From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Mon, 1 Jul 2013 10:31:50 +0000 (+0200)
Subject: Fixed libipsec/rw-suite-b scenario
X-Git-Tag: 5.1.0dr1~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bb802daacc8a8ade78c3d3af89cea3e0cad9ca5a;p=thirdparty%2Fstrongswan.git

Fixed libipsec/rw-suite-b scenario
---

diff --git a/testing/tests/libipsec/rw-suite-b/evaltest.dat b/testing/tests/libipsec/rw-suite-b/evaltest.dat
index 855f201d37..3c0c03b071 100644
--- a/testing/tests/libipsec/rw-suite-b/evaltest.dat
+++ b/testing/tests/libipsec/rw-suite-b/evaltest.dat
@@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES
 moon::tcpdump::IP moon.strongswan.org.4500 > carol.strongswan.org.4500: UDP-encap: ESP::YES
-dave:ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP dave.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES
 moon::tcpdump::IP moon.strongswan.org.4500 > dave.strongswan.org.4500: UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.flush b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.flush
deleted file mode 100644
index b3ab63c512..0000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.flush
+++ /dev/null
@@ -1,21 +0,0 @@
-*filter
-
--F
-
--P INPUT ACCEPT
--P OUTPUT ACCEPT
--P FORWARD ACCEPT
-
-COMMIT
-
-*nat
-
--F
-
-COMMIT
-
-*mangle
-
--F
-
-COMMIT
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.rules b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.rules
deleted file mode 100644
index 3d99c01977..0000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.rules
+++ /dev/null
@@ -1,32 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow esp
--A INPUT  -i eth0 -p 50 -j ACCEPT
--A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-# allow IKE
--A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-# allow MobIKE
--A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-# allow ssh
--A INPUT  -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-# allow traffic tunnelled via IPsec
--A INPUT  -i eth0 -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
--A OUTPUT -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.flush b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.flush
deleted file mode 100644
index b3ab63c512..0000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.flush
+++ /dev/null
@@ -1,21 +0,0 @@
-*filter
-
--F
-
--P INPUT ACCEPT
--P OUTPUT ACCEPT
--P FORWARD ACCEPT
-
-COMMIT
-
-*nat
-
--F
-
-COMMIT
-
-*mangle
-
--F
-
-COMMIT
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.rules b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.rules
deleted file mode 100644
index cc12d1659d..0000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.rules
+++ /dev/null
@@ -1,32 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow esp
--A INPUT  -i eth0 -p 50 -j ACCEPT
--A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-# allow IKE
--A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-# allow MobIKE
--A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-# allow ssh
--A INPUT  -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-# allow traffic tunnelled via IPsec
--A FORWARD -i eth0 -o eth1 -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
--A FORWARD -o eth0 -i eth1 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-
-COMMIT