You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

29 lines
1.6 KiB

describe iptables do
it { should have_rule("-P INPUT ACCEPT") }
it { should have_rule("-P FORWARD DROP") }
it { should have_rule("-P OUTPUT ACCEPT") }
it { should have_rule("-N http_public") }
it { should have_rule("-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT") }
it { should have_rule("-A INPUT -s 127.0.0.0/8 -j ACCEPT") }
it { should have_rule("-A INPUT -m set --match-set management-ipv4 src -j ACCEPT") }
it { should have_rule("-A INPUT -j http_public") }
it { should have_rule("-A http_public -p tcp -m tcp --dport 80 -j ACCEPT") }
it { should have_rule("-A http_public -p tcp -m tcp --dport 443 -j ACCEPT") }
end
describe ip6tables do
it { should have_rule("-P INPUT ACCEPT") }
it { should have_rule("-P FORWARD DROP") }
it { should have_rule("-P OUTPUT ACCEPT") }
it { should have_rule("-N http_public") }
it { should have_rule("-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT") }
it { should have_rule("-A INPUT -s ::1/128 -j ACCEPT") }
it { should have_rule("-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT") }
it { should have_rule("-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT") }
it { should have_rule("-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT") }
it { should have_rule("-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT") }
it { should have_rule("-A INPUT -m set --match-set management-ipv6 src -j ACCEPT") }
it { should have_rule("-A INPUT -j http_public") }
it { should have_rule("-A http_public -p tcp -m tcp --dport 80 -j ACCEPT") }
it { should have_rule("-A http_public -p tcp -m tcp --dport 443 -j ACCEPT") }
end