'ofake_dev',694 '-m state --state ESTABLISHED,RELATED -j RETURN')]695 if egress_expected_call:696 calls.append(egress_expected_call)697 calls += [call.add_rule('ofake_dev', '-j $sg-fallback'),698 call.add_rule('sg-chain', '-j ACCEPT')]699 filter_inst.assert_has_calls(calls)700 def test_update_delete_port_filter(self):701 port = self._fake_port()702 port['security_group_rules'] = [{'ethertype': 'IPv4',703 'direction': 'ingress'}]704 self.firewall.prepare_port_filter(port)705 port['security_group_rules'] = [{'ethertype': 'IPv4',706 'direction': 'egress'}]707 self.firewall.update_port_filter(port)708 self.firewall.update_port_filter({'device': 'no-exist-device'})709 self.firewall.remove_port_filter(port)710 self.firewall.remove_port_filter({'device': 'no-exist-device'})711 calls = [call.add_chain('sg-fallback'),712 call.add_rule('sg-fallback', '-j DROP'),713 call.ensure_remove_chain('sg-chain'),714 call.add_chain('sg-chain'),715 call.add_chain('ifake_dev'),716 call.add_rule(717 'FORWARD',718 '-m physdev --physdev-is-bridged '719 '--physdev-out tapfake_dev -j $sg-chain'),720 call.add_rule(721 'sg-chain',722 '-m physdev --physdev-is-bridged '723 '--physdev-out tapfake_dev -j $ifake_dev'),724 call.add_rule(725 'ifake_dev', '-m state --state INVALID -j DROP'),726 call.add_rule(727 'ifake_dev',728 '-m state --state ESTABLISHED,RELATED -j RETURN'),729 call.add_rule('ifake_dev', '-j RETURN'),730 call.add_rule('ifake_dev', '-j $sg-fallback'),731 call.add_chain('ofake_dev'),732 call.add_rule(733 'FORWARD',734 '-m physdev --physdev-is-bridged '735 '--physdev-in tapfake_dev -j $sg-chain'),736 call.add_rule(737 'sg-chain',738 '-m physdev --physdev-is-bridged '739 '--physdev-in tapfake_dev -j $ofake_dev'),740 call.add_rule(741 'INPUT',742 '-m physdev --physdev-is-bridged '743 '--physdev-in tapfake_dev -j $ofake_dev'),744 call.add_rule(745 'ofake_dev',746 '-m mac ! --mac-source ff:ff:ff:ff -j DROP'),747 call.add_rule(748 'ofake_dev',749 '-p udp --sport 68 --dport 67 -j RETURN'),750 call.add_rule(751 'ofake_dev',752 '! -s 10.0.0.1 -j DROP'),753 call.add_rule(754 'ofake_dev',755 '-p udp --sport 67 --dport 68 -j DROP'),756 call.add_rule(757 'ofake_dev', '-m state --state INVALID -j DROP'),758 call.add_rule(759 'ofake_dev',760 '-m state --state ESTABLISHED,RELATED -j RETURN'),761 call.add_rule('ofake_dev', '-j $sg-fallback'),762 call.add_rule('sg-chain', '-j ACCEPT'),763 call.ensure_remove_chain('ifake_dev'),764 call.ensure_remove_chain('ofake_dev'),765 call.ensure_remove_chain('sg-chain'),766 call.add_chain('sg-chain'),767 call.add_chain('ifake_dev'),768 call.add_rule(769 'FORWARD',770 '-m physdev --physdev-is-bridged '771 '--physdev-out tapfake_dev -j $sg-chain'),772 call.add_rule(773 'sg-chain',774 '-m physdev --physdev-is-bridged '775 '--physdev-out tapfake_dev -j $ifake_dev'),776 call.add_rule(777 'ifake_dev',778 '-m state --state INVALID -j DROP'),779 call.add_rule(780 'ifake_dev',781 '-m state --state ESTABLISHED,RELATED -j RETURN'),782 call.add_rule('ifake_dev', '-j $sg-fallback'),783 call.add_chain('ofake_dev'),784 call.add_rule(785 'FORWARD',786 '-m physdev --physdev-is-bridged '787 '--physdev-in tapfake_dev -j $sg-chain'),788 call.add_rule(789 'sg-chain',790 '-m physdev --physdev-is-bridged '791 '--physdev-in tapfake_dev -j $ofake_dev'),792 call.add_rule(793 'INPUT',794 '-m physdev --physdev-is-bridged '795 '--physdev-in tapfake_dev -j $ofake_dev'),796 call.add_rule(797 'ofake_dev',798 '-m mac ! --mac-source ff:ff:ff:ff -j DROP'),799 call.add_rule(800 'ofake_dev', '-p udp --sport 68 --dport 67 -j RETURN'),801 call.add_rule(802 'ofake_dev', '! -s 10.0.0.1 -j DROP'),803 call.add_rule(804 'ofake_dev', '-p udp --sport 67 --dport 68 -j DROP'),805 call.add_rule(806 'ofake_dev', '-m state --state INVALID -j DROP'),807 call.add_rule(808 'ofake_dev',809 '-m state --state ESTABLISHED,RELATED -j RETURN'),810 call.add_rule('ofake_dev', '-j RETURN'),811 call.add_rule('ofake_dev', '-j $sg-fallback'),812 call.add_rule('sg-chain', '-j ACCEPT'),813 call.ensure_remove_chain('ifake_dev'),814 call.ensure_remove_chain('ofake_dev'),815 call.ensure_remove_chain('sg-chain'),816 call.add_chain('sg-chain')]817 self.v4filter_inst.assert_has_calls(calls)818 def test_remove_unknown_port(self):819 port = self._fake_port()820 self.firewall.remove_port_filter(port)821 # checking no exception occures822 self.v4filter_inst.assert_has_calls([])823 def test_defer_apply(self):824 with self.firewall.defer_apply():825 pass826 self.iptables_inst.assert_has_calls([call.defer_apply_on(),...

