You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

31 lines
2.8 KiB

describe iptables do
it { should have_rule "-A DOCKER-USER -p udp -m set --match-set management-ipv4 src -m udp --dport 3478 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv4 src -m tcp --dport 6789 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv4 src -m tcp --dport 8843 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv4 src -m tcp --dport 8880 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv4 src -m tcp --dport 1883 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv4 src -m tcp --dport 1884 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv4 src -m tcp --dport 8443 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv4 src -m tcp --dport 9090 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set minions-ipv4 src -m tcp --dport 9001 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m tcp --dport 4883 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m tcp --dport 4884 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m tcp --dport 8080 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -j DROP" }
end
describe ip6tables do
it { should have_rule "-A DOCKER-USER -p udp -m set --match-set management-ipv6 src -m udp --dport 3478 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv6 src -m tcp --dport 6789 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv6 src -m tcp --dport 8843 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv6 src -m tcp --dport 8880 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv6 src -m tcp --dport 8443 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv6 src -m tcp --dport 9090 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv6 src -m tcp --dport 1884 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set management-ipv6 src -m tcp --dport 1883 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m set --match-set minions-ipv6 src -m tcp --dport 9001 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m tcp --dport 4884 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m tcp --dport 4883 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -p tcp -m tcp --dport 8080 -j ACCEPT" }
it { should have_rule "-A DOCKER-USER -j DROP" }
end