2019-09-18 11:29:48 +02:00
|
|
|
import os
|
|
|
|
|
|
|
|
|
|
import testinfra.utils.ansible_runner
|
|
|
|
|
|
|
|
|
|
import warnings
|
|
|
|
|
warnings.filterwarnings("ignore", category=DeprecationWarning)
|
|
|
|
|
|
|
|
|
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|
|
|
|
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_iptables_is_installed(host):
|
|
|
|
|
iptables = host.package("iptables")
|
|
|
|
|
assert iptables.is_installed
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_iptables_running_and_enabled(host):
|
|
|
|
|
iptables = host.service("iptables")
|
|
|
|
|
assert iptables.is_running
|
|
|
|
|
assert iptables.is_enabled
|
|
|
|
|
|
|
|
|
|
|
2019-09-18 11:55:28 +02:00
|
|
|
def test_iptables_default_rules(host):
|
2019-09-18 11:29:48 +02:00
|
|
|
defaults = [
|
|
|
|
|
"-P INPUT ACCEPT",
|
|
|
|
|
"-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT",
|
|
|
|
|
"-A INPUT -i lo -j ACCEPT",
|
|
|
|
|
"-A INPUT -p icmp --icmp-type echo-request -j ACCEPT",
|
|
|
|
|
"-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT",
|
|
|
|
|
"-A INPUT -j REJECT"
|
|
|
|
|
]
|
|
|
|
|
|
2019-09-18 12:53:57 +02:00
|
|
|
rules = host.iptables.rules("filter", "INPUT")
|
2019-09-18 12:01:07 +02:00
|
|
|
assert defaults == rules
|