Full Screen

Full Screen

default_speeds_generator.py

Source:default_speeds_generator.py Github

copy

Full Screen

...18 # The text at the end is the speed limit (use no unit for km/h)19 # Rules apply in the order in which they are written for each country20 # Rules for specific regions (states) take priority over country rules21 # If you modify existing country rules, you must update all existing states without that rule to use the old rule22 US.add_rule({"highway": "motorway"}, "65 mph") # On US roads with the tag highway and value motorway, the speed limit will default to 65 mph23 US.add_rule({"highway": "trunk"}, "55 mph")24 US.add_rule({"highway": "primary"}, "55 mph")25 US.add_rule({"highway": "secondary"}, "45 mph")26 US.add_rule({"highway": "tertiary"}, "35 mph")27 US.add_rule({"highway": "unclassified"}, "55 mph")28 US.add_rule({"highway": "residential"}, "25 mph")29 US.add_rule({"highway": "service"}, "25 mph")30 US.add_rule({"highway": "motorway_link"}, "55 mph")31 US.add_rule({"highway": "trunk_link"}, "55 mph")32 US.add_rule({"highway": "primary_link"}, "55 mph")33 US.add_rule({"highway": "secondary_link"}, "45 mph")34 US.add_rule({"highway": "tertiary_link"}, "35 mph")35 US.add_rule({"highway": "living_street"}, "15 mph")36 """ States """37 new_york = US.add_region("New York") # Fourth step, add a state/region to country38 new_york.add_rule({"highway": "primary"}, "45 mph") # Fifth step , add rules to the state. See the text above for how to write rules39 new_york.add_rule({"highway": "secondary"}, "55 mph")40 new_york.add_rule({"highway": "tertiary"}, "55 mph")41 new_york.add_rule({"highway": "residential"}, "30 mph")42 new_york.add_rule({"highway": "primary_link"}, "45 mph")43 new_york.add_rule({"highway": "secondary_link"}, "55 mph")44 new_york.add_rule({"highway": "tertiary_link"}, "55 mph")45 # All if not written by the state, the rules will default to the country rules46 #california = US.add_region("California")47 # California uses only the default US rules48 michigan = US.add_region("Michigan")49 michigan.add_rule({"highway": "motorway"}, "70 mph")50 oregon = US.add_region("Oregon")51 oregon.add_rule({"highway": "motorway"}, "55 mph")52 oregon.add_rule({"highway": "secondary"}, "35 mph")53 oregon.add_rule({"highway": "tertiary"}, "30 mph")54 oregon.add_rule({"highway": "service"}, "15 mph")55 oregon.add_rule({"highway": "secondary_link"}, "35 mph")56 oregon.add_rule({"highway": "tertiary_link"}, "30 mph")57 south_dakota = US.add_region("South Dakota")58 south_dakota.add_rule({"highway": "motorway"}, "80 mph")59 south_dakota.add_rule({"highway": "trunk"}, "70 mph")60 south_dakota.add_rule({"highway": "primary"}, "65 mph")61 south_dakota.add_rule({"highway": "trunk_link"}, "70 mph")62 south_dakota.add_rule({"highway": "primary_link"}, "65 mph")63 wisconsin = US.add_region("Wisconsin")64 wisconsin.add_rule({"highway": "trunk"}, "65 mph")65 wisconsin.add_rule({"highway": "tertiary"}, "45 mph")66 wisconsin.add_rule({"highway": "unclassified"}, "35 mph")67 wisconsin.add_rule({"highway": "trunk_link"}, "65 mph")68 wisconsin.add_rule({"highway": "tertiary_link"}, "45 mph")69 """70 --------------------------------------------------71 AU - Australia72 --------------------------------------------------73 """74 AU = Country("AU")75 countries.append(AU)76 """ Default rules """77 AU.add_rule({"highway": "motorway"}, "100")78 AU.add_rule({"highway": "trunk"}, "80")79 AU.add_rule({"highway": "primary"}, "80")80 AU.add_rule({"highway": "secondary"}, "50")81 AU.add_rule({"highway": "tertiary"}, "50")82 AU.add_rule({"highway": "unclassified"}, "80")83 AU.add_rule({"highway": "residential"}, "50")84 AU.add_rule({"highway": "service"}, "40")85 AU.add_rule({"highway": "motorway_link"}, "90")86 AU.add_rule({"highway": "trunk_link"}, "80")87 AU.add_rule({"highway": "primary_link"}, "80")88 AU.add_rule({"highway": "secondary_link"}, "50")89 AU.add_rule({"highway": "tertiary_link"}, "50")90 AU.add_rule({"highway": "living_street"}, "30")91 """92 --------------------------------------------------93 