Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 21:23:29 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/test/cookbooks/os_prepare/recipes/iptables.rb
Lance Albertson 3263d76627 Add ip6tables resource 
This should resolve #1011 which provides an ip6tables resource to test IPv6
iptables rules. This is essentially a copy of the iptables resource with a few
renames.

In addition, I've pulled in the integration tests for iptables into ip6tables
and enabled it on docker so that it properly gets tested regularly. The test
cookbook recipe has been updated to support all of the current platforms that
are being tested.

Signed-off-by: Lance Albertson <lance@osuosl.org>
2019-06-24 17:01:34 -07:00

22 lines
996 B
Ruby
Raw Blame History

if platform_family?("rhel", "debian", "fedora", "amazon", "suse")
package value_for_platform_family(
[ "centos", "oracle"] => [ "iptables", "iptables-ipv6" ],
"default" => [ "iptables" ]
)
# IPv4
execute "iptables -A INPUT -i eth0 -p tcp -m tcp "\
"--dport 80 -m state --state NEW -m comment "\
'--comment "http on 80" -j ACCEPT'
execute "iptables -N derby-cognos-web"
execute "iptables -A INPUT -j derby-cognos-web"
execute "iptables -A derby-cognos-web -p tcp -m tcp --dport 80 "\
'-m comment --comment "derby-cognos-web" -j ACCEPT'
# IPv6
execute "ip6tables -A INPUT -i eth0 -p tcp -m tcp "\
"--dport 80 -m state --state NEW -m comment "\
'--comment "http v6 on 80" -j ACCEPT'
execute "ip6tables -N derby-cognos-web-v6"
execute "ip6tables -A INPUT -j derby-cognos-web-v6"
execute "ip6tables -A derby-cognos-web-v6 -p tcp -m tcp --dport 80 "\
'-m comment --comment "derby-cognos-web-v6" -j ACCEPT'
end
Reference in a new issue View git blame Copy permalink