Robert Kaussow
c1055899fb
All checks were successful
continuous-integration/drone/push Build is passing
Co-authored-by: Robert Kaussow <xoxys@rknet.org> Co-committed-by: Robert Kaussow <xoxys@rknet.org>
33 lines
1.1 KiB
Python
33 lines
1.1 KiB
Python
import os
|
|
|
|
import testinfra.utils.ansible_runner
|
|
|
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|
os.environ["MOLECULE_INVENTORY_FILE"]
|
|
).get_hosts("all")
|
|
|
|
|
|
def test_iptables_is_installed(host):
|
|
iptables = host.package("iptables")
|
|
assert iptables.is_installed
|
|
|
|
|
|
def test_iptables_running_and_enabled(host):
|
|
iptables = host.service("iptables")
|
|
assert iptables.is_running
|
|
assert iptables.is_enabled
|
|
|
|
|
|
def test_iptables_default_rules(host):
|
|
defaults = [
|
|
'-P INPUT ACCEPT',
|
|
'-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
|
|
'-A INPUT -i lo -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
|
|
'-A INPUT -p icmp -m icmp --icmp-type 8 -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
|
|
'-A INPUT -p tcp -m tcp --dport 22 -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
|
|
'-A INPUT -m comment --comment "ansible[iptables_default_tail]" -j REJECT --reject-with icmp-port-unreachable'
|
|
]
|
|
|
|
rules = host.iptables.rules("filter", "INPUT")
|
|
assert defaults == rules
|