From 933613e6a35fb116657bb733b675387257675eb4 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Wed, 16 Oct 2024 10:31:21 +0200 Subject: [PATCH] test: new basic firewall container test Fix #598 Signed-off-by: Joachim Wiberg --- test/case/infix_containers/Readme.adoc | 2 + .../container_firewall_basic/Readme.adoc | 54 +++++ .../container_firewall_basic/test.py | 197 ++++++++++++++++++ .../container_firewall_basic/topology.dot | 24 +++ .../container_firewall_basic/topology.png | Bin 0 -> 8613 bytes .../infix_containers/infix_containers.yaml | 4 + test/infamy/container.py | 1 + 7 files changed, 282 insertions(+) create mode 100644 test/case/infix_containers/container_firewall_basic/Readme.adoc create mode 100755 test/case/infix_containers/container_firewall_basic/test.py create mode 100644 test/case/infix_containers/container_firewall_basic/topology.dot create mode 100644 test/case/infix_containers/container_firewall_basic/topology.png diff --git a/test/case/infix_containers/Readme.adoc b/test/case/infix_containers/Readme.adoc index 4eb951db7..93d82db90 100644 --- a/test/case/infix_containers/Readme.adoc +++ b/test/case/infix_containers/Readme.adoc @@ -10,3 +10,5 @@ include::container_bridge/Readme.adoc[] include::container_phys/Readme.adoc[] include::container_veth/Readme.adoc[] + +include::container_firewall_basic/Readme.adoc[] diff --git a/test/case/infix_containers/container_firewall_basic/Readme.adoc b/test/case/infix_containers/container_firewall_basic/Readme.adoc new file mode 100644 index 000000000..296d03096 --- /dev/null +++ b/test/case/infix_containers/container_firewall_basic/Readme.adoc @@ -0,0 +1,54 @@ +=== Basic Firewall Container +==== Description +Verify that an nftables container can be used for IP masquerading and +port forwarding to another container running a basic web server. + +.... + <--- Docker containers ---> +.-------------. .----------------------. .--------..---------------. +| | mgmt |------------| mgmt | | | | fire || | web | +| host | data |------------| ext0 | target | int0 | | wall || eth0 | server | +'-------------'.42 .1'----------------------' '--------''---------------' + \ .1 .2 / + 192.168.0.0/24 \ 10.0.0.0/24 / + `-- VETH pair --' +.... + +The web server container is connected to the target on an internal +network, using a VETH pair, serving HTTP on port 91. + +The firewall container sets up a port forward with IP masquerding +to/from `ext0:8080` to 10.0.0.2:91. + +Correct operation is verified using HTTP GET requests for internal port +91 and external port 8080, to ensure the web page, with a known key +phrase, is only reachable from the public interface `ext0`, on +192.168.0.1:8080. + +==== Topology +ifdef::topdoc[] +image::../../test/case/infix_containers/container_firewall_basic/topology.png[Basic