ExternalMirrors
/
firewalld-formula
mirror of https://github.com/saltstack-formulas/firewalld-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 14 Wiki Activity
Saltstack Official FirewallD Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
181 Commits
1 Branch
Tree: c7072b8776
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c7072b8776'
${ noResults }
firewalld-formula/test/integration/default/controls/zones_spec.rb

86 lines
2.6KB
Raw Blame History 

  1. # frozen_string_literal: true

  2. 

  3. control 'zones/public.xml configuration' do

  4.   title 'should match desired lines'

  5. 

  6.   describe file('/etc/firewalld/zones/public.xml') do

  7.     it { should be_file }

  8.     it { should be_owned_by 'root' }

  9.     it { should be_grouped_into 'root' }

  10.     its('mode') { should cmp '0644' }

  11.     its('content') do

  12.       should include <<~ZONE_XML

  13.         <zone>

  14.           <short>Public</short>

  15.           <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>

  16.           <service name="zabbixcustom" />

  17.           <service name="http" />

  18.           <service name="https" />

  19.           <service name="ssh" />

  20.           <service name="salt-minion" />

  21.           <!-- zabbix-agent -->

  22.           <port port="10050" protocol="tcp" />

  23.           <!-- bacula-client -->

  24.           <port port="9102" protocol="tcp" />

  25.           <!-- vsftpd -->

  26.           <port port="21" protocol="tcp" />

  27.           <protocol value="igmp" />

  28.           <!-- something -->

  29.           <source-port port="2222" protocol="tcp" />

  30.           <!-- something_else -->

  31.           <source-port port="4444" protocol="tcp" />

  32.           <rule family="ipv4">

  33.             <source address="8.8.8.8/24" />

  34.             <accept></accept>

  35.           </rule>

  36.           <rule family="ipv4">

  37.             <source ipset="fail2ban-ssh" />

  38.             <reject type="icmp-port-unreachable" />

  39.           </rule>

  40.           <rule>

  41.             <service name="http" />

  42.             <log prefix="http fw limit 3/m" level="warning">

  43.               <limit value="3/m"/>

  44.             </log>

  45.             <accept> <limit value="3/m"/></accept>

  46.           </rule>

  47.         </zone>

  48.       ZONE_XML

  49.     end

  50.   end

  51. end

  52. 

  53. control 'zones/rich_public.xml configuration' do

  54.   title 'should match desired lines'

  55. 

  56.   describe file('/etc/firewalld/zones/rich_public.xml') do

  57.     it { should be_file }

  58.     it { should be_owned_by 'root' }

  59.     it { should be_grouped_into 'root' }

  60.     its('mode') { should cmp '0644' }

  61.     its('content') do

  62.       should include <<~ZONE_XML

  63.         <zone>

  64.           <short>rich_public</short>

  65.           <description>Example</description>

  66.           <rule priority="15">

  67.             <source ipset="other-ipset" />

  68.             <service name="http" />

  69.             <accept></accept>

  70.           </rule>

  71.           <rule>

  72.             <source ipset="fail2ban-ssh" />

  73.             <service name="ssh" />

  74.             <accept></accept>

  75.           </rule>

  76.           <rule>

  77.             <source ipset="other-ipset" />

  78.             <service name="ssh" />

  79.             <accept></accept>

  80.           </rule>

  81.         </zone>

  82.       ZONE_XML

  83.     end

  84.   end

  85. end