Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / spec / defines / simplerule_spec.rb @ 9d02e9f8

Historique | Voir | Annoter | Télécharger (11,9 ko)

1 
# frozen_string_literal: true
2 

    		
  

  

    
      3
    
    
      
require 'spec_helper'


    		
  

  

    
      4
    
    
      

    		
  

  

    
      5
    
    
      
describe 'nftables::simplerule' do


    		
  

  

    
      6
    
    
      
  let(:pre_condition) { 'include nftables' }


    		
  

  

    
      7
    
    
      

    		
  

  

    
      8
    
    
      
  let(:title) { 'my_default_rule_name' }


    		
  

  

    
      9
    
    
      

    		
  

  

    
      10
    
    
      
  on_supported_os.each do |os, os_facts|


    		
  

  

    
      11
    
    
      
    context "on #{os}" do


    		
  

  

    
      12
    
    
      
      let(:facts) { os_facts }


    		
  

  

    
      13
    
    
      

    		
  

  

    
      14
    
    
      
      describe 'minimum instantiation' do


    		
  

  

    
      15
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      16
    
    
      

    		
  

  

    
      17
    
    
      
        it {


    		
  

  

    
      18
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      19
    
    
      
            content: 'accept',


    		
  

  

    
      20
    
    
      
            order: '50'


    		
  

  

    
      21
    
    
      
          )


    		
  

  

    
      22
    
    
      
        }


    		
  

  

    
      23
    
    
      
      end


    		
  

  

    
      24
    
    
      

    		
  

  

    
      25
    
    
      
      describe 'dport without protocol' do


    		
  

  

    
      26
    
    
      
        let(:params) do


    		
  

  

    
      27
    
    
      
          {


    		
  

  

    
      28
    
    
      
            dport: 333,


    		
  

  

    
      29
    
    
      
          }


    		
  

  

    
      30
    
    
      
        end


    		
  

  

    
      31
    
    
      

    		
  

  

    
      32
    
    
      
        it { is_expected.not_to compile }


    		
  

  

    
      33
    
    
      
      end


    		
  

  

    
      34
    
    
      

    		
  

  

    
      35
    
    
      
      describe 'sport without protocol' do


    		
  

  

    
      36
    
    
      
        let(:params) do


    		
  

  

    
      37
    
    
      
          {


    		
  

  

    
      38
    
    
      
            sport: 333,


    		
  

  

    
      39
    
    
      
          }


    		
  

  

    
      40
    
    
      
        end


    		
  

  

    
      41
    
    
      

    		
  

  

    
      42
    
    
      
        it { is_expected.not_to compile }


    		
  

  

    
      43
    
    
      
      end


    		
  

  

    
      44
    
    
      

    		
  

  

    
      45
    
    
      
      describe 'all parameters provided' do


    		
  

  

    
      46
    
    
      
        let(:title) { 'my_big_rule' }


    		
  

  

    
      47
    
    
      
        let(:params) do


    		
  

  

    
      48
    
    
      
          {


    		
  

  

    
      49
    
    
      
            action: 'accept',


    		
  

  

    
      50
    
    
      
            comment: 'this is my rule',


    		
  

  

    
      51
    
    
      
            counter: true,


    		
  

  

    
      52
    
    
      
            dport: 333,


    		
  

  

    
      53
    
    
      
            sport: 444,


    		
  

  

    
      54
    
    
      
            proto: 'udp',


    		
  

  

    
      55
    
    
      
            chain: 'default_out',


    		
  

  

    
      56
    
    
      
            daddr: '2001:1458::/32',


    		
  

  

    
      57
    
    
      
            saddr: '2001:145c::/32',


    		
  

  

    
      58
    
    
      
          }


    		
  

  

    
      59
    
    
      
        end


    		
  

  

    
      60
    
    
      

    		
  

  

    
      61
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      62
    
    
      

    		
  

  

    
      63
    
    
      
        it {


    		
  

  

    
      64
    
    
      
          expect(subject).to contain_nftables__rule('default_out-my_big_rule').with(


    		
  

  

