Révision e17693e3
New parameter out_all, default false
In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.
Default is false so backwards compatible.
If true all the other out_bound rules (ntp, ...) will be disabled
since not needed.
| spec/classes/nftables_spec.rb | ||
|---|---|---|
| 46 | 46 |
enable: 'mask', |
| 47 | 47 |
) |
| 48 | 48 |
} |
| 49 |
it { is_expected.to contain_class('nftables::rules::out::http') }
|
|
| 50 |
it { is_expected.to contain_class('nftables::rules::out::https') }
|
|
| 51 |
it { is_expected.to contain_class('nftables::rules::out::dns') }
|
|
| 52 |
it { is_expected.to contain_class('nftables::rules::out::chrony') }
|
|
| 53 |
it { is_expected.not_to contain_class('nftables::rules::out::all') }
|
|
| 54 |
it { is_expected.not_to contain_nftables__rule('default_out-all') }
|
|
| 55 |
|
|
| 56 |
context 'with out_all set true' do |
|
| 57 |
let(:params) do {
|
|
| 58 |
out_all: true |
|
| 59 |
} |
|
| 60 |
end |
|
| 61 |
|
|
| 62 |
it { is_expected.to contain_class('nftables::rules::out::all') }
|
|
| 63 |
it { is_expected.not_to contain_class('nftables::rules::out::http') }
|
|
| 64 |
it { is_expected.not_to contain_class('nftables::rules::out::https') }
|
|
| 65 |
it { is_expected.not_to contain_class('nftables::rules::out::dns') }
|
|
| 66 |
it { is_expected.not_to contain_class('nftables::rules::out::chrony') }
|
|
| 67 |
it { is_expected.to contain_nftables__rule('default_out-all').with_content('accept') }
|
|
| 68 |
it { is_expected.to contain_nftables__rule('default_out-all').with_order('90') }
|
|
| 69 |
end |
|
| 49 | 70 |
end |
| 50 | 71 |
end |
| 51 | 72 |
end |
Formats disponibles : Unified diff