iptables-nmap automated

high

Image Types:
basesdk-amd64 / sdk-amd64 / target-armhf-internal / target-armhf / target-amd64
Image Deployment:
APT, OSTree
Type:
functional

Description

Test the firewall using nmap from another computer.


Resources

  • The tester needs an external computer with the nmap command available.
  • The external computer must be connected to the same network as the target.

Pre Conditions

  1. Clone the tests repository from another computer (Note that the branch being tested may change depending on the release, please make sure to clone the correct branch for the release in question):
  2. $ git clone --branch apertis/v2022dev1 https://gitlab.apertis.org/pkg/development/apertis-tests.git
  3. Copy the test directory apertis-tests to the target device:
  4. $ DUT_IP=<device-ip>
    $ scp -r apertis-tests user@$DUT_IP:
  5. Log into the target device:
  6. $ ssh user@$DUT_IP

Execution Steps

  1. From the external computer where the apertis-tests repository was cloned, run the following script to check filtered/open/closed ports (the nmap command can take some time). Replace 'lava-target-ip' by the DUT_IP:
  2. $ cd apertis-tests
    $ iptables-nmap/run-iptables-nmap.py `lava-target-ip`

Expected

All ports are filtered, except port 80/tcp (http)/closed, 22/tcp (ssh)/open, and 1234/tcp (hotline)/close. The script should also report 'pass' at the end.

Not shown: 999 filtered ports

PORT   STATE  SERVICE

22/tcp   open   ssh

80/tcp   closed http

1234/tcp closed hotline

....

TEST_RESULT:only_valid_services:pass

Notes

  • Make sure that you have disconnect the ethernet connection to the target before you start the tethering process.
  • In order to test the SDK image, the VirtualBox VM must be configured with a network attached to Bridged adaptor. The test cannot be run if the network is configured as NAT.