root / spec / classes / rules / icmp_spec.rb @ 79e9a23f
Historique | Voir | Annoter | Télécharger (2,72 ko)
| 1 | 79e9a23f | Nacho Barrientos | require 'spec_helper'
|
|---|---|---|---|
| 2 | |||
| 3 | describe 'nftables::rules::icmp' do |
||
| 4 | on_supported_os.each do |os, os_facts|
|
||
| 5 | context "on #{os}" do |
||
| 6 | let(:facts) { os_facts }
|
||
| 7 | |||
| 8 | context 'default options' do |
||
| 9 | it { is_expected.to compile }
|
||
| 10 | it {
|
||
| 11 | is_expected.to contain_nftables__rule('default_in-accept_icmpv4').with(
|
||
| 12 | content: 'ip protocol icmp accept', |
||
| 13 | order: '10', |
||
| 14 | ) |
||
| 15 | } |
||
| 16 | it {
|
||
| 17 | is_expected.to contain_nftables__rule('default_in-accept_icmpv6').with(
|
||
| 18 | content: 'ip6 nexthdr ipv6-icmp accept', |
||
| 19 | order: '10', |
||
| 20 | ) |
||
| 21 | } |
||
| 22 | end
|
||
| 23 | |||
| 24 | context 'with custom ICMP types (v4 only)' do |
||
| 25 | let(:params) do |
||
| 26 | {
|
||
| 27 | v4_types: ['echo-request limit rate 4/second', 'echo-reply'], |
||
| 28 | } |
||
| 29 | end
|
||
| 30 | |||
| 31 | it { is_expected.to compile }
|
||
| 32 | it {
|
||
| 33 | is_expected.to contain_nftables__rule('default_in-accept_icmpv4_echo_request').with(
|
||
| 34 | content: 'ip protocol icmp icmp type echo-request limit rate 4/second accept', |
||
| 35 | order: '10', |
||
| 36 | ) |
||
| 37 | } |
||
| 38 | it {
|
||
| 39 | is_expected.to contain_nftables__rule('default_in-accept_icmpv4_echo_reply').with(
|
||
| 40 | content: 'ip protocol icmp icmp type echo-reply accept', |
||
| 41 | order: '10', |
||
| 42 | ) |
||
| 43 | } |
||
| 44 | it {
|
||
| 45 | is_expected.to contain_nftables__rule('default_in-accept_icmpv6').with(
|
||
| 46 | content: 'ip6 nexthdr ipv6-icmp accept', |
||
| 47 | order: '10', |
||
| 48 | ) |
||
| 49 | } |
||
| 50 | end
|
||
| 51 | |||
| 52 | context 'with custom ICMP types (both v4 and v6)' do |
||
| 53 | let(:params) do |
||
| 54 | {
|
||
| 55 | v4_types: ['echo-request limit rate 4/second', 'echo-reply'], |
||
| 56 | v6_types: ['echo-reply', 'nd-router-advert'], |
||
| 57 | } |
||
| 58 | end
|
||
| 59 | |||
| 60 | it { is_expected.to compile }
|
||
| 61 | it {
|
||
| 62 | is_expected.to contain_nftables__rule('default_in-accept_icmpv4_echo_request').with(
|
||
| 63 | content: 'ip protocol icmp icmp type echo-request limit rate 4/second accept', |
||
| 64 | order: '10', |
||
| 65 | ) |
||
| 66 | } |
||
| 67 | it {
|
||
| 68 | is_expected.to contain_nftables__rule('default_in-accept_icmpv4_echo_reply').with(
|
||
| 69 | content: 'ip protocol icmp icmp type echo-reply accept', |
||
| 70 | order: '10', |
||
| 71 | ) |
||
| 72 | } |
||
| 73 | it {
|
||
| 74 | is_expected.to contain_nftables__rule('default_in-accept_icmpv6_echo_reply').with(
|
||
| 75 | content: 'ip6 nexthdr ipv6-icmp icmpv6 type echo-reply accept', |
||
| 76 | order: '10', |
||
| 77 | ) |
||
| 78 | } |
||
| 79 | it {
|
||
| 80 | is_expected.to contain_nftables__rule('default_in-accept_icmpv6_nd_router_advert').with(
|
||
| 81 | content: 'ip6 nexthdr ipv6-icmp icmpv6 type nd-router-advert accept', |
||
| 82 | order: '10', |
||
| 83 | ) |
||
| 84 | } |
||
| 85 | end
|
||
| 86 | end
|
||
| 87 | end
|
||
| 88 | end |