Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / spec / classes / rules / icmp_spec.rb @ c94658e1

Historique | Voir | Annoter | Télécharger (2,72 ko)

1 
require 'spec_helper'
2 

    		
  

  

    
      3
    
    
      
describe 'nftables::rules::icmp' do


    		
  

  

    
      4
    
    
      
  on_supported_os.each do |os, os_facts|


    		
  

  

    
      5
    
    
      
    context "on #{os}" do


    		
  

  

    
      6
    
    
      
      let(:facts) { os_facts }


    		
  

  

    
      7
    
    
      

    		
  

  

    
      8
    
    
      
      context 'default options' do


    		
  

  

    
      9
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      10
    
    
      
        it {


    		
  

  

    
      11
    
    
      
          is_expected.to contain_nftables__rule('default_in-accept_icmpv4').with(


    		
  

  

    
      12
    
    
      
            content: 'ip protocol icmp accept',


    		
  

  

    
      13
    
    
      
            order: '10',


    		
  

  

    
      14
    
    
      
          )


    		
  

  

    
      15
    
    
      
        }


    		
  

  

    
      16
    
    
      
        it {


    		
  

  

    
      17
    
    
      
          is_expected.to contain_nftables__rule('default_in-accept_icmpv6').with(


    		
  

  

    
      18
    
    
      
            content: 'ip6 nexthdr ipv6-icmp accept',


    		
  

  

    
      19
    
    
      
            order: '10',


    		
  

  

    
      20
    
    
      
          )


    		
  

  

    
      21
    
    
      
        }


    		
  

  

    
      22
    
    
      
      end


    		
  

  

    
      23
    
    
      

    		
  

  

    
      24
    
    
      
      context 'with custom ICMP types (v4 only)' do


    		
  

  

    
      25
    
    
      
        let(:params) do


    		
  

  

    
      26
    
    
      
          {


    		
  

  

    
      27
    
    
      
            v4_types: ['echo-request limit rate 4/second', 'echo-reply'],


    		
  

  

    
      28
    
    
      
          }


    		
  

  

    
      29
    
    
      
        end


    		
  

  

    
      30
    
    
      

    		
  

  

    
      31
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      32
    
    
      
        it {


    		
  

  

    
      33
    
    
      
          is_expected.to contain_nftables__rule('default_in-accept_icmpv4_echo_request').with(


    		
  

  

    
      34
    
    
      
            content: 'ip protocol icmp icmp type echo-request limit rate 4/second accept',


    		
  

  

    
      35
    
    
      
            order: '10',


    		
  

  

    
      36
    
    
      
          )


    		
  

  

    
      37
    
    
      
        }


    		
  

  

    
      38
    
    
      
        it {


    		
  

  

    
      39
    
    
      
          is_expected.to contain_nftables__rule('default_in-accept_icmpv4_echo_reply').with(


    		
  

  

    
      40
    
    
      
            content: 'ip protocol icmp icmp type echo-reply accept',


    		
  

  

    
      41
    
    
      
            order: '10',


    		
  

  

    
      42
    
    
      
          )


    		
  

  

    
      43
    
    
      
        }


    		
  

  

    
      44
    
    
      
        it {


    		
  

  

    
      45
    
    
      
          is_expected.to contain_nftables__rule('default_in-accept_icmpv6').with(


    		
  

  

    
      46
    
    
      
            content: 'ip6 nexthdr ipv6-icmp accept',


    		
  

  

    
      47
    
    
      
            order: '10',


    		
  

  

    
      48
    
    
      
          )


    		
  

  

    
      49
    
    
      
        }


    		
  

  

    
      50
    
    
      
      end


    		
  

  

    
      51
    
    
      

    		
  

  

    
      52
    
    
      
      context 'with custom ICMP types (both v4 and v6)' do


    		
  

  

    
      53
    
    
      
        let(:params) do


    		
  

  

    
      54
    
    
      
          {


    		
  

  

    
      55
    
    
      
            v4_types: ['echo-request limit rate 4/second', 'echo-reply'],


    		
  

  

    
      56
    
    
      
            v6_types: ['echo-reply', 'nd-router-advert'],


    		
  

  

    
      57
    
    
      
          }


    		
  

  

    
      58
    
    
      
        end


    		
  

  

    
      59
    
    
      

    		
  

  

    
      60
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      61
    
    
      
        it {


    		
  

  

    
      62
    
    
      
          is_expected.to contain_nftables__rule('default_in-accept_icmpv4_echo_request').with(


    		
  

  

    
      63
    
    
      
            content: 'ip protocol icmp icmp type echo-request limit rate 4/second accept',


    		
  

  

    
      64
    
    
      
            order: '10',


    		
  

  

    
      65
    
    
      
          )


    		
  

  

    
      66
    
    
      
        }


    		
  

  

    
      67
    
    
      
        it {


    		
  

  

    
      68
    
    
      
          is_expected.to contain_nftables__rule('default_in-accept_icmpv4_echo_reply').with(


    		
  

  

    
      69
    
    
      
            content: 'ip protocol icmp icmp type echo-reply accept',


    		
  

  

    
      70
    
    
      
            order: '10',


    		
  

  

    
      71
    
    
      
          )


    		
  

  

    
      72
    
    
      
        }


    		
  

  

    
      73
    
    
      
        it {


    		
  

  

    
      74
    
    
      
          is_expected.to contain_nftables__rule('default_in-accept_icmpv6_echo_reply').with(


    		
  

  

    
      75
    
    
      
            content: 'ip6 nexthdr ipv6-icmp icmpv6 type echo-reply accept',


    		
  

  

    
      76
    
    
      
            order: '10',


    		
  

  

    
      77
    
    
      
          )


    		
  

  

    
      78
    
    
      
        }


    		
  

  

    
      79
    
    
      
        it {


    		
  

  

    
      80
    
    
      
          is_expected.to contain_nftables__rule('default_in-accept_icmpv6_nd_router_advert').with(


    		
  

  

    
      81
    
    
      
            content: 'ip6 nexthdr ipv6-icmp icmpv6 type nd-router-advert accept',


    		
  

  

    
      82
    
    
      
            order: '10',


    		
  

  

    
      83
    
    
      
          )


    		
  

  

    
      84
    
    
      
        }


    		
  

  

    
      85
    
    
      
      end


    		
  

  

    
      86
    
    
      
    end


    		
  

  

    
      87
    
    
      
  end


    		
  

  

    
      88
    
    
      
end