From: Jonathan Tripathy Date: Wed, 22 Jul 2015 14:00:46 +0000 (+0100) Subject: Adding allow ssh rule to tests X-Git-Tag: 1.7.0~5^2 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=ad409015dae305b87e99c3ef7535150b49510d73;p=puppet-modules%2Fpuppetlabs-firewall.git Adding allow ssh rule to tests --- diff --git a/spec/acceptance/rules_spec.rb b/spec/acceptance/rules_spec.rb index 7d814e2..fee12dd 100644 --- a/spec/acceptance/rules_spec.rb +++ b/spec/acceptance/rules_spec.rb @@ -140,12 +140,20 @@ describe 'complex ruleset 2' do ], } + firewall { '001 ssh needed for beaker testing': + proto => 'tcp', + dport => '22', + action => 'accept', + before => Firewallchain['INPUT:filter:IPv4'], + } + firewall { '010 INPUT allow established and related': proto => 'all', state => ['ESTABLISHED', 'RELATED'], action => 'accept', before => Firewallchain['INPUT:filter:IPv4'], } + firewall { "011 reject local traffic not on loopback interface": iniface => '! lo', proto => 'all', @@ -164,6 +172,7 @@ describe 'complex ruleset 2' do action => 'accept', before => Firewallchain['INPUT:filter:IPv4'], } + firewall { '025 smtp': outiface => '! eth0:2', chain => 'OUTPUT', @@ -257,6 +266,7 @@ describe 'complex ruleset 2' do /-A INPUT -s 10.0.0.0\/(8|255\.0\.0\.0) -p icmp -m comment --comment \"013 icmp echo-request\" -m icmp --icmp-type 8 -j ACCEPT/, /-A INPUT -p icmp -m comment --comment \"013 icmp time-exceeded\" -m icmp --icmp-type 11 -j ACCEPT/, /-A INPUT -p tcp -m multiport --dports 22 -m comment --comment \"020 ssh\" -m state --state NEW -j ACCEPT/, + /-A INPUT -p tcp -m multiport --dports 22 -m comment --comment \"001 ssh needed for beaker testing\" -j ACCEPT/, /-A OUTPUT (! -o|-o !) eth0:2 -p tcp -m multiport --dports 25 -m comment --comment \"025 smtp\" -m state --state NEW -j ACCEPT/, /-A INPUT -i eth0:3 -p tcp -m multiport --dports 443 -m comment --comment \"443 ssl on aliased interface\" -m state --state NEW -j ACCEPT/, /-A INPUT -m comment --comment \"900 LOCAL_INPUT\" -j LOCAL_INPUT/,