converted all tnc iptables scenarios

testing/tests/tnc/tnccs-11-fhh/posttest.dat

@@ -1,6 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush

testing/tests/tnc/tnccs-11-fhh/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 moon::cat /etc/tnc_config
 carol::cat /etc/tnc_config
 dave::cat /etc/tnc_config

testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/init.d/iptables

@@ -1,84 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow MobIKE
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow RADIUS protocol with alice
-	iptables -A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
-	iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-

testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/iptables.rules

@@ -0,0 +1,32 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+# allow RADIUS protocol with alice
+-A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
+-A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
+
+COMMIT

testing/tests/tnc/tnccs-11-radius-block/posttest.dat

@@ -3,7 +3,7 @@ carol::ipsec stop
 dave::ipsec stop
 alice::killall radiusd
 alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush
 dave::/etc/init.d/apache2 stop 2> /dev/null

testing/tests/tnc/tnccs-11-radius-block/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 dave::/etc/init.d/apache2 start 2> /dev/null
 alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second
 alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second

testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/init.d/iptables

@@ -1,84 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow MobIKE
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow RADIUS protocol with alice
-	iptables -A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
-	iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-

testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/iptables.rules

@@ -0,0 +1,32 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+# allow RADIUS protocol with alice
+-A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
+-A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
+
+COMMIT

testing/tests/tnc/tnccs-11-radius/posttest.dat

@@ -3,6 +3,6 @@ carol::ipsec stop
 dave::ipsec stop
 alice::killall radiusd
 alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush

testing/tests/tnc/tnccs-11-radius/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second
 alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second
 alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd

testing/tests/tnc/tnccs-11/posttest.dat

@@ -1,6 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush

testing/tests/tnc/tnccs-11/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 moon::cat /etc/tnc_config
 carol::cat /etc/tnc_config
 dave::cat /etc/tnc_config

testing/tests/tnc/tnccs-20-block/posttest.dat

@@ -1,7 +1,7 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush
 dave::/etc/init.d/apache2 stop 2> /dev/null

testing/tests/tnc/tnccs-20-block/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 dave::/etc/init.d/apache2 start 2> /dev/null
 moon::cat /etc/tnc_config
 carol::cat /etc/tnc_config

testing/tests/tnc/tnccs-20-client-retry/posttest.dat

@@ -1,6 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush

testing/tests/tnc/tnccs-20-client-retry/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 moon::cat /etc/tnc_config
 carol::cat /etc/tnc_config
 dave::cat /etc/tnc_config

testing/tests/tnc/tnccs-20-fhh/posttest.dat

@@ -1,6 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush

testing/tests/tnc/tnccs-20-fhh/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 moon::cat /etc/tnc_config
 carol::cat /etc/tnc_config
 dave::cat /etc/tnc_config

testing/tests/tnc/tnccs-20-os/posttest.dat

@@ -1,7 +1,7 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush
 carol::echo 1 > /proc/sys/net/ipv4/ip_forward

testing/tests/tnc/tnccs-20-os/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 carol::echo 0 > /proc/sys/net/ipv4/ip_forward
 moon::cat /etc/tnc_config
 carol::cat /etc/tnc_config

testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/init.d/iptables

@@ -1,84 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow MobIKE
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow RADIUS protocol with alice
-	iptables -A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
-	iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-

testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/iptables.rules

@@ -0,0 +1,32 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+# allow RADIUS protocol with alice
+-A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
+-A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
+
+COMMIT

testing/tests/tnc/tnccs-20-pdp/posttest.dat

@@ -2,6 +2,6 @@ moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
 alice::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush

testing/tests/tnc/tnccs-20-pdp/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 alice::cat /etc/tnc_config
 carol::cat /etc/tnc_config
 dave::cat /etc/tnc_config

testing/tests/tnc/tnccs-20-server-retry/posttest.dat

@@ -1,6 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush

testing/tests/tnc/tnccs-20-server-retry/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 moon::cat /etc/tnc_config
 carol::cat /etc/tnc_config
 dave::cat /etc/tnc_config

testing/tests/tnc/tnccs-20-tls/posttest.dat

@@ -1,6 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush

testing/tests/tnc/tnccs-20-tls/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 moon::cat /etc/tnc_config
 carol::cat /etc/tnc_config
 dave::cat /etc/tnc_config

testing/tests/tnc/tnccs-20/posttest.dat

@@ -1,6 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush

testing/tests/tnc/tnccs-20/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 moon::cat /etc/tnc_config
 carol::cat /etc/tnc_config
 dave::cat /etc/tnc_config

testing/tests/tnc/tnccs-dynamic/posttest.dat

@@ -1,6 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
-dave::/etc/init.d/iptables stop 2> /dev/null
+dave::iptables-restore < /etc/iptables.flush

testing/tests/tnc/tnccs-dynamic/pretest.dat

@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
-dave::/etc/init.d/iptables start 2> /dev/null
+dave::iptables-restore < /etc/iptables.rules
 moon::cat /etc/tnc_config
 carol::cat /etc/tnc_config
 dave::cat /etc/tnc_config