Révision fcb79d73
support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid
namespace conflicts
| spec/classes/rules/qemu_spec.rb | ||
|---|---|---|
| 4 | 4 |
on_supported_os.each do |os, os_facts| |
| 5 | 5 |
context "on #{os}" do
|
| 6 | 6 |
let(:facts) { os_facts }
|
| 7 |
let(:pre_condition) { 'include nftables' }
|
|
| 7 | 8 |
|
| 8 | 9 |
context 'default options' do |
| 9 | 10 |
it { is_expected.to compile }
|
| ... | ... | |
| 77 | 78 |
end |
| 78 | 79 |
|
| 79 | 80 |
it { is_expected.to compile }
|
| 80 |
it { is_expected.to have_resource_count(0) }
|
|
| 81 |
it { is_expected.not_to contain_nftables__rule('default_in-qemu_udp_dns') }
|
|
| 82 |
it { is_expected.not_to contain_nftables__rule('default_in-qemu_tcp_dns') }
|
|
| 83 |
it { is_expected.not_to contain_nftables__rule('default_in-qemu_dhcpv4') }
|
|
| 84 |
it { is_expected.not_to contain_nftables__rule('default_fwd-qemu_oip_v4') }
|
|
| 85 |
it { is_expected.not_to contain_nftables__rule('default_fwd-qemu_iip_v4') }
|
|
| 86 |
it { is_expected.not_to contain_nftables__rule('default_fwd-qemu_io_internal') }
|
|
| 87 |
it { is_expected.not_to contain_nftables__rule('POSTROUTING-qemu_ignore_multicast') }
|
|
| 88 |
it { is_expected.not_to contain_nftables__rule('POSTROUTING-qemu_ignore_broadcast') }
|
|
| 89 |
it { is_expected.not_to contain_nftables__rule('POSTROUTING-qemu_masq_tcp') }
|
|
| 90 |
it { is_expected.not_to contain_nftables__rule('POSTROUTING-qemu_masq_udp') }
|
|
| 91 |
it { is_expected.not_to contain_nftables__rule('POSTROUTING-qemu_masq_ip') }
|
|
| 81 | 92 |
end |
| 82 | 93 |
|
| 83 | 94 |
context 'ipv6 prefix' do |
Formats disponibles : Unified diff