diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:08:37 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:08:37 +0000 |
| commit | 971e619d8602fa52b1bfcb3ea65b7ab96be85318 (patch) | |
| tree | 26feb2498c72b796e07b86349d17f544046de279 /tests/py/ip6/masquerade.t.json | |
| parent | Initial commit. (diff) | |
| download | nftables-upstream.tar.xz nftables-upstream.zip | |
Adding upstream version 1.0.9.upstream/1.0.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/py/ip6/masquerade.t.json')
| -rw-r--r-- | tests/py/ip6/masquerade.t.json | 423 |
1 files changed, 423 insertions, 0 deletions
diff --git a/tests/py/ip6/masquerade.t.json b/tests/py/ip6/masquerade.t.json new file mode 100644 index 0000000..824b44f --- /dev/null +++ b/tests/py/ip6/masquerade.t.json @@ -0,0 +1,423 @@ +# udp dport 53 masquerade +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "masquerade": null + } +] + +# udp dport 53 masquerade random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "masquerade": { + "flags": "random" + } + } +] + +# udp dport 53 masquerade random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade random,persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random" + ] + } + } +] + +# udp dport 53 masquerade random,fully-random,persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "random", + "fully-random", + "persistent" + ] + } + } +] + +# udp dport 53 masquerade persistent +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "masquerade": { + "flags": "persistent" + } + } +] + +# udp dport 53 masquerade persistent,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "random" + ] + } + } +] + +# udp dport 53 masquerade persistent,random,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "random", + "fully-random" + ] + } + } +] + +# udp dport 53 masquerade persistent,fully-random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "fully-random" + ] + } + } +] + +# udp dport 53 masquerade persistent,fully-random,random +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "masquerade": { + "flags": [ + "persistent", + "fully-random", + "random" + ] + } + } +] + +# meta l4proto 6 masquerade to :1024 +[ + { + "match": { + "left": { + "meta": { "key": "l4proto" } + }, + "op": "==", + "right": 6 + } + }, + { + "masquerade": { + "port": 1024 + } + } +] + +# meta l4proto 6 masquerade to :1024-2048 +[ + { + "match": { + "left": { + "meta": { "key": "l4proto" } + }, + "op": "==", + "right": 6 + } + }, + { + "masquerade": { + "port": { + "range": [ 1024, 2048 ] + } + } + } +] + +# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade +[ + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": { + "set": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 101, + 202, + 303, + 1001, + 2002, + 3003 + ] + } + } + }, + { + "masquerade": null + } +] + +# ip6 daddr fe00::1-fe00::200 udp dport 53 counter masquerade +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip6" + } + }, + "op": "==", + "right": { + "range": [ "fe00::1", "fe00::200" ] + } + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 53 + } + }, + { + "counter": null + }, + { + "masquerade": null + } +] + +# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade +[ + { + "match": { + "left": { + "meta": { "key": "iifname" } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "ct": { + "key": "state" + } + }, + "op": "in", + "right": [ + "established", + "new" + ] + } + }, + { + "vmap": { + "key": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "data": { + "set": [ + [ + 22, + { + "drop": null + } + ], + [ + 222, + { + "drop": null + } + ] + ] + } + } + }, + { + "masquerade": null + } +] + |