Firewall Container topology] +endif::topdoc[] +ifndef::topdoc[] +ifdef::testgroup[] +image::container_firewall_basic/topology.png[Basic Firewall Container topology] +endif::testgroup[] +ifndef::testgroup[] +image::topology.png[Basic Firewall Container topology] +endif::testgroup[] +endif::topdoc[] +==== Test sequence +. Set up topology and attach to target DUT +. Set hostname to 'container-host' +. Create VETH pair for web server container +. Create firewall container from bundled OCI image +. Create web server container from bundled OCI image +. Verify firewall container has started +. Verify web container has started +. Verify connectivity, host can reach target:ext0 +. Verify 'web' is NOT reachable on http://container-host.local:91 +. Verify 'web' is reachable on http://container-host.local:8080 + + +<<< + diff --git a/test/case/infix_containers/container_firewall_basic/test.py b/test/case/infix_containers/container_firewall_basic/test.py new file mode 100755 index 000000000..0f1c9d0a9 --- /dev/null +++ b/test/case/infix_containers/container_firewall_basic/test.py @@ -0,0 +1,197 @@ +#!/usr/bin/env python3 +r"""Basic Firewall Container + +Verify that an nftables container can be used for IP masquerading and +port forwarding to another container running a basic web server. + +.... + <--- Docker containers ---> +.-------------. .----------------------. .--------..---------------. +| | mgmt |------------| mgmt | | | | fire || | web | +| host | data |------------| ext0 | target | int0 | | wall || eth0 | server | +'-------------'.42 .1'----------------------' '--------''---------------' + \ .1 .2 / + 192.168.0.0/24 \ 10.0.0.0/24 / + `-- VETH pair --' +.... + +The web server container is connected to the target on an internal +network, using a VETH pair, serving HTTP on port 91. + +The firewall container sets up a port forward with IP masquerding +to/from `ext0:8080` to 10.0.0.2:91. + +Correct operation is verified using HTTP GET requests for internal port +91 and external port 8080, to ensure the web page, with a known key +phrase, is only reachable from the public interface `ext0`, on +192.168.0.1:8080. + +""" +import infamy +from infamy.util import until, to_binary + + +with infamy.Test() as test: + NFTABLES = f"oci-archive:{infamy.Container.NFTABLES_IMAGE}" + HTTPD = f"oci-archive:{infamy.Container.HTTPD_IMAGE}" + WEBIP = "10.0.0.2" + INTIP = "10.0.0.1" + EXTIP = "192.168.0.1" + OURIP = "192.168.0.42" + WEBNM = "web" + NFTNM = "firewall" + GOOD_URL = f"http://{EXTIP}:8080/index.html" + BAD_URL = f"http://{EXTIP}:91/index.html" + + with test.step("Set up topology and attach to target DUT"): + env = infamy.Env() + target = env.attach("target", "mgmt") + _, ext0 = env.ltop.xlate("target", "ext0") + _, hport = env.ltop.xlate("host", "data") + addr = target.get_mgmt_ip() + + if not target.has_model("infix-containers"): + test.skip() + + with test.step("Set hostname to 'container-host'"): + target.put_config_dict("ietf-system", { + "system": { + "hostname": "container-host" + } + }) + + with test.step("Create VETH pair for web server container"): + target.put_config_dict("ietf-interfaces", { + "interfaces": { + "interface": [ + { + "name": f"{ext0}", + "ipv4": { + "forwarding": True, + "address": [{ + "ip": f"{EXTIP}", + "prefix-length": 24 + }] + } + }, + { + "name": "int0", + "type": "infix-if-type:veth", + "enabled": True, + "infix-interfaces:veth": { + "peer": f"{WEBNM}" + }, + "ipv4": { + "forwarding": True, + "address": [{ + "ip": f"{INTIP}", + "prefix-length": 24, + }] + } + }, + { + "name": f"{WEBNM}", + "type": "infix-if-type:veth", + "enabled": True, + "infix-interfaces:veth": { + "peer": "int0" + }, + "ipv4": { + "address": [{ + "ip": f"{WEBIP}", + "prefix-length": 24, + }] + }, + "container-network": {} + }, + ] + } + }) + + with test.step("Create firewall container from bundled OCI image"): + # Store the nftables .conf file contents as a multi-line string + config = to_binary(f"""#!/usr/sbin/nft -f + +flush ruleset + +define WAN = "{ext0}" +define INT = "int0" +define WIP = "{WEBIP}" + """ + """ + +table ip nat { + chain prerouting { + type nat hook prerouting priority 0; policy accept; + iifname $WAN tcp dport 8080 dnat to $WIP:91 + } + + chain postrouting { + type nat hook postrouting priority 100; policy accept; + oifname $WAN masquerade + oifname $INT masquerade + } +} +""") + + target.put_config_dict("infix-containers", { + "containers": { + "container": [ + { + "name": f"{NFTNM}", + "image": f"{NFTABLES}", + "network": { + "host": True + }, + "mount": [ + { + "name": "nftables.conf", + "content": config, + "target": "/etc/nftables.conf" + } + ], + "privileged": True + } + ] + } + }) + + with test.step("Create web server container from bundled OCI image"): + target.put_config_dict("infix-containers", { + "containers": { + "container": [ + { + "name": f"{WEBNM}", + "image": f"{HTTPD}", + "command": "/usr/sbin/httpd -f -v -p 91", + "network": { + "interface": [ + {"name": f"{WEBNM}"} + ] + } + } + ] + } + }) + + with test.step("Verify firewall container has started"): + c = infamy.Container(target) + until(lambda: c.running(NFTNM), attempts=10) + + with test.step("Verify web container has started"): + c = infamy.Container(target) + until(lambda: c.running(WEBNM), attempts=10) + + with infamy.IsolatedMacVlan(hport) as ns: + NEEDLE = "tiny web server from the curiOS docker" + ns.addip(OURIP) + with test.step("Verify connectivity, host can reach target:ext0"): + ns.must_reach(EXTIP) + with