Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-12-15 07:42:46 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/test/kitchen/policies/default/controls/ip6tables_spec.rb

24 lines
1.1 KiB
Ruby
Raw Normal View History

Add ip6tables resource This should resolve #1011 which provides an ip6tables resource to test IPv6 iptables rules. This is essentially a copy of the iptables resource with a few renames. In addition, I've pulled in the integration tests for iptables into ip6tables and enabled it on docker so that it properly gets tested regularly. The test cookbook recipe has been updated to support all of the current platforms that are being tested. Signed-off-by: Lance Albertson <lance@osuosl.org>
2019-06-23 00:35:32 +00:00
case os[:family]
when 'ubuntu', 'fedora', 'debian', 'suse'
describe ip6tables do
it { should have_rule('-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW -m comment --comment "http v6 on 80" -j ACCEPT') }
it { should_not have_rule('-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT') }
# single-word comments have their quotes dropped
it { should have_rule('-A derby-cognos-web-v6 -p tcp -m tcp --dport 80 -m comment --comment derby-cognos-web-v6 -j ACCEPT') }
end
when 'redhat', 'centos'
describe ip6tables do
it { should have_rule('-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW -m comment --comment "http v6 on 80" -j ACCEPT') }
it { should_not have_rule('-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT') }
end
describe ip6tables do
it { should have_rule('-A derby-cognos-web-v6 -p tcp -m tcp --dport 80 -m comment --comment "derby-cognos-web-v6" -j ACCEPT') }
end if os[:release] == 6
describe ip6tables do
it { should have_rule('-A derby-cognos-web-v6 -p tcp -m tcp --dport 80 -m comment --comment derby-cognos-web-v6 -j ACCEPT') }
end if os[:release] == 7
end
Reference in a new issue Copy permalink