From ad409015dae305b87e99c3ef7535150b49510d73 Mon Sep 17 00:00:00 2001 From: Jonathan Tripathy Date: Wed, 22 Jul 2015 15:00:46 +0100 Subject: [PATCH] Adding allow ssh rule to tests --- spec/acceptance/rules_spec.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/spec/acceptance/rules_spec.rb b/spec/acceptance/rules_spec.rb index 7d814e2..fee12dd 100644 --- a/spec/acceptance/rules_spec.rb +++ b/spec/acceptance/rules_spec.rb @@ -140,12 +140,20 @@ describe 'complex ruleset 2' do ], } + firewall { '001 ssh needed for beaker testing': + proto => 'tcp', + dport => '22', + action => 'accept', + before => Firewallchain['INPUT:filter:IPv4'], + } + firewall { '010 INPUT allow established and related': proto => 'all', state => ['ESTABLISHED', 'RELATED'], action => 'accept', before => Firewallchain['INPUT:filter:IPv4'], } + firewall { "011 reject local traffic not on loopback interface": iniface => '! lo', proto => 'all', @@ -164,6 +172,7 @@ describe 'complex ruleset 2' do action => 'accept', before => Firewallchain['INPUT:filter:IPv4'], } + firewall { '025 smtp': outiface => '! eth0:2', chain => 'OUTPUT', @@ -257,6 +266,7 @@ describe 'complex ruleset 2' do /-A INPUT -s 10.0.0.0\/(8|255\.0\.0\.0) -p icmp -m comment --comment \"013 icmp echo-request\" -m icmp --icmp-type 8 -j ACCEPT/, /-A INPUT -p icmp -m comment --comment \"013 icmp time-exceeded\" -m icmp --icmp-type 11 -j ACCEPT/, /-A INPUT -p tcp -m multiport --dports 22 -m comment --comment \"020 ssh\" -m state --state NEW -j ACCEPT/, + /-A INPUT -p tcp -m multiport --dports 22 -m comment --comment \"001 ssh needed for beaker testing\" -j ACCEPT/, /-A OUTPUT (! -o|-o !) eth0:2 -p tcp -m multiport --dports 25 -m comment --comment \"025 smtp\" -m state --state NEW -j ACCEPT/, /-A INPUT -i eth0:3 -p tcp -m multiport --dports 443 -m comment --comment \"443 ssl on aliased interface\" -m state --state NEW -j ACCEPT/, /-A INPUT -m comment --comment \"900 LOCAL_INPUT\" -j LOCAL_INPUT/, -- 2.45.2