root / spec / classes / rules / icmp_spec.rb @ eac19d14
Historique | Voir | Annoter | Télécharger (2,78 ko)
| 1 | c82b960a | Steve Traylen | # frozen_string_literal: true
|
|---|---|---|---|
| 2 | |||
| 3 | 79e9a23f | Nacho Barrientos | require 'spec_helper'
|
| 4 | |||
| 5 | describe 'nftables::rules::icmp' do |
||
| 6 | on_supported_os.each do |os, os_facts|
|
||
| 7 | context "on #{os}" do |
||
| 8 | let(:facts) { os_facts }
|
||
| 9 | |||
| 10 | context 'default options' do |
||
| 11 | it { is_expected.to compile }
|
||
| 12 | c82b960a | Steve Traylen | |
| 13 | 79e9a23f | Nacho Barrientos | it {
|
| 14 | c82b960a | Steve Traylen | expect(subject).to contain_nftables__rule('default_in-accept_icmpv4').with(
|
| 15 | 79e9a23f | Nacho Barrientos | content: 'ip protocol icmp accept', |
| 16 | fa92e118 | Romain Tartière | order: '10' |
| 17 | 79e9a23f | Nacho Barrientos | ) |
| 18 | } |
||
| 19 | c82b960a | Steve Traylen | |
| 20 | 79e9a23f | Nacho Barrientos | it {
|
| 21 | c82b960a | Steve Traylen | expect(subject).to contain_nftables__rule('default_in-accept_icmpv6').with(
|
| 22 | 79e9a23f | Nacho Barrientos | content: 'ip6 nexthdr ipv6-icmp accept', |
| 23 | fa92e118 | Romain Tartière | order: '10' |
| 24 | 79e9a23f | Nacho Barrientos | ) |
| 25 | } |
||
| 26 | end
|
||
| 27 | |||
| 28 | context 'with custom ICMP types (v4 only)' do |
||
| 29 | let(:params) do |
||
| 30 | {
|
||
| 31 | v4_types: ['echo-request limit rate 4/second', 'echo-reply'], |
||
| 32 | } |
||
| 33 | end
|
||
| 34 | |||
| 35 | it { is_expected.to compile }
|
||
| 36 | c82b960a | Steve Traylen | |
| 37 | 79e9a23f | Nacho Barrientos | it {
|
| 38 | c82b960a | Steve Traylen | expect(subject).to contain_nftables__rule('default_in-accept_icmpv4_echo_request').with(
|
| 39 | 79e9a23f | Nacho Barrientos | content: 'ip protocol icmp icmp type echo-request limit rate 4/second accept', |
| 40 | fa92e118 | Romain Tartière | order: '10' |
| 41 | 79e9a23f | Nacho Barrientos | ) |
| 42 | } |
||
| 43 | c82b960a | Steve Traylen | |
| 44 | 79e9a23f | Nacho Barrientos | it {
|
| 45 | c82b960a | Steve Traylen | expect(subject).to contain_nftables__rule('default_in-accept_icmpv4_echo_reply').with(
|
| 46 | 79e9a23f | Nacho Barrientos | content: 'ip protocol icmp icmp type echo-reply accept', |
| 47 | fa92e118 | Romain Tartière | order: '10' |
| 48 | 79e9a23f | Nacho Barrientos | ) |
| 49 | } |
||
| 50 | c82b960a | Steve Traylen | |
| 51 | 79e9a23f | Nacho Barrientos | it {
|
| 52 | c82b960a | Steve Traylen | expect(subject).to contain_nftables__rule('default_in-accept_icmpv6').with(
|
| 53 | 79e9a23f | Nacho Barrientos | content: 'ip6 nexthdr ipv6-icmp accept', |
| 54 | fa92e118 | Romain Tartière | order: '10' |
| 55 | 79e9a23f | Nacho Barrientos | ) |
| 56 | } |
||
| 57 | end
|
||
| 58 | |||
| 59 | context 'with custom ICMP types (both v4 and v6)' do |
||
| 60 | let(:params) do |
||
| 61 | {
|
||
| 62 | v4_types: ['echo-request limit rate 4/second', 'echo-reply'], |
||
| 63 | c82b960a | Steve Traylen | v6_types: %w[echo-reply nd-router-advert], |
| 64 | 79e9a23f | Nacho Barrientos | } |
| 65 | end
|
||
| 66 | |||
| 67 | it { is_expected.to compile }
|
||
| 68 | c82b960a | Steve Traylen | |
| 69 | 79e9a23f | Nacho Barrientos | it {
|
| 70 | c82b960a | Steve Traylen | expect(subject).to contain_nftables__rule('default_in-accept_icmpv4_echo_request').with(
|
| 71 | 79e9a23f | Nacho Barrientos | content: 'ip protocol icmp icmp type echo-request limit rate 4/second accept', |
| 72 | fa92e118 | Romain Tartière | order: '10' |
| 73 | 79e9a23f | Nacho Barrientos | ) |
| 74 | } |
||
| 75 | c82b960a | Steve Traylen | |
| 76 | 79e9a23f | Nacho Barrientos | it {
|
| 77 | c82b960a | Steve Traylen | expect(subject).to contain_nftables__rule('default_in-accept_icmpv4_echo_reply').with(
|
| 78 | 79e9a23f | Nacho Barrientos | content: 'ip protocol icmp icmp type echo-reply accept', |
| 79 | fa92e118 | Romain Tartière | order: '10' |
| 80 | 79e9a23f | Nacho Barrientos | ) |
| 81 | } |
||
| 82 | c82b960a | Steve Traylen | |
| 83 | 79e9a23f | Nacho Barrientos | it {
|
| 84 | c82b960a | Steve Traylen | expect(subject).to contain_nftables__rule('default_in-accept_icmpv6_echo_reply').with(
|
| 85 | 79e9a23f | Nacho Barrientos | content: 'ip6 nexthdr ipv6-icmp icmpv6 type echo-reply accept', |
| 86 | fa92e118 | Romain Tartière | order: '10' |
| 87 | 79e9a23f | Nacho Barrientos | ) |
| 88 | } |
||
| 89 | c82b960a | Steve Traylen | |
| 90 | 79e9a23f | Nacho Barrientos | it {
|
| 91 | c82b960a | Steve Traylen | expect(subject).to contain_nftables__rule('default_in-accept_icmpv6_nd_router_advert').with(
|
| 92 | 79e9a23f | Nacho Barrientos | content: 'ip6 nexthdr ipv6-icmp icmpv6 type nd-router-advert accept', |
| 93 | fa92e118 | Romain Tartière | order: '10' |
| 94 | 79e9a23f | Nacho Barrientos | ) |
| 95 | } |
||
| 96 | end
|
||
| 97 | end
|
||
| 98 | end
|
||
| 99 | end |