test.step("Verify 'web' is NOT reachable on http://container-host.local:91"): + url = infamy.Furl(BAD_URL) + until(lambda: not url.nscheck(ns, NEEDLE)) + with test.step("Verify 'web' is reachable on http://container-host.local:8080"): + url = infamy.Furl(GOOD_URL) + until(lambda: url.nscheck(ns, NEEDLE)) + + test.succeed() diff --git a/test/case/infix_containers/container_firewall_basic/topology.dot b/test/case/infix_containers/container_firewall_basic/topology.dot new file mode 100644 index 000000000..19ab78607 --- /dev/null +++ b/test/case/infix_containers/container_firewall_basic/topology.dot @@ -0,0 +1,24 @@ +graph "1x2" { + layout="neato"; + overlap="false"; + esep="+80"; + + node [shape=record, fontname="DejaVu Sans Mono, Book"]; + edge [color="cornflowerblue", penwidth="2", fontname="DejaVu Serif, Book"]; + + host [ + label="host | { mgmt | data }", + pos="0,12!", + kind="controller", + ]; + + target [ + label="{ mgmt | ext0 } | target", + pos="10,12!", + + kind="infix", + ]; + + host:mgmt -- target:mgmt [kind=mgmt, color=lightgrey] + host:data -- target:ext0 [color=black, headlabel=".1 ", taillabel=" .2", label="\n 192.168.0.1/24 "] +} diff --git a/test/case/infix_containers/container_firewall_basic/topology.png b/test/case/infix_containers/container_firewall_basic/topology.png new file mode 100644 index 0000000000000000000000000000000000000000..31229f672f539855c24d7308091da7778dd22d53 GIT binary patch literal 8613 zcma)icRZEh-~XYKC|gmovS(Q#98M&ZUC1hA%igmb**j6jA)Blu$;!%+Y?3{az4x)s z^YQ)u^ZPx2J$J7cx^u4ky07c=d9SNbbydYnBv(lg2*f3&`|_Fy1feMWY)VWBUzd^Q z7vUR`iHf2;0)P4^y*4) zO*~@BQkbDy`s9xOJ#0AhnBPWU+xSa=!57p+D&=0gM?CD>VhV{$eG1OFV@IRIqqH@b zTcQII2Q~Qj63(+y7|$e}OWK?P7b=5-0Hz@Hnr8*RAp*!`{a|Ly;mk<59itF~fty%X zNnG3U;hwLrZ#FH-e0Q;7^{Oy-|eQ9MshD_I0?|9tX(d+|A9+ z_4Rc>^8CH*|6EFU!i*>w8I6pL1Xj3U+=PULsi`R+8ROxX_ZO#{g7;R(;@xO^_tvMH zs@>P(ROVNB4QstB>ZccYJ3BiqWql|}f>>855HVH_4Gm#oVZBi(*45S3fq{WDlY7dj zeW@6g$rEartKM1M1$YgzV9OtE#Gc{P?l0nD^oC zihzIsJ3G6eah;2^vwpSPN<61ph_(Gh-SNrc+RDm`p`oFcme$%tJv_p7WmweliO1e* zD!h6^!occSH6^P4Xfu4EJ}y2!d#8bbPJ6Z^d2VjbefHNoc9plIUmY`xidNbM>kYox z4(%)rhDs8?oSbe6Z-2}0?BY`6vY_egTng3 zckfo(jqI+D-ATC*^As?y`}pzW(cfs~kLKq6{r$=98-An&1O!S-O8fR&!otGSHg%@0 zQ78D)Gi{SA$Y+d{8p_zw!<1_lOve0)boN9(sq_fk4B$a)`~6FR20wiZ_MzV*VlbJWz-+iQb9 z%^{Ry$L|9>FYX?ptJh&4IT^{XiCtuA{^zu`w8YEH`|#mIN2kW+l@*0ett4G)+lF$*m%t&{Kb=g&9v=MUEj5Nm@wiJvPf9vK<=VPjb2efQtDhct})FGi?y zG06CQO-V7((1=y%V%x3a;^CpHKR12LuUeLQ{srB}#s+Mvo1^2x>NNtobrVz5%nu*f ztO)#-pqWWYNmW!-TwPrqJ(2z$au!71_PnwFvo#& z8IYrvo(YkDd$K{6r%%)K^5_^Di!(EYEjk&J@Mi;-|I~Pv7Zg~VnPt6w`+Iw# zPmk}hzP^6fdm&L#enCNtGTpat-`>P4ImKYUeR7y;+?wlxCD+l`HhccO1B0AsZzpA8 z6BL{%a-*T4AtWSx^X5$&(%)~cGj(Rh?DPQ<-QC?Gk&y#EJ^6)&?N}_Ggi{ss`13BW3q+2(* zx!bTHH*cCv$|z7CFIaDh433W0z>@?8qr2v=UA=mlh9=#=e%9nm z0R6RViErOtzI^$2e?ReA!XtrhXB1V<_b=g`T89?UTz~I6hb^!QpWGj#^rMpPsi4yKe>yrI-o1M_jD-N<1v~WSEX6EtNHGX znM44W661QK$B%QevdpZk0G9YRjRX>}L6J*4v&sL=nsvGx~xZ!9T?bwLFI!$7)+o0NDTY}tI$;P{{4G5 zx)p%=ma4Ab;eT&rkv8lTBP4rHe^g1?pfvo2tM%I9Db~`|+}vnoiZ}kCnGXxh`Vf|l zo{kP$Gq14luQd(Hx!a9%TRJ614{K6eOj4!2FSEGJ{-U2=k&}~~nQ$Ws`efQlwh_4e z+jHI%zc5^3V?SQAvAvz8nU6nS^Tz|#r>Cb!Uc1eTHmdWfa{8w%ka)-RM}%IvIc#rG zaIkTmkLTu0oA=&oi~Zi_WF)6-K`wKIZV_}8yrZxRx0tgQicyHX@f zp|~t8ID6BRlau4(;sOH$fmfj&m6R@^xR{xl+1StxPsQ)tDa_9wtMR1X3nm8Hvoc(v z&EvW;-2%n2v$GQ$8=I?|`d;Yy&x4(%mJ6S}v26wV$DFjZ35kNn(^NGZZHohi8+|tv zqnOc;VX_p&4ocS6JVB_Q{(iQr&;g=CLaevF*T$t8qZI`j%D;kcnz$AhBKOCCxXd*8 z!-o%{p>0vu@3<}h$tWo)Nl!1epOBdbRXUWImKIf#+HLuH?=hqHF((RzB1Fy4_hhaZ z^9Txdb#~Ul-oOfwU6-6$SvelEz_6g}P7Z9GMEUvoi2|qQ=kFVAOmE@T(xhM=#luIx zxsoPUe*QdpC?t<>YixXl%822-GDRAym8(iCj1|~6$G7$L#OjXv?Jf^#^HdZRkRUsL z{zMV`p5W%1KNSE)<>cf*Z2>wp29_uC=}}QqQc_Ww*x5ynl$DmwJKkjG;4p`Nc=__> zK6iAh{wK50=;$s*Cg0C~$6gCRhyujPm}D3zC?=Pds-aq-B9-o>kVmJajDqaw?dwzc zIbu)PJ3Q=lux(}1=EjpC`K%EQ&jgLbt(EgD_0E+_5z1!f&kUh z3gv4w6M}NX`N$ac)n3_=LQeU{-U339kf?HB8=uMr*+t9}Tco$HZA}&&xYdW-nv0B# z>`J{;`Mmuyx*I6aeRZ_TV`G}J^#-eyR0=jKuwi#)1YQy)mEE@hyYtoY?>!F>@fpr_ zx$c31j;<~yG21@?1}*-HadDaxLH+i&wzh2c&F$^H($dgp{03ju4GmLOa|iqT_i?xi zV*m?7L$iORX!W~y1J$``aAQC*Y>b10gIloO#Z^@}FjUjQ8R_Xa0fRl0leKsp~Aw$p=*rm{UUWfZEkNj(+&?0+uGT= zy11BkrnH%q0r}&Pw$#wwPzLhvdj|*ox94L)4wRMMN>xq#d6Y}80i?drmkUy|%^9o| zlccn?G*5yTR23*w&^z$LTEr9H3I{mkSj334m6Po(NGa6n3H&T=gP{x<)QMnAn0`V2|FhT2anxlJ=jM* zy>}lzOn=lXhmr}=S#UW3YDts!ehXcsp>fN)KMyd??d!d!Fk0S-$jBjEF{2X3S!8XZ zI+sD^3qv3{O--s_{)A5_H}>|7%S;r!yd*n2khAzd6s5Z6tNgbzzW9EZXYo z-Q>ZmsmG#3rAbM2BtgAXA&KO#Fc@Q9U0nd~@h3$Y8FFR^w-M>l231Zi&CO;YcdlN& z3f2xtrZ*~&bA5$fO$`vq{e4nW>5whh1S@`75?uZj_zOvp)AFBN3$Go4oPcTIj!C2n zSoZD9Kq?vPlF6B#tD_P+I)fl&K)S;;o##41sn=IjRA2(%jE+_TI69vW4n$p#KkX9gK%SmhMdW=7>)19%EB1snxU5n}D}K?LzBCqI8-f8#IV%kS;&h1I6N z%mBce295n6W~i%TWNKfGeFG>4M{Hqk4xS_IB6W-AKqH8kbYC?v$r=D*w{D&V z(Cx8ii;f8lJmYDZU>g=0SyWQu?&dcB#qJsk+ugl>gxdnW4m-ZsN7;}Ybyvf_1UTqWOek~(G9fQ+W5-S68H?|2j+7Q;v5_t05&i;Kz(y_ zb3n@Pf-OIOP*IzHc`+8Y_9!hOSDeSk0ONw}Ms>@iTH_IRVg#gtMq+iJ~)f;UdkRMd_!@qxvdGFdj zfBvtr5oNHskc;`*)|Q=>HJQ6M7S-9%K)~`QHdaoCYxRl@xXjwAw*Gx-?pGV$c+-hG zUjqU6mM~fTNmMMZWtHr_jnkkYst8eXq^CT@nM@Sz$J zV>|F*k;cY*afIXRKPuA6kK|vjvOx5GJz7XQ;1}xy|e} zo*xh(seQ3Nn+u5#NMhdumrZFl$XA^FNXW?CoSkj(Mn{Qn#M$hp097CiGqN4v~BeO4fC}c+=Zosl50#%OrD-NSStJ+65nu`4^hVW&^z#lp zpa55lS;@JlH#{629f>m_Xjxu9MVAfoTW-s`Xmt$@%Fb815N4#LFnA8!?luhEJLv;f z1tSZX(bmKuFC=GWl@C<=#cl+$vUO$#pF*Xx z45^m(-W>%m0}Kp%4OFypd%cD9k^8>rZDHZN#0vNBQL*Re=L2Q*dx86qiK(Va{)20E)o*9< z5n1rx>FLJ58`u@~{CHvAZBk^`AUx#xdWlV+h>% zhrerVj0Yw6`}c1W5)!}y#b`#_p-PXgH0jo;>&fDd(=jY}IUc^>hT<(8e*??qm%06i?0e5tVVeh4d@ zVKfOTsXn;Fb^j7|-;k8lR7w=c`vf=UxDV=FGgc72qik)LAq4>EjodySgR8KxaAQ8A z;p4FsBNG2iD&HqEd4ZnzG{cl>Wao*<2>!6?=e}>vZXrW6XA=n4B z;7k^Lrd|htOGjOuIngBsvpySr=6e8+84=Lw^0j_AnAop`0_EoBHk12?p!7W@#Og24 zul|4M0{?vw<;>~)J`w-#`5iolB=^-hQZAaGwcdM@A1SD*P3`PD%!Go;t{*^AoIiUO zGNkEK8HUB)2PFrv4_@_hcm+Cy(|I4m7#m z0I`MBlOr^5oK3fP5Kl3zcC)g!UR+pUL9dS2j?{HVBTqsohC$7iTXY%K`}uCpC`qQS zE-WZ%6O)nMJGJUl@XU^mj&tYE0n{rHuZ-8~Z)Sq)01*K;PD)(-Yh7L4moK})On$P& zsS?hw^VT7OWI=-j0W}T0agCl{!uC(;f3rRp$L-tp;}J~AabRqSW(@>xgL+iXULC0{ z(J{G95>!@JMw|gr%xW42G(X@VD;g?p(Df$b{`DEoZXKw~h1uC%xc8{=vFpB#zNRKB zvnL`V;w&M7#;G|&cLSkp^i57a1?9b2{XRKaR8*9kM%mM|icRqfNl->c25|-~T|6m2 zA0HMM+G5gU`5D^e!wi5OaR!u4Rd}YimlrD<^4O3#SZb~O{?So`3#LEBUW{T*%Fts{ zNFSMr(NPA$uL#@)tPEByy+lM*bn1NS@o<{BBO%N7O65cxDdbmC6i+IwA6?-e86IXu z1GBM9d{gIwBq>G8)9Fg&I?e~Yt=G1t(=&Pbvnb1vFLtT5;qCu;xVRp?6ACi$fZi;g zU^oAT%1~#fu(Y;z>(REDo6E)c35kgK9Bgx+n$Unlc>3hheZ#zh0u*uNRnahm(~6*2 zoc>LU%FD@lt(vR$UPLJ_6Y|x$fB*EJJaN+qR?Y^=`S{TzNTMl&;38(ZaU-*HJONVR z{{HPYPD~8xMqhKYypqWe@Z*sAUT0vCEbN}bLDIawu~Fr+5C>=~u1Fxe2Lhert8m(`!A=>f!V{{H@F&YU3%%*e@^otb%)n5bAh zySCP4CIk>+sHxfb&j}LpC`M^(Q`5hztK)j@;xDaiY~o2lm%e*o4y3P7> z_w#2#lg^$0?8DfY?_jYZXelbj>j8dea2M_abY4PniHW^EijOQ=yAXtmm2*jwWrlOQ zn<64oZp%q%#S#$r#OKbQJxfGnRO3;Wlf%Kv%F4;v+TSlCEF7O_Ze{f@DM?pLOZZvi zSqK{~EaspN6crWQ+uB@zJNf!bqwZ^HXk-~EDTTKFg&KRUEQOK}|AneUljFys?Hm>o|(ANivH3TmCs9grMQtScY%co=CTtRLs z-@i{W#F=v*oEQZPwg@T~PEm9;HQxiHW~(Hg27;@jO4_6sFT!k-r93y`pFveZq6KdO z(6P>FI`*pXCcHS?a;_R?c5d#Dq~sU>{PL}M3{ zNPvOAB_$;XON`Z&l{Eo{w6rpNELjsOZHM9@{z^&Vn@W(rXdwrJ_X0HsMG&ZMP@E9U z83#1G z8*fskOPm4ia73fFPAE$R)B40ND*A|vMnL~dgaIV1E?{ZJk|P!OSkRCL1HqYt9%wsMih@K9j5qCzvj9kQvu(0JQ+HzI$cwn>Z4@ z6RW9PdwV;jl@IRqrE6>#z-XS9b$mv~)TwJ{2fT%C0ujWaOhrXihnr1?3}y810zc%X zfYH7i(+X~GVj4-{q;+&EpEeNs(02Cs)3Cttj67pQY+M|u0&5eK-XU2#K=s?VD?v;A zo1LW!0`H{FL)#^@S_a-#1|ul+sV2IU9ML;yFI@CJeW1lw3(iwuogtG40SLo=gv9nw z=`+yT@(|jS;P@(|AjB8*+Mb8X$j-^BgLn&+G>BCu2`4kq zoEoh|k-|I`2n2!Z>Hh^7qGy4W@Bo}-rTqj48(RcalB#M{hq?QIh+}?n@hUw%2sg*7 zQDCfI%g@kcana*}NpNP?2V|CHz&eX#p#@o;McF>-rk2FKk}KHnp(9I%K8JGBYfzf%60iJ rvvJ<^kj4M^l>h&7=Kudlq8>bff%&A)IqJe~xQkFyP?ax6J$>~*DIy>2 literal 0 HcmV?d00001 diff --git a/test/case/infix_containers/infix_containers.yaml b/test/case/infix_containers/infix_containers.yaml index 0caa72fa6..3d364de74 100644 --- a/test/case/infix_containers/infix_containers.yaml +++ b/test/case/infix_containers/infix_containers.yaml @@ -11,3 +11,7 @@ - name: container_veth case: container_veth/test.py + +- name: container_firewall_basic + case: container_firewall_basic/test.py + diff --git a/test/infamy/container.py b/test/infamy/container.py index e5a1e9a26..9989cf38e 100644 --- a/test/infamy/container.py +++ b/test/infamy/container.py @@ -6,6 +6,7 @@ class Container: """Helper methods""" HTTPD_IMAGE = "curios-httpd-v24.05.0.tar.gz" + NFTABLES_IMAGE = "curios-nftables-v24.05.0.tar.gz" def __init__(self, target): self.system = target