Commit c2458d2267d60ca1bd2edba39cb0b4a881a19cbc
- Diff rendering mode:
- inline
- side by side
iptables.treetop
(14 / 3)
| 1 | 1 | grammar IPTables | |
| 2 | 2 | rule exp | |
| 3 | target space action space ip space 'to' space ip space proto+ state? | ||
| 3 | target s action s src:ip s 'to' s dst:ip s proto:proto+ state:state? { | ||
| 4 | def eval | ||
| 5 | ds = Hash.new | ||
| 6 | ds['target'] = target.text_value.to_s | ||
| 7 | ds['action'] = action.text_value.to_s | ||
| 8 | ds['src_ip'] = src.text_value.to_s | ||
| 9 | ds['dst_ip'] = dst.text_value.to_s | ||
| 10 | ds['proto'] = proto.text_value.to_s.strip | ||
| 11 | ds['state'] = state.text_value.to_s if defined?(state) | ||
| 12 | ds | ||
| 13 | end | ||
| 14 | } | ||
| 4 | 15 | end | |
| 5 | 16 | ||
| 6 | rule space | ||
| 17 | rule s | ||
| 7 | 18 | ' '* | |
| 8 | 19 | end | |
| 9 | 20 | ||
| … | … | ||
| 43 | 43 | end | |
| 44 | 44 | ||
| 45 | 45 | rule proto | |
| 46 | ( "tcp" / "udp" / "icmp" ) space? | ||
| 46 | ( "tcp" / "udp" / "icmp" ) s? | ||
| 47 | 47 | end | |
| 48 | 48 | ||
| 49 | 49 | rule state |
test.rb
(25 / 1)
| 5 | 5 | class IPTablesParserTest < Test::Unit::TestCase | |
| 6 | 6 | def setup | |
| 7 | 7 | @parser = IPTablesParser.new | |
| 8 | |||
| 9 | @test_data = Hash.new | ||
| 10 | |||
| 11 | @test_data["forward allow 10.0.0.0/8 to 192.168.0.1:8080 udp tcp state"] = { | ||
| 12 | "dst_ip" => "192.168.0.1:8080", "src_ip" => "10.0.0.0/8", | ||
| 13 | "action" => "allow", "target" => "forward", "state" => "state", | ||
| 14 | "proto" => "udp tcp" } | ||
| 15 | @test_data["forward allow 10.0.0.0/8 to 192.168.0.1:8080 tcp udp state"] = { | ||
| 16 | "dst_ip" => "192.168.0.1:8080", "src_ip" => "10.0.0.0/8", | ||
| 17 | "action" => "allow", "target" => "forward", "state" => "state", | ||
| 18 | "proto" => "tcp udp" } | ||
| 19 | @test_data["input deny 10.0.0.0:8 to 192.168.0.1/32 tcp"] = { | ||
| 20 | "dst_ip" => "192.168.0.1/32", "src_ip" => "10.0.0.0:8", | ||
| 21 | "action" => "deny", "target" => "input", "state" => "", | ||
| 22 | "proto" => "tcp" } | ||
| 23 | @test_data["output reject 10.0.0.0/8 to 192.168.0.1/32:8080 tcp"] = { | ||
| 24 | "dst_ip" => "192.168.0.1/32:8080", "src_ip" => "10.0.0.0/8", | ||
| 25 | "action" => "reject", "target" => "output", "state" => "", | ||
| 26 | "proto" => "tcp" } | ||
| 8 | 27 | end | |
| 9 | 28 | ||
| 10 | def test_ipaddr | ||
| 29 | def test_parses_okay | ||
| 11 | 30 | assert_not_nil @parser.parse "forward allow 10.0.0.0/8 to 192.168.0.1:8080 udp tcp state" | |
| 12 | 31 | assert_not_nil @parser.parse "forward log 10.0.0.0:8 to 192.168.0.1/32 udp icmp tcp" | |
| 13 | 32 | assert_not_nil @parser.parse "forward log 10.0.0.0:8 to 192.168.0.1 tcp state" | |
| 14 | 33 | end | |
| 15 | 34 | ||
| 35 | def test_results | ||
| 36 | @test_data.each_key do |t| | ||
| 37 | assert_equal @test_data[t], @parser.parse(t).eval | ||
| 38 | end | ||
| 39 | end | ||
| 16 | 40 | end |
