ExternalMirrors
/
firewalld-formula
镜像来自 https://github.com/saltstack-formulas/firewalld-formula
關注 1
收藏 0
複製 1
程式碼 問題 0 版本發佈 14 Wiki 活動
Saltstack Official FirewallD Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
149 提交
1 分支
目錄樹: a647d6d9a3
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 'a647d6d9a3'
${ noResults }
firewalld-formula/test/integration/default/controls/zones_spec.rb

74 line
2.2KB
原始文件 Blame 歷史記錄 

  1. # frozen_string_literal: true

  2. 

  3. control 'zones/public.xml configuration' do

  4.   title 'should match desired lines'

  5. 

  6.   describe file('/etc/firewalld/zones/public.xml') do

  7.     it { should be_file }

  8.     it { should be_owned_by 'root' }

  9.     it { should be_grouped_into 'root' }

  10.     its('mode') { should cmp '0644' }

  11.     its('content') do

  12.       should include <<~ZONE_XML

  13.         <zone>

  14.           <short>Public</short>

  15.           <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>

  16.           <service name="zabbixcustom" />

  17.           <service name="http" />

  18.           <service name="https" />

  19.           <service name="ssh" />

  20.           <service name="salt-minion" />

  21.           <!-- zabbix-agent -->

  22.           <port port="10050" protocol="tcp" />

  23.           <!-- bacula-client -->

  24.           <port port="9102" protocol="tcp" />

  25.           <!-- vsftpd -->

  26.           <port port="21" protocol="tcp" />

  27.           <protocol value="igmp" />

  28.           <!-- something -->

  29.           <source-port port="2222" protocol="tcp" />

  30.           <!-- something_else -->

  31.           <source-port port="4444" protocol="tcp" />

  32.           <rule family="ipv4">

  33.             <source address="8.8.8.8/24" />

  34.             <accept/>

  35.           </rule>

  36.           <rule family="ipv4">

  37.             <source ipset="fail2ban-ssh" />

  38.             <reject type="icmp-port-unreachable" />

  39.           </rule>

  40.         </zone>

  41.       ZONE_XML

  42.     end

  43.   end

  44. end

  45. 

  46. control 'zones/rich_public.xml configuration' do

  47.   title 'should match desired lines'

  48. 

  49.   describe file('/etc/firewalld/zones/rich_public.xml') do

  50.     it { should be_file }

  51.     it { should be_owned_by 'root' }

  52.     it { should be_grouped_into 'root' }

  53.     its('mode') { should cmp '0644' }

  54.     its('content') do

  55.       should include <<~ZONE_XML

  56.         <zone>

  57.           <short>rich_public</short>

  58.           <description>Example</description>

  59.           <rule>

  60.             <source ipset="fail2ban-ssh" />

  61.             <service name="ssh" />

  62.             <accept/>

  63.           </rule>

  64.           <rule>

  65.             <source ipset="other-ipset" />

  66.             <service name="ssh" />

  67.             <accept/>

  68.           </rule>

  69.         </zone>

  70.       ZONE_XML

  71.     end

  72.   end

  73. end