From bb802daacc8a8ade78c3d3af89cea3e0cad9ca5a Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Mon, 1 Jul 2013 12:31:50 +0200 Subject: [PATCH] Fixed libipsec/rw-suite-b scenario --- .../tests/libipsec/rw-suite-b/evaltest.dat | 2 +- .../rw-suite-b/hosts/carol/etc/iptables.flush | 21 ------------ .../rw-suite-b/hosts/carol/etc/iptables.rules | 32 ------------------- .../rw-suite-b/hosts/moon/etc/iptables.flush | 21 ------------ .../rw-suite-b/hosts/moon/etc/iptables.rules | 32 ------------------- 5 files changed, 1 insertion(+), 107 deletions(-) delete mode 100644 testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.flush delete mode 100644 testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.rules delete mode 100644 testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.flush delete mode 100644 testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.rules diff --git a/testing/tests/libipsec/rw-suite-b/evaltest.dat b/testing/tests/libipsec/rw-suite-b/evaltest.dat index 855f201d37..3c0c03b071 100644 --- a/testing/tests/libipsec/rw-suite-b/evaltest.dat +++ b/testing/tests/libipsec/rw-suite-b/evaltest.dat @@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES moon::tcpdump::IP moon.strongswan.org.4500 > carol.strongswan.org.4500: UDP-encap: ESP::YES -dave:ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP dave.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES moon::tcpdump::IP moon.strongswan.org.4500 > dave.strongswan.org.4500: UDP-encap: ESP::YES diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.flush b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.flush deleted file mode 100644 index b3ab63c512..0000000000 --- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.flush +++ /dev/null @@ -1,21 +0,0 @@ -*filter - --F - --P INPUT ACCEPT --P OUTPUT ACCEPT --P FORWARD ACCEPT - -COMMIT - -*nat - --F - -COMMIT - -*mangle - --F - -COMMIT diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.rules b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.rules deleted file mode 100644 index 3d99c01977..0000000000 --- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/iptables.rules +++ /dev/null @@ -1,32 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow esp --A INPUT -i eth0 -p 50 -j ACCEPT --A OUTPUT -o eth0 -p 50 -j ACCEPT - -# allow IKE --A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - -# allow MobIKE --A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - -# allow ssh --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT - -# allow traffic tunnelled via IPsec --A INPUT -i eth0 -m policy --dir in --pol ipsec --proto esp -j ACCEPT --A OUTPUT -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT - -COMMIT diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.flush b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.flush deleted file mode 100644 index b3ab63c512..0000000000 --- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.flush +++ /dev/null @@ -1,21 +0,0 @@ -*filter - --F - --P INPUT ACCEPT --P OUTPUT ACCEPT --P FORWARD ACCEPT - -COMMIT - -*nat - --F - -COMMIT - -*mangle - --F - -COMMIT diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.rules b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.rules deleted file mode 100644 index cc12d1659d..0000000000 --- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/iptables.rules +++ /dev/null @@ -1,32 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow esp --A INPUT -i eth0 -p 50 -j ACCEPT --A OUTPUT -o eth0 -p 50 -j ACCEPT - -# allow IKE --A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - -# allow MobIKE --A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - -# allow ssh --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT - -# allow traffic tunnelled via IPsec --A FORWARD -i eth0 -o eth1 -m policy --dir in --pol ipsec --proto esp -j ACCEPT --A FORWARD -o eth0 -i eth1 -m policy --dir out --pol ipsec --proto esp -j ACCEPT - -COMMIT -- 2.47.3