Révision d7d6d5d3
simplerule: Add support for outgoing interface filtering
| spec/acceptance/simple_rule_iifname_spec.rb | ||
|---|---|---|
| 3 | 3 |
require 'spec_helper_acceptance' |
| 4 | 4 |
|
| 5 | 5 |
describe 'nftables class' do |
| 6 |
context 'configure a simple rule with input interface' do
|
|
| 6 |
context 'configure a simple rule with interface' do |
|
| 7 | 7 |
it_behaves_like 'an idempotent resource' do |
| 8 | 8 |
let(:manifest) do |
| 9 | 9 |
<<-EOS |
| ... | ... | |
| 19 | 19 |
in_ssh => false, |
| 20 | 20 |
in_icmp => false, |
| 21 | 21 |
} |
| 22 |
# just incoming interface |
|
| 22 | 23 |
nftables::simplerule { 'dummyrule_in':
|
| 23 | 24 |
action => 'accept', |
| 24 | 25 |
iifname => $facts['networking']['primary'], |
| 25 | 26 |
comment => 'allow some multicast stuff', |
| 26 | 27 |
daddr => 'ff02::fb', |
| 27 | 28 |
} |
| 29 |
# just outgoing interface |
|
| 30 |
nftables::simplerule { 'dummyrule_out':
|
|
| 31 |
action => 'accept', |
|
| 32 |
oifname => $facts['networking']['primary'], |
|
| 33 |
comment => 'allow some multicast stuff', |
|
| 34 |
chain => 'default_out', |
|
| 35 |
daddr => 'ff02::fb', |
|
| 36 |
} |
|
| 37 |
# outgoing + incoming interface |
|
| 38 |
nftables::simplerule { 'dummyrule_fwd':
|
|
| 39 |
action => 'accept', |
|
| 40 |
iifname => $facts['networking']['primary'], |
|
| 41 |
oifname => 'lo', |
|
| 42 |
comment => 'allow some multicast stuff', |
|
| 43 |
chain => 'default_fwd', |
|
| 44 |
daddr => 'ff02::fb', |
|
| 45 |
} |
|
| 28 | 46 |
include nftables::rules::ssh |
| 29 | 47 |
include nftables::rules::out::dns |
| 30 | 48 |
include nftables::rules::out::ssh |
Formats disponibles : Unified diff