ahdoawhfo/IPTables-Management
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Fix FORWARD-drop reply handling

Browse Source
This commit is contained in:
ahdoawhfo
2026-04-17 12:10:11 +08:00
parent 479c416b2f
commit 87ee5283c8
6 changed files with 61 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tests/test_rules_unit.sh
View File

@@ -62,15 +62,17 @@ reset_mock_state
uuid_v4=$(cmd_add_batch tcp 8080 127.0.0.1 80 4 'web service')
line_v4=$(storage_get "${uuid_v4}")
assert_eq '1' "$(storage_count)" 'cmd_add_batch should persist one rule'
assert_eq '3' "$(grep -Ec '^iptables ' "${IPTABLES_MOCK_LOG}")" 'tcp/ipv4 add should emit three iptables commands'
assert_eq '4' "$(grep -Ec '^iptables ' "${IPTABLES_MOCK_LOG}")" 'tcp/ipv4 add should emit four iptables commands'
assert_contains "${line_v4}" "uuid=${uuid_v4}" 'stored line should contain generated uuid'
assert_eq '1' "$(grep -Ec 'persist-mock\.sh save' "${PERSIST_MOCK_LOG}")" 'successful add should trigger persist_save'
assert_contains "$(ipt_find_by_uuid "${uuid_v4}")" "MGMT:${uuid_v4}" 'ipt_find_by_uuid should locate saved mock rules'
assert_contains "$(cat "${IPTABLES_MOCK_LOG}")" '--sport 80' 'add should include reply-direction FORWARD rule'
assert_eq '✓' "$(rule_health_mark "${line_v4}")" 'healthy runtime rule should show ok marker'
"${IPTABLES_BIN}" -t nat -D PREROUTING \
-p tcp --dport 8080 \
-j DNAT --to-destination 127.0.0.1:80 \
"${IPTABLES_BIN}" -D FORWARD \
-p tcp -s 127.0.0.1 --sport 80 \
-m conntrack --ctstate ESTABLISHED,RELATED \
-j ACCEPT \
-m comment --comment "MGMT:${uuid_v4}"
assert_contains "$(ipt_find_by_uuid "${uuid_v4}")" "MGMT:${uuid_v4}" 'partial runtime loss should still leave uuid-tagged rules'
assert_eq '!' "$(rule_health_mark "${line_v4}")" 'partial runtime loss should mark rule unhealthy'
@@ -80,11 +82,11 @@ list_output=$(cmd_list 0)
reset_mock_state
uuid_both=$(cmd_add_batch both 5353 '127.0.0.1,::1' 53 both 'dual stack dns')
add_count=$(grep -Ec '^(iptables|ip6tables) ' "${IPTABLES_MOCK_LOG}")
assert_eq '12' "${add_count}" 'both/both add should emit twelve commands'
assert_eq '16' "${add_count}" 'both/both add should emit sixteen commands'
cmd_delete_uuid "${uuid_both}"
del_count=$(grep -Ec ' -D ' "${IPTABLES_MOCK_LOG}")
assert_eq '12' "${del_count}" 'deleting both/both rule should emit twelve delete commands'
assert_eq '16' "${del_count}" 'deleting both/both rule should emit sixteen delete commands'
assert_eq '0' "$(storage_count)" 'cmd_delete_uuid should remove rule from storage'
reset_mock_state