firewall4/tests/mocks/uci, branch master

config: drop input traffic by default

2022-11-02T15:24:20Z

This is necessary with firewall4 to avoid a hard-to-diagnose race condition during boot, causing DNAT rules not to be taken into account correctly. The root cause is that, during boot, the ruleset is mostly empty, and interface-related rules (including DNAT rules) are added incrementally. If a packet hits the input chain before the DNAT rules are setup, it can create buggy conntrack entries that will persist indefinitely. This new default should be safe because firewall4 explicitly accepts authorized traffic and rejects the rest. Thus, in normal operations, the default policy is not used. Fixes: #10749 Ref: https://github.com/openwrt/openwrt/issues/10749 Signed-off-by: Baptiste Jonglez

tests: add test for unknown rule option

2022-01-09T13:22:25Z

Signed-off-by: Stijn Tintel Reviewed-by: Jo-Philipp Wich

tests: add test for deprecated rule option

2022-01-09T13:22:20Z

Signed-off-by: Stijn Tintel Reviewed-by: Jo-Philipp Wich

tests: add test for unknown defaults option

2022-01-09T13:22:16Z

Signed-off-by: Stijn Tintel Reviewed-by: Jo-Philipp Wich

tests: enable flow offloading in tests

2022-01-09T13:22:10Z

As flow offloading is a popular feature, it makes sense to cover it in the tests. This would have caught the issue fixed in b68cf6701945 ("main.uc: fix device gathering"). Signed-off-by: Stijn Tintel Reviewed-by: Jo-Philipp Wich

tests: expand testing

2021-03-31T20:10:04Z

- Rewrite test framework - Add initial rule test coverage Signed-off-by: Jo-Philipp Wich

Initial commit

2021-03-19T18:26:04Z

Signed-off-by: Jo-Philipp Wich