Révision e0bb7852
Change default hash location to /var/tmp to survive reboots and avoid bogus nftables reload
| manifests/init.pp | ||
|---|---|---|
| 148 | 148 |
Hash $sets = {},
|
| 149 | 149 |
String $log_prefix = '[nftables] %<chain>s %<comment>s', |
| 150 | 150 |
String[1] $nat_table_name = 'nat', |
| 151 |
Stdlib::Unixpath $inmem_rules_hash_file = '/run/puppet-nft-memhash',
|
|
| 151 |
Stdlib::Unixpath $inmem_rules_hash_file = '/var/tmp/puppet-nft-memhash',
|
|
| 152 | 152 |
Boolean $log_discarded = true, |
| 153 | 153 |
Variant[Boolean[false], String] $log_limit = '3/minute burst 5 packets', |
| 154 | 154 |
Variant[Boolean[false], Pattern[/icmp(v6|x)? type .+|tcp reset/]] $reject_with = 'icmpx type port-unreachable', |
| spec/classes/nftables_spec.rb | ||
|---|---|---|
| 139 | 139 |
} |
| 140 | 140 |
|
| 141 | 141 |
it {
|
| 142 |
expect(subject).not_to contain_file('/run/puppet-nft-memhash')
|
|
| 142 |
expect(subject).not_to contain_file('/var/tmp/puppet-nft-memhash')
|
|
| 143 | 143 |
} |
| 144 | 144 |
|
| 145 | 145 |
it {
|
| ... | ... | |
| 318 | 318 |
} |
| 319 | 319 |
end |
| 320 | 320 |
|
| 321 |
it { is_expected.not_to contain_file('/foo/bar') }
|
|
| 322 |
|
|
| 323 | 321 |
it {
|
| 324 | 322 |
is_expected.to contain_exec('nftables_memory_state_check').with(
|
| 325 | 323 |
command: %w[echo reloading_nftables], |
Formats disponibles : Unified diff