| 61 | } |
| 62 | |
| 63 | func TestRulesMatchIPAndPort(t *testing.T) { |
| 64 | ip1, ipnet1, _ := net.ParseCIDR("1.2.3.4/24") |
| 65 | ip2, _, _ := net.ParseCIDR("2.3.4.5/24") |
| 66 | |
| 67 | rule1, _ := NewRule(ipnet1, []int{80, 443}, true) |
| 68 | rules := []Rule{ |
| 69 | rule1, |
| 70 | } |
| 71 | |
| 72 | policy, _ := NewPolicy(false, rules) |
| 73 | |
| 74 | allowed, rule := policy.Allowed(ip1, 80) |
| 75 | assert.True(t, allowed, "expected to be allowed as matching rule") |
| 76 | assert.True(t, rule.ipNet == ipnet1, "expected to match ipnet1") |
| 77 | |
| 78 | allowed, rule = policy.Allowed(ip2, 80) |
| 79 | assert.False(t, allowed, "expected to be denied as no matching rule") |
| 80 | assert.Nil(t, rule, "expected to be nil") |
| 81 | } |
| 82 | |
| 83 | func TestRulesMatchIPAndPort2(t *testing.T) { |
| 84 | ip1, ipnet1, _ := net.ParseCIDR("1.2.3.4/24") |