inspec/test/integration/default/controls/iptables_spec.rb
Lance Albertson 3263d76627 Add ip6tables resource
This should resolve #1011 which provides an ip6tables resource to test IPv6
iptables rules. This is essentially a copy of the iptables resource with a few
renames.

In addition, I've pulled in the integration tests for iptables into ip6tables
and enabled it on docker so that it properly gets tested regularly. The test
cookbook recipe has been updated to support all of the current platforms that
are being tested.

Signed-off-by: Lance Albertson <lance@osuosl.org>
2019-06-24 17:01:34 -07:00

23 lines
1.1 KiB
Ruby

case os[:family]
when 'ubuntu', 'fedora', 'debian', 'suse'
describe iptables do
it { should have_rule('-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW -m comment --comment "http on 80" -j ACCEPT') }
it { should_not have_rule('-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT') }
# single-word comments have their quotes dropped
it { should have_rule('-A derby-cognos-web -p tcp -m tcp --dport 80 -m comment --comment derby-cognos-web -j ACCEPT') }
end
when 'redhat', 'centos'
describe iptables do
it { should have_rule('-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW -m comment --comment "http on 80" -j ACCEPT') }
it { should_not have_rule('-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT') }
end
describe iptables do
it { should have_rule('-A derby-cognos-web -p tcp -m tcp --dport 80 -m comment --comment "derby-cognos-web" -j ACCEPT') }
end if os[:release] == 6
describe iptables do
it { should have_rule('-A derby-cognos-web -p tcp -m tcp --dport 80 -m comment --comment derby-cognos-web -j ACCEPT') }
end if os[:release] == 7
end