tools/qvm-firewall: add dst4 and dst6 as synonyms for dsthost
This commit is contained in:
parent
ed9b42d5b4
commit
00fbfdd77a
@ -66,6 +66,12 @@ further rules are not evaluated. If none of the rules match, default action
|
||||
Supported matches:
|
||||
- ``dsthost`` - destination host or network. Can be either IP address in CIDR
|
||||
notation, or a host name. Both IPv4 and IPv6 are supported by the rule syntax.
|
||||
In order to allow reuse of ``--raw`` output, ``dst4`` and ``dst6`` are accepted
|
||||
as synonyms.
|
||||
|
||||
- ``dst4`` - see ``dsthost``
|
||||
|
||||
- ``dst6`` - see ``dsthost``
|
||||
|
||||
- ``proto`` - specific IP protocol. Supported values: ``tcp``, ``udp``,
|
||||
``icmp``.
|
||||
|
@ -88,6 +88,14 @@ class TC_00_RuleAction(qubesadmin.tests.QubesTestCase):
|
||||
None, action='accept', dsthost='127.0.0.1/32',
|
||||
expire=now+100))
|
||||
|
||||
def test_006_dsthost_aliases(self):
|
||||
ns = argparse.Namespace()
|
||||
for name in ['dsthost', 'dst4', 'dst6']:
|
||||
self.action(None, ns, [name + '=127.0.0.1', 'accept'])
|
||||
self.assertEqual(ns.rule,
|
||||
qubesadmin.firewall.Rule(
|
||||
None, action='accept', dsthost='127.0.0.1/32'))
|
||||
|
||||
|
||||
class TC_10_qvm_firewall(qubesadmin.tests.QubesTestCase):
|
||||
def setUp(self):
|
||||
|
@ -56,6 +56,8 @@ class RuleAction(argparse.Action):
|
||||
else:
|
||||
raise argparse.ArgumentError(None,
|
||||
'invalid rule description: {}'.format(opt))
|
||||
if key in ['dst4', 'dst6']:
|
||||
key = 'dsthost'
|
||||
if key not in allowed_opts:
|
||||
raise argparse.ArgumentError(None,
|
||||
'Invalid rule element: {}'.format(opt))
|
||||
@ -87,6 +89,8 @@ interchangeably.
|
||||
|
||||
Available rules:
|
||||
action: accept or drop
|
||||
dst4 synonym for dsthost
|
||||
dst6 synonym for dsthost
|
||||
dsthost IP, network or hostname
|
||||
(e.g. 10.5.3.2, 192.168.0.0/16,
|
||||
www.example.com, fd00::/8)
|
||||
|
Loading…
Reference in New Issue
Block a user