use strict;
use Test::More tests => 9;
use YAML;

use_ok( 'IPTables::Mangle' );

my $sample_file = <<END;
filter:
    forward: { default: drop }
    input:
        # by default, do not allow any connections unless authorized
        # in the rules below
        default: drop

        # by default, if no "action" is given to a rule below, accept it
        default_rule_action: accept 

        rules:
            # Accept all traffic on loopback interface
            - in-interface: lo

            # Don't disconnect existing connections during a rule change.
            - { match: state, state: 'ESTABLISHED,RELATED' }

            # Allow for pings (no more than 10 a second)
            - { protocol: icmp, icmp-type: 8, match: limit, limit: 10/sec }

            # Allow these IPs, no matter what
            - src: 123.123.123.123

            # example of blocking an IP 
            # - { action: drop, src: 8.8.8.8 }

            # open ssh to the world (for now)
            - { protocol: tcp, dport: 22 }

            - { protocol: tcp, dport: 8000:20000 }
            - { protocol: tcp, dport: 80 }
            - { protocol: tcp, dport: 443 }

END

my $config = IPTables::Mangle::process_config(Load($sample_file));

my @verify_rules = (
    '-A INPUT --in-interface lo -j ACCEPT',
    '-A INPUT --match state --state ESTABLISHED,RELATED -j ACCEPT',
    '-A INPUT --protocol icmp --match limit --limit 10/sec --icmp-type 8 -j ACCEPT',
    '-A INPUT --src 123.123.123.123 -j ACCEPT',
    '-A INPUT --protocol tcp --dport 22 -j ACCEPT',
    '-A INPUT --protocol tcp --dport 8000:20000 -j ACCEPT',
    '-A INPUT --protocol tcp --dport 80 -j ACCEPT',
    '-A INPUT --protocol tcp --dport 443 -j ACCEPT',
);

ok($config =~ /$_/, "found '$_'") for @verify_rules;