# This order can be determined by going through iptables source code or just tweaking and trying manually
@resource_list = [:table, :source, :destination, :iniface, :outiface,
:proto, :isfragment, :tcp_flags, :gid, :uid, :sport, :dport, :port, :socket, :pkttype, :name, :state, :icmp, :limit, :burst,
- :jump, :todest, :tosource, :toports, :log_level, :log_prefix, :reject, :set_mark]
+ :jump, :todest, :tosource, :toports, :log_prefix, :log_level, :reject, :set_mark]
def insert
debug 'Inserting rule %s' % resource[:name]
r.exit_code.should == 2
end
end
+
+ it 'test log rule - idempotent' do
+ iptables_flush_all_tables
+
+ ppm1 = pp({
+ 'name' => '004 log all INVALID packets',
+ 'chain' => 'INPUT',
+ 'proto' => 'all',
+ 'state' => 'INVALID',
+ 'jump' => 'LOG',
+ 'log_level' => '3',
+ 'log_prefix' => '"IPTABLES dropped invalid: "',
+ })
+
+ puppet_apply(ppm1) do |r|
+ r.stderr.should be_empty
+ r.exit_code.should == 2
+ end
+
+ puppet_apply(ppm1) do |r|
+ r.stderr.should be_empty
+ r.exit_code.should == 0
+ end
+ end
end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff