it 'should contain the rule' do
shell('iptables-save') do |r|
- if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5') or default['platform'] =~ /sles-10/
+ if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5') or (default['platform'] =~ /sles-10/)
expect(r.stdout).to match(/-A INPUT -s 10.1.5.28 -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "610 - test"/)
else
expect(r.stdout).to match(/-A INPUT -s 10.1.5.28\/(32|255\.255\.255\.255) -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "610 - test"/)
it 'should contain the rules' do
shell('iptables-save') do |r|
- if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5') or (fact('osfamily') == 'SLES' and fact('operatingsystemmajrelease') == '10')
+ if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5') or (default['platform'] =~ /sles-10/)
expect(r.stdout).to match(/-A INPUT -p ! esp -m comment --comment "601 disallow esp protocol" -j ACCEPT/)
expect(r.stdout).to match(/-A INPUT -s ! 10\.0\.0\.0\/255\.0\.0\.0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --sports ! 80,443 -m comment --comment "602 drop NEW external website packets with FIN\/RST\/ACK set and SYN unset" -m state --state NEW -j DROP/)
else
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff