Révision 248ef9d5
Add basic ip6 nat chains
| spec/classes/ip_nat_spec.rb | ||
|---|---|---|
| 18 | 18 |
) |
| 19 | 19 |
} |
| 20 | 20 |
|
| 21 |
context 'chain prerouting' do |
|
| 21 |
it {
|
|
| 22 |
is_expected.to contain_file('/etc/nftables/puppet/ip6-nat.nft').with(
|
|
| 23 |
ensure: 'file', |
|
| 24 |
owner: 'root', |
|
| 25 |
group: 'root', |
|
| 26 |
mode: '0640', |
|
| 27 |
) |
|
| 28 |
} |
|
| 29 |
|
|
| 30 |
context 'table ip nat chain prerouting' do |
|
| 22 | 31 |
it {
|
| 23 | 32 |
is_expected.to contain_concat('nftables-ip-nat-chain-PREROUTING').with(
|
| 24 | 33 |
path: '/etc/nftables/puppet/ip-nat-chain-PREROUTING.nft', |
| ... | ... | |
| 58 | 67 |
} |
| 59 | 68 |
end |
| 60 | 69 |
|
| 61 |
context 'chain output' do
|
|
| 70 |
context 'table ip nat chain postrouting' do
|
|
| 62 | 71 |
it {
|
| 63 | 72 |
is_expected.to contain_concat('nftables-ip-nat-chain-POSTROUTING').with(
|
| 64 | 73 |
path: '/etc/nftables/puppet/ip-nat-chain-POSTROUTING.nft', |
| ... | ... | |
| 97 | 106 |
) |
| 98 | 107 |
} |
| 99 | 108 |
end |
| 109 |
|
|
| 110 |
context 'table ip6 nat chain prerouting' do |
|
| 111 |
it {
|
|
| 112 |
is_expected.to contain_concat('nftables-ip6-nat-chain-PREROUTING6').with(
|
|
| 113 |
path: '/etc/nftables/puppet/ip6-nat-chain-PREROUTING6.nft', |
|
| 114 |
owner: 'root', |
|
| 115 |
group: 'root', |
|
| 116 |
mode: '0640', |
|
| 117 |
ensure_newline: true, |
|
| 118 |
) |
|
| 119 |
} |
|
| 120 |
it {
|
|
| 121 |
is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-PREROUTING6-header').with(
|
|
| 122 |
target: 'nftables-ip6-nat-chain-PREROUTING6', |
|
| 123 |
content: %r{^chain PREROUTING6 \{$},
|
|
| 124 |
order: '00', |
|
| 125 |
) |
|
| 126 |
} |
|
| 127 |
it {
|
|
| 128 |
is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-PREROUTING6-rule-type').with(
|
|
| 129 |
target: 'nftables-ip6-nat-chain-PREROUTING6', |
|
| 130 |
content: %r{^ type nat hook prerouting priority -100$},
|
|
| 131 |
order: '01', |
|
| 132 |
) |
|
| 133 |
} |
|
| 134 |
it {
|
|
| 135 |
is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-PREROUTING6-rule-policy').with(
|
|
| 136 |
target: 'nftables-ip6-nat-chain-PREROUTING6', |
|
| 137 |
content: %r{^ policy accept$},
|
|
| 138 |
order: '02', |
|
| 139 |
) |
|
| 140 |
} |
|
| 141 |
it {
|
|
| 142 |
is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-PREROUTING6-footer').with(
|
|
| 143 |
target: 'nftables-ip6-nat-chain-PREROUTING6', |
|
| 144 |
content: %r{^\}$},
|
|
| 145 |
order: '99', |
|
| 146 |
) |
|
| 147 |
} |
|
| 148 |
end |
|
| 149 |
|
|
| 150 |
context 'table ip nat chain postrouting' do |
|
| 151 |
it {
|
|
| 152 |
is_expected.to contain_concat('nftables-ip6-nat-chain-POSTROUTING6').with(
|
|
| 153 |
path: '/etc/nftables/puppet/ip6-nat-chain-POSTROUTING6.nft', |
|
| 154 |
owner: 'root', |
|
| 155 |
group: 'root', |
|
| 156 |
mode: '0640', |
|
| 157 |
ensure_newline: true, |
|
| 158 |
) |
|
| 159 |
} |
|
| 160 |
it {
|
|
| 161 |
is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-POSTROUTING6-header').with(
|
|
| 162 |
target: 'nftables-ip6-nat-chain-POSTROUTING6', |
|
| 163 |
content: %r{^chain POSTROUTING6 \{$},
|
|
| 164 |
order: '00', |
|
| 165 |
) |
|
| 166 |
} |
|
| 167 |
it {
|
|
| 168 |
is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-POSTROUTING6-rule-type').with(
|
|
| 169 |
target: 'nftables-ip6-nat-chain-POSTROUTING6', |
|
| 170 |
content: %r{^ type nat hook postrouting priority 100$},
|
|
| 171 |
order: '01', |
|
| 172 |
) |
|
| 173 |
} |
|
| 174 |
it {
|
|
| 175 |
is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-POSTROUTING6-rule-policy').with(
|
|
| 176 |
target: 'nftables-ip6-nat-chain-POSTROUTING6', |
|
| 177 |
content: %r{^ policy accept$},
|
|
| 178 |
order: '02', |
|
| 179 |
) |
|
| 180 |
} |
|
| 181 |
it {
|
|
| 182 |
is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-POSTROUTING6-footer').with(
|
|
| 183 |
target: 'nftables-ip6-nat-chain-POSTROUTING6', |
|
| 184 |
content: %r{^\}$},
|
|
| 185 |
order: '99', |
|
| 186 |
) |
|
| 187 |
} |
|
| 188 |
end |
|
| 100 | 189 |
end |
| 101 | 190 |
end |
| 102 | 191 |
end |
Formats disponibles : Unified diff