    
      65
    
    
      
            content: 'udp sport {444} udp dport {333} ip6 saddr 2001:145c::/32 ip6 daddr 2001:1458::/32 counter accept comment "this is my rule"',


    		
  

  

    
      66
    
    
      
            order: '50'


    		
  

  

    
      67
    
    
      
          )


    		
  

  

    
      68
    
    
      
        }


    		
  

  

    
      69
    
    
      
      end


    		
  

  

    
      70
    
    
      

    		
  

  

    
      71
    
    
      
      describe 'port range' do


    		
  

  

    
      72
    
    
      
        let(:params) do


    		
  

  

    
      73
    
    
      
          {


    		
  

  

    
      74
    
    
      
            dport: '333-334',


    		
  

  

    
      75
    
    
      
            sport: '1-2',


    		
  

  

    
      76
    
    
      
            proto: 'tcp',


    		
  

  

    
      77
    
    
      
          }


    		
  

  

    
      78
    
    
      
        end


    		
  

  

    
      79
    
    
      

    		
  

  

    
      80
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      81
    
    
      

    		
  

  

    
      82
    
    
      
        it {


    		
  

  

    
      83
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      84
    
    
      
            content: 'tcp sport {1-2} tcp dport {333-334} accept'


    		
  

  

    
      85
    
    
      
          )


    		
  

  

    
      86
    
    
      
        }


    		
  

  

    
      87
    
    
      
      end


    		
  

  

    
      88
    
    
      

    		
  

  

    
      89
    
    
      
      describe 'port array' do


    		
  

  

    
      90
    
    
      
        let(:params) do


    		
  

  

    
      91
    
    
      
          {


    		
  

  

    
      92
    
    
      
            dport: [333, 335],


    		
  

  

    
      93
    
    
      
            sport: [433, 435],


    		
  

  

    
      94
    
    
      
            proto: 'tcp',


    		
  

  

    
      95
    
    
      
          }


    		
  

  

    
      96
    
    
      
        end


    		
  

  

    
      97
    
    
      

    		
  

  

    
      98
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      99
    
    
      

    		
  

  

    
      100
    
    
      
        it {


    		
  

  

    
      101
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      102
    
    
      
            content: 'tcp sport {433, 435} tcp dport {333, 335} accept'


    		
  

  

    
      103
    
    
      
          )


    		
  

  

    
      104
    
    
      
        }


    		
  

  

    
      105
    
    
      
      end


    		
  

  

    
      106
    
    
      

    		
  

  

    
      107
    
    
      
      describe 'port array and range' do


    		
  

  

    
      108
    
    
      
        let(:params) do


    		
  

  

    
      109
    
    
      
          {


    		
  

  

    
      110
    
    
      
            dport: [333, 335, '338-339'],


    		
  

  

    
      111
    
    
      
            sport: [433, 435, '438-439'],


    		
  

  

    
      112
    
    
      
            proto: 'tcp',


    		
  

  

    
      113
    
    
      
          }


    		
  

  

    
      114
    
    
      
        end


    		
  

  

    
      115
    
    
      

    		
  

  

    
      116
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      117
    
    
      

    		
  

  

    
      118
    
    
      
        it {


    		
  

  

    
      119
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      120
    
    
      
            content: 'tcp sport {433, 435, 438-439} tcp dport {333, 335, 338-339} accept'


    		
  

  

    
      121
    
    
      
          )


    		
  

  

    
      122
    
    
      
        }


    		
  

  

    
      123
    
    
      
      end


    		
  

  

    
      124
    
    
      

    		
  

  

    
      125
    
    
      
      describe 'only sport TCP traffic' do


    		
  

  

    
      126
    
    
      
        let(:params) do


    		
  

  

    
      127
    
    
      
          {


    		
  

  

    
      128
    
    
      
            sport: 555,


    		
  

  

    
      129
    
    
      
            proto: 'tcp',


    		
  

  

    
      130
    
    
      
          }


    		
  

  

    
      131
    
    
      
        end


    		
  

  

    
      132
    
    
      

    		
  

  

    
      133
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      134
    
    
      

    		
  

  

    
      135
    
    
      
        it {


    		
  

  

    
      136
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      137
    
    
      
            content: 'tcp sport {555} accept'


