nat: Change the order of the DENY/ALLOW rule for the BSC.
Currently it is not is not easily possible to disable
everyone and then only allow certain SIMs. By changing
the order we can do:
access-list imsi-deny only-something ^[0-9]*$
access-list imsi-allow only-something ^123[0-9]*$
and still keep the usecase of only forbidding certain
SIMs on certain LACs. Adjust test case, test that the
other cases are still functional.
diff --git a/openbsc/tests/bsc-nat/bsc_nat_test.c b/openbsc/tests/bsc-nat/bsc_nat_test.c
index f82b4db5..75bd803 100644
--- a/openbsc/tests/bsc-nat/bsc_nat_test.c
+++ b/openbsc/tests/bsc-nat/bsc_nat_test.c
@@ -657,12 +657,29 @@
/* filter as deny is first */
.data = bss_lu,
.length = sizeof(bss_lu),
- .result = -2,
+ .result = 1,
.bsc_imsi_deny = "[0-9]*",
.bsc_imsi_allow = "[0-9]*",
.nat_imsi_deny = "[0-9]*",
.contype = NAT_CON_TYPE_LU,
},
+ {
+ /* deny by nat rule */
+ .data = bss_lu,
+ .length = sizeof(bss_lu),
+ .result = -3,
+ .bsc_imsi_deny = "000[0-9]*",
+ .nat_imsi_deny = "[0-9]*",
+ .contype = NAT_CON_TYPE_LU,
+ },
+ {
+ /* deny by bsc rule */
+ .data = bss_lu,
+ .length = sizeof(bss_lu),
+ .result = -2,
+ .bsc_imsi_deny = "[0-9]*",
+ .contype = NAT_CON_TYPE_LU,
+ },
};