CA - Canada94 --------------------------------------------------95 """96 CA = Country("CA")97 countries.append(CA)98 """ Default rules """99 CA.add_rule({"highway": "motorway"}, "100")100 CA.add_rule({"highway": "trunk"}, "80")101 CA.add_rule({"highway": "primary"}, "80")102 CA.add_rule({"highway": "secondary"}, "50")103 CA.add_rule({"highway": "tertiary"}, "50")104 CA.add_rule({"highway": "unclassified"}, "80")105 CA.add_rule({"highway": "residential"}, "40")106 CA.add_rule({"highway": "service"}, "40")107 CA.add_rule({"highway": "motorway_link"}, "90")108 CA.add_rule({"highway": "trunk_link"}, "80")109 CA.add_rule({"highway": "primary_link"}, "80")110 CA.add_rule({"highway": "secondary_link"}, "50")111 CA.add_rule({"highway": "tertiary_link"}, "50")112 CA.add_rule({"highway": "living_street"}, "20")113 """114 --------------------------------------------------115 DE - Germany116 --------------------------------------------------117 """118 DE = Country("DE")119 countries.append(DE)120 """ Default rules """121 DE.add_rule({"highway": "motorway"}, "none")122 DE.add_rule({"highway": "living_street"}, "10")123 DE.add_rule({"highway": "residential"}, "30")124 DE.add_rule({"highway": "service"}, "10")125 DE.add_rule({"zone:traffic": "DE:rural"}, "100")126 DE.add_rule({"zone:traffic": "DE:urban"}, "50")127 DE.add_rule({"zone:maxspeed": "DE:30"}, "30")128 DE.add_rule({"zone:maxspeed": "DE:urban"}, "50")129 DE.add_rule({"zone:maxspeed": "DE:rural"}, "100")130 DE.add_rule({"zone:maxspeed": "DE:motorway"}, "none")131 DE.add_rule({"bicycle_road": "yes"}, "30")132 133 """134 --------------------------------------------------135 EE - Estonia136 --------------------------------------------------137 """138 EE = Country("EE")139 countries.append(EE)140 """ Default rules """141 EE.add_rule({"highway": "motorway"}, "90")142 EE.add_rule({"highway": "trunk"}, "90")143 EE.add_rule({"highway": "primary"}, "90")144 EE.add_rule({"highway": "secondary"}, "50")145 EE.add_rule({"highway": "tertiary"}, "50")146 EE.add_rule({"highway": "unclassified"}, "90")147 EE.add_rule({"highway": "residential"}, "40")148 EE.add_rule({"highway": "service"}, "40")149 EE.add_rule({"highway": "motorway_link"}, "90")150 EE.add_rule({"highway": "trunk_link"}, "70")151 EE.add_rule({"highway": "primary_link"}, "70")152 EE.add_rule({"highway": "secondary_link"}, "50")153 EE.add_rule({"highway": "tertiary_link"}, "50")154 EE.add_rule({"highway": "living_street"}, "20")155 """ --- DO NOT MODIFY CODE BELOW THIS LINE --- """156 """ --- ADD YOUR COUNTRY OR STATE ABOVE --- """157 # Final step158 write_json(countries, filename)159def write_json(countries, filename = DEFAULT_OUTPUT_FILENAME):160 out_dict = {}161 for country in countries:162 out_dict.update(country.jsonify())163 json_string = json.dumps(out_dict, indent=2)164 with open(filename, "wb") as f:165 f.write(json_string)166class Region(object):167 ALLOWABLE_TAG_KEYS = ["highway", "zone:traffic", "bicycle_road", "zone:maxspeed"]168 ALLOWABLE_HIGHWAY_TYPES = ["motorway", "trunk", "primary", "secondary", "tertiary", "unclassified", "residential", "service", "motorway_link", "trunk_link", "primary_link", "secondary_link", "tertiary_link", "living_street"]169 def __init__(self, name):170 self.name = name171 self.rules = []172 def add_rule(self, tag_conditions, speed):173 new_rule = {}174 if not isinstance(tag_conditions, dict):175 raise TypeError("Rule tag conditions must be dictionary")176 if not all(tag_key in self.ALLOWABLE_TAG_KEYS for tag_key in tag_conditions):177 raise ValueError("Rule tag keys must be in allowable tag kesy") # If this is by mistake, please update ALLOWABLE_TAG_KEYS178 if 'highway' in tag_conditions:179 if not tag_conditions['highway'] in self.ALLOWABLE_HIGHWAY_TYPES:180 raise ValueError("Invalid Highway type {}".format(tag_conditions["highway"]))181 new_rule['tags'] = tag_conditions182 try:183 new_rule['speed'] = str(speed)184 except ValueError:185 raise ValueError("Rule speed must be string")186 self.rules.append(new_rule)...

