forked from puppetlabs/puppetlabs-firewall
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirewall_tee_spec.rb
64 lines (56 loc) · 1.83 KB
/
firewall_tee_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
require 'spec_helper_acceptance'
describe 'firewall tee' do
before :all do
iptables_flush_all_tables
ip6tables_flush_all_tables
end
if default['platform'] =~ /ubuntu-1404/ or default['platform'] =~ /ubuntu-1204/ or default['platform'] =~ /debian-7/ or default['platform'] =~ /debian-8/ or default['platform'] =~ /el-7/
describe 'tee_gateway' do
context '10.0.0.2' do
it 'applies' do
pp = <<-EOS
class { '::firewall': }
firewall {
'810 - tee_gateway':
chain => 'PREROUTING',
table => 'mangle',
jump => 'TEE',
gateway => '10.0.0.2',
proto => all,
}
EOS
apply_manifest(pp, :catch_failures => true)
end
it 'should contain the rule' do
shell('iptables-save -t mangle') do |r|
expect(r.stdout).to match(/-A PREROUTING -m comment --comment "810 - tee_gateway" -j TEE --gateway 10.0.0.2/)
end
end
end
end
describe 'tee_gateway6' do
context '2001:db8::1' do
it 'applies' do
pp = <<-EOS
class { '::firewall': }
firewall {
'811 - tee_gateway6':
chain => 'PREROUTING',
table => 'mangle',
jump => 'TEE',
gateway => '2001:db8::1',
proto => all,
provider => 'ip6tables',
}
EOS
apply_manifest(pp, :catch_failures => true)
end
it 'should contain the rule' do
shell('ip6tables-save -t mangle') do |r|
expect(r.stdout).to match(/-A PREROUTING -m comment --comment "811 - tee_gateway6" -j TEE --gateway 2001:db8::1/)
end
end
end
end
end
end