rename `actionoptions` to `actiontype` in pf-action (multiport) + fixed test cases

2016-05-17 20:51:12 +02:00 · 2016-05-17 20:51:12 +02:00 · 1e7fd26f5f
parent e74047ae49
commit 1e7fd26f5f
2 changed files with 24 additions and 5 deletions
--- a/config/action.d/pf.conf
+++ b/config/action.d/pf.conf
@ -16,7 +16,7 @@
 # we don't enable PF automatically; to enable run pfctl -e 
 # or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD)
 actionstart = echo "table <<tablename>-<name>> persist counters" | pfctl -f- 
-              echo "block proto <protocol> from <<tablename>-<name>> to any <actionoptions>" | pfctl -f-
+              echo "block proto <protocol> from <<tablename>-<name>> to any<actiontype>" | pfctl -f-


 # Option:  actionstop
@ -78,5 +78,5 @@ protocol = tcp
 #
 port = telnet

-actionoptions = 
-multiport = port <port>
+actiontype = 
+multiport = <sp>port <port>
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@ -1372,12 +1372,12 @@ class ServerConfigReaderTests(LogCaptureTestCase):
 						r"`echo -2001:db8:: > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`",
 					),					
 				}),
-				# pf --
+				# pf allports --
 				('j-w-pf', 'pf[name=%(__name__)s]', {
 					'ip4': (), 'ip6': (),
 					'start': (
 						'`echo "table <f2b-j-w-pf> persist counters" | pfctl -f-`',
-						'`echo "block proto tcp from <f2b-j-w-pf> to any port any" | pfctl -f-`',
+						'`echo "block proto tcp from <f2b-j-w-pf> to any" | pfctl -f-`',
 					),
 					'stop': (
 						'`pfctl -sr 2>/dev/null | grep -v f2b-j-w-pf | pfctl -f-`',
@ -1391,6 +1391,25 @@ class ServerConfigReaderTests(LogCaptureTestCase):
 					'ip6-ban':   ("`pfctl -t f2b-j-w-pf -T add 2001:db8::`",),
 					'ip6-unban': ("`pfctl -t f2b-j-w-pf -T delete 2001:db8::`",),
 				}),
+				# pf multiport --
+				('j-w-pf-mp', 'pf[actiontype=<multiport>][name=%(__name__)s, port=http]', {
+					'ip4': (), 'ip6': (),
+					'start': (
+						'`echo "table <f2b-j-w-pf-mp> persist counters" | pfctl -f-`',
+						'`echo "block proto tcp from <f2b-j-w-pf-mp> to any port http" | pfctl -f-`',
+					),
+					'stop': (
+						'`pfctl -sr 2>/dev/null | grep -v f2b-j-w-pf-mp | pfctl -f-`',
+						'`pfctl -t f2b-j-w-pf-mp -T flush`',
+						'`pfctl -t f2b-j-w-pf-mp -T kill`',
+					),
+					'ip4-check': ("`pfctl -sr | grep -q f2b-j-w-pf-mp`",),
+					'ip6-check': ("`pfctl -sr | grep -q f2b-j-w-pf-mp`",),
+					'ip4-ban':   ("`pfctl -t f2b-j-w-pf-mp -T add 192.0.2.1`",),
+					'ip4-unban': ("`pfctl -t f2b-j-w-pf-mp -T delete 192.0.2.1`",),
+					'ip6-ban':   ("`pfctl -t f2b-j-w-pf-mp -T add 2001:db8::`",),
+					'ip6-unban': ("`pfctl -t f2b-j-w-pf-mp -T delete 2001:db8::`",),
+				}),
 				# firewallcmd-multiport --
 				('j-w-fwcmd-mp', 'firewallcmd-multiport[name=%(__name__)s, bantime="600", port="http,https", protocol="tcp", chain="INPUT"]', {
 					'ip4': (' ipv4 ', 'icmp-port-unreachable'), 'ip6': (' ipv6 ', 'icmp6-port-unreachable'),