ExternalMirrors
/
firewalld-formula
зеркало из https://github.com/saltstack-formulas/firewalld-formula
Следить 1
В избранное 0
Форкнуть 1
Код Задачи 0 Релизы 14 Вики Активность
Saltstack Official FirewallD Formula
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
160 коммитов
1 ветка
Дерево: 0bb7751957
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '0bb7751957'
${ noResults }
firewalld-formula/test/integration/default/controls/zones_spec.rb

zones_spec.rb 2.5KB
Исходник Normal View История

test(zones_spec): check content of rendered zone files
4 лет назад
feat(zone.xml): allow to rate limit 'accept' in rich rules The current rich_rule macro is supporting to set if the connection should be accepted or rejected or dropped but doesn't support setting rate limiting in the 'accept' case. Add code for that. Signed-off-by: Arnaud Patard <apatard@hupstream.com>
3 лет назад
test(zones_spec): check content of rendered zone files
4 лет назад
feat(pillar.example,test/): add example and test for richrule ratelimit Document and test the accept rate limiting of the rich rule. Signed-off-by: Arnaud Patard <apatard@hupstream.com>
3 лет назад
test(zones_spec): check content of rendered zone files
4 лет назад
feat(zone.xml): allow to rate limit 'accept' in rich rules The current rich_rule macro is supporting to set if the connection should be accepted or rejected or dropped but doesn't support setting rate limiting in the 'accept' case. Add code for that. Signed-off-by: Arnaud Patard <apatard@hupstream.com>
3 лет назад
test(zones_spec): check content of rendered zone files
4 лет назад
feat(zone.xml): allow to rate limit 'accept' in rich rules The current rich_rule macro is supporting to set if the connection should be accepted or rejected or dropped but doesn't support setting rate limiting in the 'accept' case. Add code for that. Signed-off-by: Arnaud Patard <apatard@hupstream.com>
3 лет назад
test(zones_spec): check content of rendered zone files
4 лет назад
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. # frozen_string_literal: true

  2. 

  3. control 'zones/public.xml configuration' do

  4.   title 'should match desired lines'

  5. 

  6.   describe file('/etc/firewalld/zones/public.xml') do

  7.     it { should be_file }

  8.     it { should be_owned_by 'root' }

  9.     it { should be_grouped_into 'root' }

  10.     its('mode') { should cmp '0644' }

  11.     its('content') do

  12.       should include <<~ZONE_XML

  13.         <zone>

  14.           <short>Public</short>

  15.           <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>

  16.           <service name="zabbixcustom" />

  17.           <service name="http" />

  18.           <service name="https" />

  19.           <service name="ssh" />

  20.           <service name="salt-minion" />

  21.           <!-- zabbix-agent -->

  22.           <port port="10050" protocol="tcp" />

  23.           <!-- bacula-client -->

  24.           <port port="9102" protocol="tcp" />

  25.           <!-- vsftpd -->

  26.           <port port="21" protocol="tcp" />

  27.           <protocol value="igmp" />

  28.           <!-- something -->

  29.           <source-port port="2222" protocol="tcp" />

  30.           <!-- something_else -->

  31.           <source-port port="4444" protocol="tcp" />

  32.           <rule family="ipv4">

  33.             <source address="8.8.8.8/24" />

  34.             <accept></accept>

  35.           </rule>

  36.           <rule family="ipv4">

  37.             <source ipset="fail2ban-ssh" />

  38.             <reject type="icmp-port-unreachable" />

  39.           </rule>

  40.           <rule>

  41.             <service name="http" />

  42.             <log prefix="http fw limit 3/m" level="warning">

  43.               <limit value="3/m"/>

  44.             </log>

  45.             <accept> <limit value="3/m"/></accept>

  46.           </rule>

  47.         </zone>

  48.       ZONE_XML

  49.     end

  50.   end

  51. end

  52. 

  53. control 'zones/rich_public.xml configuration' do

  54.   title 'should match desired lines'

  55. 

  56.   describe file('/etc/firewalld/zones/rich_public.xml') do

  57.     it { should be_file }

  58.     it { should be_owned_by 'root' }

  59.     it { should be_grouped_into 'root' }

  60.     its('mode') { should cmp '0644' }

  61.     its('content') do

  62.       should include <<~ZONE_XML

  63.         <zone>

  64.           <short>rich_public</short>

  65.           <description>Example</description>

  66.           <rule>

  67.             <source ipset="fail2ban-ssh" />

  68.             <service name="ssh" />

  69.             <accept></accept>

  70.           </rule>

  71.           <rule>

  72.             <source ipset="other-ipset" />

  73.             <service name="ssh" />

  74.             <accept></accept>

  75.           </rule>

  76.         </zone>

  77.       ZONE_XML

  78.     end

  79.   end

  80. end