    		
  

  

    
      138
    
    
      
          )


    		
  

  

    
      139
    
    
      
        }


    		
  

  

    
      140
    
    
      
      end


    		
  

  

    
      141
    
    
      

    		
  

  

    
      142
    
    
      
      describe 'only IPv4 TCP traffic' do


    		
  

  

    
      143
    
    
      
        let(:params) do


    		
  

  

    
      144
    
    
      
          {


    		
  

  

    
      145
    
    
      
            dport: 333,


    		
  

  

    
      146
    
    
      
            proto: 'tcp4',


    		
  

  

    
      147
    
    
      
          }


    		
  

  

    
      148
    
    
      
        end


    		
  

  

    
      149
    
    
      

    		
  

  

    
      150
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      151
    
    
      

    		
  

  

    
      152
    
    
      
        it {


    		
  

  

    
      153
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      154
    
    
      
            content: 'ip version 4 tcp dport {333} accept'


    		
  

  

    
      155
    
    
      
          )


    		
  

  

    
      156
    
    
      
        }


    		
  

  

    
      157
    
    
      
      end


    		
  

  

    
      158
    
    
      

    		
  

  

    
      159
    
    
      
      describe 'only IPv6 UDP traffic' do


    		
  

  

    
      160
    
    
      
        let(:params) do


    		
  

  

    
      161
    
    
      
          {


    		
  

  

    
      162
    
    
      
            dport: 33,


    		
  

  

    
      163
    
    
      
            proto: 'udp6',


    		
  

  

    
      164
    
    
      
          }


    		
  

  

    
      165
    
    
      
        end


    		
  

  

    
      166
    
    
      

    		
  

  

    
      167
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      168
    
    
      

    		
  

  

    
      169
    
    
      
        it {


    		
  

  

    
      170
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      171
    
    
      
            content: 'ip6 version 6 udp dport {33} accept'


    		
  

  

    
      172
    
    
      
          )


    		
  

  

    
      173
    
    
      
        }


    		
  

  

    
      174
    
    
      
      end


    		
  

  

    
      175
    
    
      

    		
  

  

    
      176
    
    
      
      describe 'only IPv6 TCP traffic' do


    		
  

  

    
      177
    
    
      
        let(:params) do


    		
  

  

    
      178
    
    
      
          {


    		
  

  

    
      179
    
    
      
            dport: 35,


    		
  

  

    
      180
    
    
      
            proto: 'tcp6',


    		
  

  

    
      181
    
    
      
          }


    		
  

  

    
      182
    
    
      
        end


    		
  

  

    
      183
    
    
      

    		
  

  

    
      184
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      185
    
    
      

    		
  

  

    
      186
    
    
      
        it {


    		
  

  

    
      187
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      188
    
    
      
            content: 'ip6 version 6 tcp dport {35} accept'


    		
  

  

    
      189
    
    
      
          )


    		
  

  

    
      190
    
    
      
        }


    		
  

  

    
      191
    
    
      
      end


    		
  

  

    
      192
    
    
      

    		
  

  

    
      193
    
    
      
      describe 'with an IPv4 CIDR as daddr' do


    		
  

  

    
      194
    
    
      
        let(:params) do


    		
  

  

    
      195
    
    
      
          {


    		
  

  

    
      196
    
    
      
            daddr: '192.168.0.1/24',


    		
  

  

    
      197
    
    
      
            dport: 33,


    		
  

  

    
      198
    
    
      
            proto: 'tcp',


    		
  

  

    
      199
    
    
      
          }


    		
  

  

    
      200
    
    
      
        end


    		
  

  

    
      201
    
    
      

    		
  

  

    
      202
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      203
    
    
      

    		
  

  

    
      204
    
    
      
        it {


    		
  

  

    
      205
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      206
    
    
      
            content: 'tcp dport {33} ip daddr 192.168.0.1/24 accept'


    		
  

  

    
      207
    
    
      
          )


    		
  

  

    
      208
    
    
      
        }


    		
  

  

    
      209
    
    
      
      end


    		
  

  

    
      210
    
    
      

    		
  

  

    
      211
    
    
      
      describe 'with an IPV4 array address as daddr' do


    		
  

  

    
      212
    
    
      
        let(:params) do


    		
  

  

    
      213
    
    
      
          {


    		
  

  

    
      214
    
    
      
            daddr: ['172.16.1.5', '172.16.1.10', '172.16.1.15'],


    		
  

  

    
      215
    
    
      
          }


    		
  

  

    
      216
    
    
      
        end


    		
  

  

    
      217
    
    
      

    		
  

  

    
      218
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      219
    
    
      

    		
  

  

    
      220
    
    
      
        it {


    		
  

  

    
      221
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      222
    
    
      
            content: 'ip daddr {172.16.1.5, 172.16.1.10, 172.16.1.15} accept'


    		
  

  

    
      223
    
    
      
          )


    		
  

  

    
      224
    
    
      
        }


    		
  

  

    
      225
    
    
      
      end


    		
  

  

    
      226
    
    
      

    		
  

  

    
      227
    
    
      
      describe 'with an IPv6 address as daddr' do


    		
  

  

    
      228
    
    
      
        let(:params) do


    		
  

  

    
      229
    
    
      
          {


    		
  

  

    
      230
    
    
      
            daddr: '2001:1458::1',


    		
  

  

    
      231
    
    
      
          }


    		
  

  

    
      232
    
    
      
        end


    		
  

  

    
      233
    
    
      

    		
  

  

    
      234
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      235
    
    
      

    		
  

  

    
      236
    
    
      
        it {


    		
  

  

    
      237
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      238
    
    
      
            content: 'ip6 daddr 2001:1458::1 accept'


    		
  

  

    
      239
    
    
      
          )


    		
  

  

    
      240
    
    
      
        }


    		
  

  

    
      241
    
    
      
      end


    		
  

  

    
      242
    
    
      

    		
  

  

    
      243
    
    
      
      describe 'with an IPV6 array address as daddr' do


    		
  

  

    
      244
    
    
      
        let(:params) do


    		
  

  

    
      245
    
    
      
          {


    		
  

  

    
      246
    
    
      
            daddr: ['2001:1458:0000:0000:0000:0000:0000:0003', '8896:d5d9:e6f4:dd8f:af69:f5c0:0131:264f'],


    		
  

  

    
      247
    
    
      
          }


    		
  

  

    
      248
    
    
      
        end


    		
  

  

    
      249
    
    
      

    		
  

  

    
      250
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      251
    
    
      

    		
  

  

    
      252
    
    
      
        it {


    		
  

  

    
      253
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      254
    
    
      
            content: 'ip6 daddr {2001:1458:0000:0000:0000:0000:0000:0003, 8896:d5d9:e6f4:dd8f:af69:f5c0:0131:264f} accept'


    		
  

  

    
      255
    
    
      
          )


    		
  

  

    
      256
    
    
      
        }


    		
  

  

    
      257
    
    
      
      end


    		
  

  

    
      258
    
    
      

    		
  

  

    
      259
    
    
      
      describe 'with a @addr IPV4 set as daddr' do


    		
  

  

    
      260
    
    
      
        let(:params) do


    		
  

  

    
      261
    
    
      
          {


    		
  

  

    
      262
    
    
      
            daddr: '@my4_set',


    		
  

  

    
      263
    
    
      
            set_type: 'ip',


    		
  

  

    
      264
    
    
      
          }


    		
  

  

    
      265
    
    
      
        end


    		
  

  

    
      266
    
    
      

    		
  

  

    
      267
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      268
    
    
      

    		
  

  

    
      269
    
    
      
        it {


    		
  

  

    
      270
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      271
    
    
      
            content: 'ip daddr @my4_set accept'


    		
  

  

    
      272
    
    
      
          )


    		
  

  

    
      273
    
    
      
        }


    		
  

  

    
      274
    
    
      
      end


    		
  

  

    
      275
    
    
      

    		
  

  

    
      276
    
    
      
      describe 'with a @addr IPV4 array set as daddr' do


    		
  

  

    
      277
    
    
      
        let(:params) do


    		
  

  

    
      278
    
    
      
          {


    		
  

  

    
      279
    
    
      
            daddr: ['@my4_1_set', '@my4_2_set'],


    		
  

  

    
      280
    
    
      
            set_type: 'ip',


    		
  

  

    
      281
    
    
      
          }


    		
  

  

    
      282
    
    
      
        end


    		
  

  

    
      283
    
    
      

    		
  

  

    
      284
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      285
    
    
      

    		
  

  

    
      286
    
    
      
        it {


    		
  

  

    
      287
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      288
    
    
      
            content: 'ip daddr {@my4_1_set, @my4_2_set} accept'


    		
  

  

    
      289
    
    
      
          )


    		
  

  

    
      290
    
    
      
        }


    		
  

  

    
      291
    
    
      
      end


    		
  

  

    
      292
    
    
      

    		
  

  

    
      293
    
    
      
      describe 'with an @addr IPV6 set as daddr, default set_type' do


    		
  

  

    
      294
    
    
      
        let(:params) do


    		
  

  

    
      295
    
    
      
          {


    		
  

  

    
      296
    
    
      
            daddr: '@my6_set',


    		
  

  

    
      297
    
    
      
          }


    		
  

  

    
      298
    
    
      
        end


    		
  

  

    
      299
    
    
      

    		
  

  

    
      300
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      301
    
    
      

    		
  

  

    
      302
    
    
      
        it {


    		
  

  

    
      303
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      304
    
    
      
            content: 'ip6 daddr @my6_set accept'


    		
  

  

    
      305
    
    
      
          )


    		
  

  

    
      306
    
    
      
        }


    		
  

  

    
      307
    
    
      
      end


    		
  

  

    
      308
    
    
      

    		
  

  

    
      309
    
    
      
      describe 'with an @addr IPV6 array set as daddr, default set_type' do


    		
  

  

    
      310
    
    
      
        let(:params) do


    		
  

  

    
      311
    
    
      
          {


    		
  

  

    
      312
    
    
      
            daddr: ['@my6_1_set', '@my6_2_set'],


    		
  

  

    
      313
    
    
      
          }


    		
  

  

    
      314
    
    
      
        end


    		
  

  

    
      315
    
    
      

    		
  

  

    
      316
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      317
    
    
      

    		
  

  

    
      318
    
    
      
        it {


    		
  

  

    
      319
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      320
    
    
      
            content: 'ip6 daddr {@my6_1_set, @my6_2_set} accept'


    		
  

  

    
      321
    
    
      
          )


    		
  

  

    
      322
    
    
      
        }


    		
  

  

    
      323
    
    
      
      end


    		
  

  

    
      324
    
    
      

    		
  

  

    
      325
    
    
      
      describe 'with an IPv4 address as saddr' do


    		
  

  

    
      326
    
    
      
        let(:params) do


    		
  

  

    
      327
    
    
      
          {


    		
  

  

    
      328
    
    
      
            saddr: '172.16.1.5',


    		
  

  

    
      329
    
    
      
          }


    		
  

  

    
      330
    
    
      
        end


    		
  

  

    
      331
    
    
      

    		
  

  

    
      332
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      333
    
    
      

    		
  

  

    
      334
    
    
      
        it {


    		
  

  

    
      335
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      336
    
    
      
            content: 'ip saddr 172.16.1.5 accept'


    		
  

  

    
      337
    
    
      
          )


    		
  

  

    
      338
    
    
      
        }


    		
  

  

    
      339
    
    
      
      end


    		
  

  

    
      340
    
    
      

    		
  

  

    
      341
    
    
      
      describe 'with an IPV4 array address as saddr' do


    		
  

  

    
      342
    
    
      
        let(:params) do


    		
  

  

    
      343
    
    
      
          {


    		
  

  

    
      344
    
    
      
            saddr: ['172.16.1.5', '172.16.1.10', '172.16.1.15'],


    		
  

  

    
      345
    
    
      
          }


    		
  

  

    
      346
    
    
      
        end


    		
  

  

    
      347
    
    
      

    		
  

  

    
      348
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      349
    
    
      

    		
  

  

    
      350
    
    
      
        it {


    		
  

  

    
      351
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      352
    
    
      
            content: 'ip saddr {172.16.1.5, 172.16.1.10, 172.16.1.15} accept'


    		
  

  

    
      353
    
    
      
          )


    		
  

  

    
      354
    
    
      
        }


    		
  

  

    
      355
    
    
      
      end


    		
  

  

    
      356
    
    
      

    		
  

  

    
      357
    
    
      
      describe 'with an IPv6 address as saddr' do


    		
  

  

    
      358
    
    
      
        let(:params) do


    		
  

  

    
      359
    
    
      
          {


    		
  

  

    
      360
    
    
      
            saddr: '2001:1458:0000:0000:0000:0000:0000:0003',


    		
  

  

    
      361
    
    
      
          }


    		
  

  

    
      362
    
    
      
        end


    		
  

  

    
      363
    
    
      

    		
  

  

    
      364
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      365
    
    
      

    		
  

  

    
      366
    
    
      
        it {


    		
  

  

    
      367
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      368
    
    
      
            content: 'ip6 saddr 2001:1458:0000:0000:0000:0000:0000:0003 accept'


    		
  

  

    
      369
    
    
      
          )


    		
  

  

    
      370
    
    
      
        }


    		
  

  

    
      371
    
    
      
      end


    		
  

  

    
      372
    
    
      

    		
  

  

    
      373
    
    
      
      describe 'with an IPV6 array address as saddr' do


    		
  

  

    
      374
    
    
      
        let(:params) do


    		
  

  

    
      375
    
    
      
          {


    		
  

  

    
      376
    
    
      
            saddr: ['2001:1458:0000:0000:0000:0000:0000:0003', '8896:d5d9:e6f4:dd8f:af69:f5c0:0131:264f'],


    		
  

  

    
      377
    
    
      
          }


    		
  

  

    
      378
    
    
      
        end


    		
  

  

    
      379
    
    
      

    		
  

  

    
      380
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      381
    
    
      

    		
  

  

    
      382
    
    
      
        it {


    		
  

  

    
      383
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      384
    
    
      
            content: 'ip6 saddr {2001:1458:0000:0000:0000:0000:0000:0003, 8896:d5d9:e6f4:dd8f:af69:f5c0:0131:264f} accept'


    		
  

  

    
      385
    
    
      
          )


    		
  

  

    
      386
    
    
      
        }


    		
  

  

    
      387
    
    
      
      end


    		
  

  

    
      388
    
    
      

    		
  

  

    
      389
    
    
      
      describe 'with a @addr IPV4 set as saddr' do


    		
  

  

    
      390
    
    
      
        let(:params) do


    		
  

  

    
      391
    
    
      
          {


    		
  

  

    
      392
    
    
      
            saddr: '@my4_set',


    		
  

  

    
      393
    
    
      
            set_type: 'ip',


    		
  

  

    
      394
    
    
      
          }


    		
  

  

    
      395
    
    
      
        end


    		
  

  

    
      396
    
    
      

    		
  

  

    
      397
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      398
    
    
      

    		
  

  

    
      399
    
    
      
        it {


    		
  

  

    
      400
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      401
    
    
      
            content: 'ip saddr @my4_set accept'


    		
  

  

    
      402
    
    
      
          )


    		
  

  

    
      403
    
    
      
        }


    		
  

  

    
      404
    
    
      
      end


    		
  

  

    
      405
    
    
      

    		
  

  

    
      406
    
    
      
      describe 'with a @addr IPV4 array set as saddr' do


    		
  

  

    
      407
    
    
      
        let(:params) do


    		
  

  

    
      408
    
    
      
          {


    		
  

  

    
      409
    
    
      
            saddr: ['@my4_1_set', '@my4_2_set'],


    		
  

  

    
      410
    
    
      
            set_type: 'ip',


    		
  

  

    
      411
    
    
      
          }


    		
  

  

    
      412
    
    
      
        end


    		
  

  

    
      413
    
    
      

    		
  

  

    
      414
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      415
    
    
      

    		
  

  

    
      416
    
    
      
        it {


    		
  

  

