search

rtkwlf / cookbook-simple-iptables

Simple Chef iptables cookbook
86 stars 63 forks source link

Support for IPv6 #56

Closed chantra closed 10 years ago

chantra commented 10 years ago

Passing the test is pending on serverspec/specinfra#210 serverspec/serverspec#469

-----> Starting Kitchen (v1.2.2.dev) -----> Verifying ... Removing /tmp/busser/suites/serverspec Uploading /tmp/busser/suites/serverspec/list_of_tables_spec.rb (mode=0644) -----> Running serverspec test suite /opt/chef/embedded/bin/ruby -I/tmp/busser/suites/serverspec -S /opt/chef/embedded/bin/rspec /tmp/busser/suites/ serverspec/list_of_tables_spec.rb --color --format documentation

   iptables
     should have rule "-A INPUT -j simple_rule"
     should have rule "-A simple_rule -p tcp -m tcp --dport 80 -j ACCEPT"
     should have rule "-A INPUT -p tcp -m tcp --dport 81 -j ACCEPT"
     should have rule "-A FORWARD -p tcp -m tcp --dport 82 -j ACCEPT"
     should have rule "-A INPUT -m state --state NEW -j jump_with_rule"
     should have rule "-A jump_with_rule -p tcp -m tcp --dport 83 -j ACCEPT"
     should have rule "-A array_of_rules -p tcp -m tcp --dport 84 -j ACCEPT"
     should have rule "-A array_of_rules -p tcp -m tcp --dport 85 -j ACCEPT"
     should have rule "-A INPUT -j array_of_rules"
     should not have rule "*nat"
     should have rule "*mangle"
     should have rule "*filter"
     should not have rule "*raw"

   ip6tables
     should have rule "-A INPUT -j simple_rule"
     should have rule "-A simple_rule -p tcp -m tcp --dport 80 -j ACCEPT"
     should have rule "-A INPUT -p tcp -m tcp --dport 81 -j ACCEPT"
     should not have rule "-A FORWARD -p tcp -m tcp --dport 82 -j ACCEPT"
     should not have rule "-A INPUT -m state --state NEW -j jump_with_rule"
     should not have rule "-A jump_with_rule -p tcp -m tcp --dport 83 -j ACCEPT"
     should have rule "-A array_of_rules -p tcp -m tcp --dport 84 -j ACCEPT"
     should have rule "-A array_of_rules -p tcp -m tcp --dport 85 -j ACCEPT"
     should have rule "-A INPUT -j array_of_rules"
     should not have rule "*nat"
     should have rule "*mangle"
     should have rule "*filter"
     should not have rule "*raw"

   Finished in 0.23916 seconds
   26 examples, 0 failures
   Finished verifying <ipv6-list-of-tables-centos-65> (0m1.63s).

-----> Kitchen is finished. (0m2.37s)

chantra commented 10 years ago

specinfra and serverspec have merged the PR, tests are now passing out of the box when using kitchen test

rtkrruvinskiy commented 10 years ago

Chantra, thanks a lot for your contribution! Looks really good, aside from the one comment that I made.

chantra commented 10 years ago

@rtkrruvinskiy I have just refactored the code in chantra/cookbook-simple-iptables@1a37646376fa54d5b7ef5499e5018cb3f0655724