1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# Create sets and inet rules which call set match
0 ./iptables.sh inet start_flags
# Send probe packet from 10.0.0.0,tcp:1025
0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.0 -p tcp -td 80 -ts 1025 127.0.0.1
# Check that test set matched with --return-nomatch
0 ./check_klog.sh 10.0.0.0 tcp 1025 test-nomatch
# Send probe packet from 10.0.0.1,tcp:1025
0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.1 -p tcp -td 80 -ts 1025 127.0.0.1
# Check that test set matched
0 ./check_klog.sh 10.0.0.1 tcp 1025 test
# Send probe packet from 10.0.0.2,tcp:1025
0 sendip -p ipv4 -id 127.0.0.2 -is 10.0.0.2 -p tcp -td 80 -ts 1025 127.0.0.1
# Check that test set matched with --return-nomatch
0 ./check_klog.sh 10.0.0.2 tcp 1025 test-nomatch
# Send probe packet from 10.0.0.255,tcp:1025
0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.255 -p tcp -td 80 -ts 1025 127.0.0.1
# Check that test set matched with --return-nomatch
0 ./check_klog.sh 10.0.0.255 tcp 1025 test-nomatch
# Send probe packet from 10.0.1.0,tcp:1025
0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.1.0 -p tcp -td 80 -ts 1025 127.0.0.1
# Check that test set matched
0 ./check_klog.sh 10.0.1.0 tcp 1025 test
# Destroy sets and rules
0 ./iptables.sh inet stop
# Create sets and inet rules which call set match, reversed rule order
0 ./iptables.sh inet start_flags_reversed
# Send probe packet from 10.0.0.0,tcp:1025
0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.0 -p tcp -td 80 -ts 1025 127.0.0.1
# Check that test set matched with --return-nomatch
0 ./check_klog.sh 10.0.0.0 tcp 1025 test-nomatch
# Send probe packet from 10.0.0.1,tcp:1025
0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.1 -p tcp -td 80 -ts 1025 127.0.0.1
# Check that test set matched
0 ./check_klog.sh 10.0.0.1 tcp 1025 test
# Send probe packet from 10.0.0.2,tcp:1025
0 sendip -p ipv4 -id 127.0.0.2 -is 10.0.0.2 -p tcp -td 80 -ts 1025 127.0.0.1
# Check that test set matched with --return-nomatch
0 ./check_klog.sh 10.0.0.2 tcp 1025 test-nomatch
# Send probe packet from 10.0.0.255,tcp:1025
0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.0.255 -p tcp -td 80 -ts 1025 127.0.0.1
# Check that test set matched with --return-nomatch
0 ./check_klog.sh 10.0.0.255 tcp 1025 test-nomatch
# Send probe packet from 10.0.1.0,tcp:1025
0 sendip -p ipv4 -id 127.0.0.1 -is 10.0.1.0 -p tcp -td 80 -ts 1025 127.0.0.1
# Check that test set matched
0 ./check_klog.sh 10.0.1.0 tcp 1025 test
# Destroy sets and rules
0 ./iptables.sh inet stop
# eof
|