Full Screen

Full Screen

temp.py

Source:temp.py Github

copy

Full Screen

1from seccomp import *2import sys3def install_filter():4 rules = SyscallFilter(defaction=KILL)5 rules.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))6 rules.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))7 rules.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))8 rules.add_rule(ALLOW, "fstat")9 rules.add_rule(ALLOW, 'ioctl')10 rules.add_rule(ALLOW, 'sigaltstack')11 rules.add_rule(ALLOW, "rt_sigaction")12 rules.add_rule(ALLOW, "exit_group")13 rules.add_rule(ALLOW, "read")14 rules.add_rule(ALLOW, "stat")15 rules.add_rule(ALLOW, "openat")16 rules.add_rule(ALLOW, "lseek")17 rules.add_rule(ALLOW, "close")18 rules.add_rule(ALLOW, "mmap")19 rules.add_rule(ALLOW, "brk")20 rules.add_rule(ALLOW, "getdents")21 rules.add_rule(ALLOW, "munmap")22 rules.add_rule(ALLOW, "mprotect")23 rules.add_rule(ALLOW, "access")24 rules.add_rule(ALLOW, "futex")25 rules.add_rule(ALLOW, "getrandom")26 rules.add_rule(ALLOW, "getcwd")27 rules.add_rule(ALLOW, "lstat")28 rules.add_rule(ALLOW, "fcntl")29 rules.load()...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run autotest automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful