.. _example_service_firewall_generaltests:
#############
General Tests
#############
.. sidebar:: Contents
.. contents::
:depth: 2
:local:
The following scenario shows how to place an OSDx router
between two machines to allow them to communicate with
each other and to provide protection when accessing
one another and the external WAN.
.. image:: topology.svg
:width: 400
*******************************
Test Simple Ruleset With Queues
*******************************
Description
===========
Configures the three DUTs that will be used and checks
that they are capable of pinging each other but not of
connecting via SSH, since these connections are being
dropped by the firewall.
Scenario
========
.. include:: generaltests/testsimplerulesetwithqueues
.. raw:: html
********************************************
Test Simple Ruleset With Custom Action-order
********************************************
Description
===========
Configures the three DUTs that will be used and checks
that initially they are capable of pinging each other
but after changing the priority of rule actions, ICMP
traffic is not passed, but dropped by the firewall.
Scenario
========
.. include:: generaltests/testsimplerulesetwithcustomaction-order
.. raw:: html
****************************************
Test Simple Ruleset With Queues IDS Mode
****************************************
Description
===========
Configures the three DUTs that will be used and
checks that they are capable of pinging each other
and of connecting via SSH. Since the firewall
is set to IDS mode, these connections are not being dropped.
Scenario
========
.. include:: generaltests/testsimplerulesetwithqueuesidsmode
.. raw:: html
**********************
Test Encrypted Ruleset
**********************
Description
===========
Configures the three DUTs, encrypts an arbitrary ruleset file
and checks that the firewall is handling said file as expected.
The firewall behaves the same way as for `Test Simple Ruleset With Queues`_
but with an encrypted ruleset.
Scenario
========
.. include:: generaltests/testencryptedruleset
.. raw:: html
********************
Test Encrypted Patch
********************
Description
===========
.. include:: encryptedpatch.rst.partial
Scenario
========
.. include:: generaltests/testencryptedpatch
.. raw:: html
**********************************
Test Compressed Ruleset With Patch
**********************************
Description
===========
.. include:: compressedrulesetpatch.rst.partial
Scenario
========
.. include:: generaltests/testcompressedrulesetwithpatch
.. raw:: html
**************************************
Test Single File In Compressed Ruleset
**************************************
Description
===========
Compresses two ruleset files but only chooses the ``test-performance.rules``
from within the compressed file. Lastly, checks that performance traffic is detected but
no message is generated for SSH traffic, indicating that only one file is
being used.
Scenario
========
.. include:: generaltests/testsinglefileincompressedruleset
.. raw:: html
**************
Test Selectors
**************
Description
===========
.. include:: selectors.rst.partial
Scenario
========
.. include:: generaltests/testselectors
.. raw:: html
************
Test Hashset
************
Description
===========
Configures the three DUTs although only DUT0 is used for the test.
First, a probe file is downloaded by DUT0. The probe file is detected
by the service firewall running in DUT0 and md5, sha1 and sha256
hashes are logged.
Lastly, the service firewall is configured for blocking the download of
the probe file when is recognized through the configured md5, sha1 or
sha256 hashset files.
Scenario
========
.. include:: generaltests/testhashset
.. raw:: html