From 340b8dbfe22f3d9938c3ad305bee77632b58be5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Wed, 7 Feb 2018 02:44:41 +0100
Subject: [PATCH] tests: add a test for removing expired firewall rules

QubesOS/qubes-issues#1173
---
 qubes/tests/firewall.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/qubes/tests/firewall.py b/qubes/tests/firewall.py
index 3875cafe..ad02afc4 100644
--- a/qubes/tests/firewall.py
+++ b/qubes/tests/firewall.py
@@ -21,6 +21,7 @@
 import datetime
 import os
 
+import asyncio
 import lxml.etree
 import unittest
 
@@ -583,3 +584,24 @@ class TC_10_Firewall(qubes.tests.QubesTestCase):
             '0003': 'action=accept specialtarget=dns',
         }
         self.assertEqual(fw.qdb_entries(), expected_qdb_entries)
+
+    def test_006_auto_expire_rules(self):
+        fw = qubes.firewall.Firewall(self.vm, True)
+        rules = [
+            qubes.firewall.Rule(None, action='drop', proto='icmp'),
+            qubes.firewall.Rule(None, action='drop', proto='tcp', dstports=80),
+            qubes.firewall.Rule(None, action='accept', proto='udp',
+                dstports=67, expire=self.loop.time() + 5),
+            qubes.firewall.Rule(None, action='accept', specialtarget='dns'),
+        ]
+        fw.rules = rules
+        fw.save()
+        self.assertEqual(fw.rules, rules)
+        self.loop.run_until_complete(asyncio.sleep(3))
+        # still old rules should be there
+        self.assertEqual(fw.rules, rules)
+
+        rules.pop(2)
+        self.loop.run_until_complete(asyncio.sleep(3))
+        # expect new rules
+        self.assertEqual(fw.rules, rules)