Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

tests: add a test for removing expired firewall rules

Browse Source 
QubesOS/qubes-issues#1173
This commit is contained in:
Marek Marczykowski-Górecki 2018-02-07 02:44:41 +01:00
parent 5e89b23288
commit 340b8dbfe2
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
qubes/tests/firewall.py
View File

@ -21,6 +21,7 @@
import datetime import datetime
import os import os
import asyncio
import lxml.etree import lxml.etree
import unittest import unittest
@ -583,3 +584,24 @@ class TC_10_Firewall(qubes.tests.QubesTestCase):
'0003': 'action=accept specialtarget=dns', '0003': 'action=accept specialtarget=dns',
} }
self.assertEqual(fw.qdb_entries(), expected_qdb_entries) self.assertEqual(fw.qdb_entries(), expected_qdb_entries)
def test_006_auto_expire_rules(self):
fw = qubes.firewall.Firewall(self.vm, True)
rules = [
qubes.firewall.Rule(None, action='drop', proto='icmp'),
qubes.firewall.Rule(None, action='drop', proto='tcp', dstports=80),
qubes.firewall.Rule(None, action='accept', proto='udp',
dstports=67, expire=self.loop.time() + 5),
qubes.firewall.Rule(None, action='accept', specialtarget='dns'),
]
fw.rules = rules
fw.save()
self.assertEqual(fw.rules, rules)
self.loop.run_until_complete(asyncio.sleep(3))
# still old rules should be there
self.assertEqual(fw.rules, rules)
rules.pop(2)
self.loop.run_until_complete(asyncio.sleep(3))
# expect new rules
self.assertEqual(fw.rules, rules)