require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
- describe 'reset' do
- it 'deletes all rules' do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- end
+describe 'changing the source' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
describe 'when unmanaged rules exist' do
require 'spec_helper_acceptance'
-describe "firewall class:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+describe "firewall class" do
it 'should run successfully' do
pp = "class { 'firewall': }"
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
-
- describe 'reset' do
- it 'deletes all iptables rules' do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- end
- it 'deletes all ip6tables rules' do
- shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
- end
+describe 'connlimit property' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
if default['platform'] !~ /sles-10/
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+describe 'connmark property' do
describe 'connmark' do
context '50' do
class { '::firewall': }
firewall { '502 - test':
proto => 'all',
- connmark => '0x1',
+ connmark => '0x1',
action => reject,
}
EOS
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
-
- describe 'reset' do
- it 'deletes all iptables rules' do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- end
- it 'deletes all ip6tables rules' do
- shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
- end
+describe 'firewall bridging' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
describe 'iptables physdev tests' do
end
end
end
-
end
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
-
- before(:all) do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
+describe 'firewall DSCP' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
describe 'dscp ipv4 tests' do
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
-
- describe 'reset' do
- it 'deletes all iptables rules' do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- end
- it 'deletes all ip6tables rules' do
- shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
- end
+describe 'firewall iptmodules' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
describe 'iptables ipt_modules tests' do
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
-
- before(:all) do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
+describe 'firewall MSS' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
describe 'mss ipv4 tests' do
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
-
- describe 'reset' do
- it 'deletes all rules' do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- end
+describe 'firewall basics' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
describe 'name' do
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
-
- before(:all) do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
+describe 'firewall tee' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
if default['platform'] =~ /ubuntu-1404/ or default['platform'] =~ /ubuntu-1204/ or default['platform'] =~ /debian-7/ or default['platform'] =~ /debian-8/ or default['platform'] =~ /el-7/
it 'applies' do
pp = <<-EOS
class { '::firewall': }
- firewall {
+ firewall {
'810 - tee_gateway':
chain => 'PREROUTING',
table => 'mangle',
it 'applies' do
pp = <<-EOS
class { '::firewall': }
- firewall {
+ firewall {
'811 - tee_gateway6':
chain => 'PREROUTING',
table => 'mangle',
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
-
-
- before(:all) do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
+describe 'firewall time' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
if default['platform'] =~ /ubuntu-1404/ or default['platform'] =~ /debian-7/ or default['platform'] =~ /debian-8/ or default['platform'] =~ /el-7/
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
-
- describe 'reset' do
- it 'deletes all rules' do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- end
- it 'deletes all ip6tables rules' do
- shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
- end
+describe 'firewall uid' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
describe "uid tests" do
require 'spec_helper_acceptance'
-describe 'puppet resource firewallchain command:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+describe 'puppet resource firewallchain command' do
before :all do
iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
+
describe 'ensure' do
context 'present' do
it 'applies cleanly' do
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
- before(:all) do
+describe 'firewall inverting' do
+ before :all do
iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
context "inverting rules" do
require 'spec_helper_acceptance'
if default['platform'] =~ /el-5/ or default['platform'] =~ /sles-10/
- describe "firewall ip6tables doesn't work on 1.3.5 because --comment is missing", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ describe "firewall ip6tables doesn't work on 1.3.5 because --comment is missing" do
before :all do
+ iptables_flush_all_tables
ip6tables_flush_all_tables
end
end
end
else
- describe 'firewall ishasmorefrags/islastfrag/isfirstfrag properties', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ describe 'firewall ishasmorefrags/islastfrag/isfirstfrag properties' do
before :all do
+ iptables_flush_all_tables
ip6tables_flush_all_tables
end
require 'spec_helper_acceptance'
-describe 'firewall isfragment property', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+describe 'firewall isfragment property' do
before :all do
iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
shared_examples "is idempotent" do |value, line_match|
require 'spec_helper_acceptance'
-describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
-
- before(:all) do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
+describe 'firewall match marks' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/
require 'spec_helper_acceptance'
-describe "param based tests:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
-
- before(:all) do
- shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
- shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
+describe 'param based tests' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
it 'test various params', :unless => (default['platform'].match(/el-5/) || fact('operatingsystem') == 'SLES') do
iptables_flush_all_tables
ppm = <<-EOS
- firewall { '100 test':
+ firewall { '100 test':
table => 'raw',
socket => 'true',
chain => 'PREROUTING',
require 'spec_helper_acceptance'
-describe "purge tests:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+describe 'purge tests' do
+ before :all do
+ iptables_flush_all_tables
+ ip6tables_flush_all_tables
+ end
+
context('resources purge') do
before(:all) do
iptables_flush_all_tables
# Here we want to test the the resource commands ability to work with different
# existing ruleset scenarios. This will give the parsing capabilities of the
# code a good work out.
-describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+describe 'puppet resource firewall command' do
before(:all) do
# In order to properly check stderr for anomalies we need to fix the deprecation warnings from puppet.conf.
config = shell('puppet config print config').stdout
require 'spec_helper_acceptance'
-describe 'complex ruleset 1', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+describe 'complex ruleset 1' do
before :all do
iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
after :all do
it 'applies cleanly' do
pp = <<-EOS
class { '::firewall': }
-
+
Firewall {
proto => 'all',
stage => 'pre',
require 'spec_helper_acceptance'
# RHEL5 does not support -m socket
-describe 'firewall socket property', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) || default['platform'] =~ /el-5/ || fact('operatingsystem') == 'SLES') do
+describe 'firewall socket property', :unless => default['platform'] =~ /el-5/ || fact('operatingsystem') == 'SLES' do
before :all do
iptables_flush_all_tables
+ ip6tables_flush_all_tables
end
shared_examples "is idempotent" do |value, line_match|
require 'spec_helper_acceptance'
# Some tests for the standard recommended usage
-describe 'standard usage tests:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+describe 'standard usage tests' do
it 'applies twice' do
pp = <<-EOS
class my_fw::pre {
+++ /dev/null
-require 'spec_helper_acceptance'
-
-describe 'unsupported distributions and OSes', :if => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
- it 'should fail' do
- pp = <<-EOS
- class { 'firewall': }
- EOS
- expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/not currently supported/i)
- end
-end
end
def ip6tables_flush_all_tables
- ['filter'].each do |t|
+ ['filter', 'nat', 'mangle'].each do |t|
expect(shell("ip6tables -t #{t} -F").stderr).to eq("")
end
end
run_puppet_install_helper
-UNSUPPORTED_PLATFORMS = ['windows','Solaris','Darwin']
-
RSpec.configure do |c|
# Project root
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
- # Readable test descriptions
- c.formatter = :documentation
-
# Configure all nodes in nodeset
c.before :suite do
# Install module and dependencies
hosts.each do |host|
copy_module_to(host, :source => proj_root, :module_name => 'firewall')
- on host, puppet('module install puppetlabs-stdlib --version 3.2.0'), { :acceptable_exit_codes => [0,1] }
+ on host, puppet('module install puppetlabs-stdlib --version 3.2.0')
end
end
end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff