root / spec / classes / router_spec.rb @ c3515492
Historique | Voir | Annoter | Télécharger (5,65 ko)
| 1 | d78c1613 | tr | require 'spec_helper'
|
|---|---|---|---|
| 2 | |||
| 3 | describe 'nftables' do |
||
| 4 | let(:pre_condition) { 'Exec{path => "/bin"}' } |
||
| 5 | |||
| 6 | on_supported_os.each do |os, os_facts|
|
||
| 7 | context "on #{os}" do |
||
| 8 | let(:facts) { os_facts }
|
||
| 9 | |||
| 10 | 8f5d09ec | tr | context 'as router' do |
| 11 | let(:pre_condition) do |
||
| 12 | 01d8a819 | tr | '
|
| 13 | 351a88fb | tr | # inet-filter-chain-default_fwd
|
| 14 | d78c1613 | tr | nftables::rule{
|
| 15 | 01d8a819 | tr | \'default_fwd-out\':
|
| 16 | order => \'20\',
|
||
| 17 | content => \'iifname eth1 oifname eth0 accept\';
|
||
| 18 | \'default_fwd-drop\':
|
||
| 19 | order => \'90\',
|
||
| 20 | content => \'iifname eth0 drop\';
|
||
| 21 | 2a3b45ec | tr | }
|
| 22 | af544fea | tr |
|
| 23 | 2a3b45ec | tr | nftables::rules::masquerade{
|
| 24 | 01d8a819 | tr | \'masquerade\':
|
| 25 | order => \'20\',
|
||
| 26 | oif => \'eth0\';
|
||
| 27 | d78c1613 | tr | }
|
| 28 | 01d8a819 | tr | '
|
| 29 | 8f5d09ec | tr | end
|
| 30 | d78c1613 | tr | |
| 31 | it { is_expected.to compile }
|
||
| 32 | |||
| 33 | 01d8a819 | tr | it {
|
| 34 | is_expected.to contain_concat('nftables-inet-filter-chain-default_fwd').with(
|
||
| 35 | 30462da1 | Steve Traylen | path: '/etc/nftables/puppet-preflight/inet-filter-chain-default_fwd.nft', |
| 36 | 01d8a819 | tr | owner: 'root', |
| 37 | group: 'root', |
||
| 38 | mode: '0640', |
||
| 39 | ensure_newline: true, |
||
| 40 | ) |
||
| 41 | } |
||
| 42 | it {
|
||
| 43 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-header').with(
|
||
| 44 | target: 'nftables-inet-filter-chain-default_fwd', |
||
| 45 | content: %r{^chain default_fwd \{$}, |
||
| 46 | order: '00', |
||
| 47 | ) |
||
| 48 | } |
||
| 49 | it {
|
||
| 50 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-rule-out').with(
|
||
| 51 | target: 'nftables-inet-filter-chain-default_fwd', |
||
| 52 | content: %r{^ iifname eth1 oifname eth0 accept$}, |
||
| 53 | 61f03b47 | Steve Traylen | order: '20-nftables-inet-filter-chain-default_fwd-rule-out-b', |
| 54 | 01d8a819 | tr | ) |
| 55 | } |
||
| 56 | it {
|
||
| 57 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-rule-drop').with(
|
||
| 58 | target: 'nftables-inet-filter-chain-default_fwd', |
||
| 59 | content: %r{^ iifname eth0 drop$}, |
||
| 60 | 61f03b47 | Steve Traylen | order: '90-nftables-inet-filter-chain-default_fwd-rule-drop-b', |
| 61 | 01d8a819 | tr | ) |
| 62 | } |
||
| 63 | it {
|
||
| 64 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-footer').with(
|
||
| 65 | target: 'nftables-inet-filter-chain-default_fwd', |
||
| 66 | content: %r{^\}$}, |
||
| 67 | order: '99', |
||
| 68 | ) |
||
| 69 | } |
||
| 70 | d78c1613 | tr | |
| 71 | 01d8a819 | tr | it {
|
| 72 | is_expected.to contain_concat('nftables-ip-nat-chain-PREROUTING').with(
|
||
| 73 | 30462da1 | Steve Traylen | path: '/etc/nftables/puppet-preflight/ip-nat-chain-PREROUTING.nft', |
| 74 | 01d8a819 | tr | owner: 'root', |
| 75 | group: 'root', |
||
| 76 | mode: '0640', |
||
| 77 | ensure_newline: true, |
||
| 78 | ) |
||
| 79 | } |
||
| 80 | it {
|
||
| 81 | is_expected.to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-header').with(
|
||
| 82 | target: 'nftables-ip-nat-chain-PREROUTING', |
||
| 83 | content: %r{^chain PREROUTING \{$}, |
||
| 84 | order: '00', |
||
| 85 | ) |
||
| 86 | } |
||
| 87 | it {
|
||
| 88 | is_expected.to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-rule-type').with(
|
||
| 89 | target: 'nftables-ip-nat-chain-PREROUTING', |
||
| 90 | content: %r{^ type nat hook prerouting priority -100$}, |
||
| 91 | 61f03b47 | Steve Traylen | order: '01-nftables-ip-nat-chain-PREROUTING-rule-type-b', |
| 92 | 01d8a819 | tr | ) |
| 93 | } |
||
| 94 | it {
|
||
| 95 | is_expected.to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-rule-policy').with(
|
||
| 96 | target: 'nftables-ip-nat-chain-PREROUTING', |
||
| 97 | content: %r{^ policy accept$}, |
||
| 98 | 61f03b47 | Steve Traylen | order: '02-nftables-ip-nat-chain-PREROUTING-rule-policy-b', |
| 99 | 01d8a819 | tr | ) |
| 100 | } |
||
| 101 | it {
|
||
| 102 | is_expected.to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-footer').with(
|
||
| 103 | target: 'nftables-ip-nat-chain-PREROUTING', |
||
| 104 | content: %r{^\}$}, |
||
| 105 | order: '99', |
||
| 106 | ) |
||
| 107 | } |
||
| 108 | 95b1259b | tr | |
| 109 | 01d8a819 | tr | it {
|
| 110 | is_expected.to contain_concat('nftables-ip-nat-chain-POSTROUTING').with(
|
||
| 111 | 30462da1 | Steve Traylen | path: '/etc/nftables/puppet-preflight/ip-nat-chain-POSTROUTING.nft', |
| 112 | 01d8a819 | tr | owner: 'root', |
| 113 | group: 'root', |
||
| 114 | mode: '0640', |
||
| 115 | ensure_newline: true, |
||
| 116 | ) |
||
| 117 | } |
||
| 118 | it {
|
||
| 119 | is_expected.to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-header').with(
|
||
| 120 | target: 'nftables-ip-nat-chain-POSTROUTING', |
||
| 121 | content: %r{^chain POSTROUTING \{$}, |
||
| 122 | order: '00', |
||
| 123 | ) |
||
| 124 | } |
||
| 125 | it {
|
||
| 126 | is_expected.to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-type').with(
|
||
| 127 | target: 'nftables-ip-nat-chain-POSTROUTING', |
||
| 128 | content: %r{^ type nat hook postrouting priority 100$}, |
||
| 129 | 61f03b47 | Steve Traylen | order: '01-nftables-ip-nat-chain-POSTROUTING-rule-type-b', |
| 130 | 01d8a819 | tr | ) |
| 131 | } |
||
| 132 | it {
|
||
| 133 | is_expected.to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-policy').with(
|
||
| 134 | target: 'nftables-ip-nat-chain-POSTROUTING', |
||
| 135 | content: %r{^ policy accept$}, |
||
| 136 | 61f03b47 | Steve Traylen | order: '02-nftables-ip-nat-chain-POSTROUTING-rule-policy-b', |
| 137 | 01d8a819 | tr | ) |
| 138 | } |
||
| 139 | it {
|
||
| 140 | is_expected.to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-masquerade').with(
|
||
| 141 | target: 'nftables-ip-nat-chain-POSTROUTING', |
||
| 142 | content: %r{^ oifname eth0 masquerade$}, |
||
| 143 | 61f03b47 | Steve Traylen | order: '20-nftables-ip-nat-chain-POSTROUTING-rule-masquerade-b', |
| 144 | 01d8a819 | tr | ) |
| 145 | } |
||
| 146 | it {
|
||
| 147 | is_expected.to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-footer').with(
|
||
| 148 | target: 'nftables-ip-nat-chain-POSTROUTING', |
||
| 149 | content: %r{^\}$}, |
||
| 150 | order: '99', |
||
| 151 | ) |
||
| 152 | } |
||
| 153 | d78c1613 | tr | end
|
| 154 | end
|
||
| 155 | end
|
||
| 156 | end |