    
      417
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      418
    
    
      
            content: 'ip saddr {@my4_1_set, @my4_2_set} accept'


    		
  

  

    
      419
    
    
      
          )


    		
  

  

    
      420
    
    
      
        }


    		
  

  

    
      421
    
    
      
      end


    		
  

  

    
      422
    
    
      

    		
  

  

    
      423
    
    
      
      describe 'with an @addr IPV6 set as saddr, default set_type' do


    		
  

  

    
      424
    
    
      
        let(:params) do


    		
  

  

    
      425
    
    
      
          {


    		
  

  

    
      426
    
    
      
            saddr: '@my6_set',


    		
  

  

    
      427
    
    
      
          }


    		
  

  

    
      428
    
    
      
        end


    		
  

  

    
      429
    
    
      

    		
  

  

    
      430
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      431
    
    
      

    		
  

  

    
      432
    
    
      
        it {


    		
  

  

    
      433
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      434
    
    
      
            content: 'ip6 saddr @my6_set accept'


    		
  

  

    
      435
    
    
      
          )


    		
  

  

    
      436
    
    
      
        }


    		
  

  

    
      437
    
    
      
      end


    		
  

  

    
      438
    
    
      

    		
  

  

    
      439
    
    
      
      describe 'with an @addr IPV6 array set as saddr, default set_type' do


    		
  

  

    
      440
    
    
      
        let(:params) do


    		
  

  

    
      441
    
    
      
          {


    		
  

  

    
      442
    
    
      
            saddr: ['@my6_1_set', '@my6_2_set'],


    		
  

  

    
      443
    
    
      
          }


    		
  

  

    
      444
    
    
      
        end


    		
  

  

    
      445
    
    
      

    		
  

  

    
      446
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      447
    
    
      

    		
  

  

    
      448
    
    
      
        it {


    		
  

  

    
      449
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      450
    
    
      
            content: 'ip6 saddr {@my6_1_set, @my6_2_set} accept'


    		
  

  

    
      451
    
    
      
          )


    		
  

  

    
      452
    
    
      
        }


    		
  

  

    
      453
    
    
      
      end


    		
  

  

    
      454
    
    
      

    		
  

  

    
      455
    
    
      
      describe 'with counter enabled' do


    		
  

  

    
      456
    
    
      
        let(:params) do


    		
  

  

    
      457
    
    
      
          {


    		
  

  

    
      458
    
    
      
            counter: true,


    		
  

  

    
      459
    
    
      
          }


    		
  

  

    
      460
    
    
      
        end


    		
  

  

    
      461
    
    
      

    		
  

  

    
      462
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      463
    
    
      

    		
  

  

    
      464
    
    
      
        it {


    		
  

  

    
      465
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      466
    
    
      
            content: 'counter accept'


    		
  

  

    
      467
    
    
      
          )


    		
  

  

    
      468
    
    
      
        }


    		
  

  

    
      469
    
    
      
      end


    		
  

  

    
      470
    
    
      

    		
  

  

    
      471
    
    
      
      describe 'counter and continue sport' do


    		
  

  

    
      472
    
    
      
        let(:params) do


    		
  

  

    
      473
    
    
      
          {


    		
  

  

    
      474
    
    
      
            proto: 'tcp',


    		
  

  

    
      475
    
    
      
            sport: 80,


    		
  

  

    
      476
    
    
      
            counter: true,


    		
  

  

    
      477
    
    
      
            action: 'continue',


    		
  

  

    
      478
    
    
      
          }


    		
  

  

    
      479
    
    
      
        end


    		
  

  

    
      480
    
    
      

    		
  

  

    
      481
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      482
    
    
      

    		
  

  

    
      483
    
    
      
        it {


    		
  

  

    
      484
    
    
      
          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(


    		
  

  

    
      485
    
    
      
            content: 'tcp sport {80} counter continue'


    		
  

  

    
      486
    
    
      
          )


    		
  

  

    
      487
    
    
      
        }


    		
  

  

    
      488
    
    
      
      end


    		
  

  

    
      489
    
    
      
    end


    		
  

  

    
      490
    
    
      
  end


    		
  

  

    
      491
    
    
      
end