diff options
| author | Thore Bödecker <me@foxxx0.de> | 2019-09-13 12:15:19 +0200 |
|---|---|---|
| committer | Thore Bödecker <me@foxxx0.de> | 2019-09-13 12:48:40 +0200 |
| commit | 3117ba0822e5472b9aa2a3e6e6ef4c43ea4c6565 (patch) | |
| tree | 1e8f31e85edaa9c7aeec9fae4718e9130d156be3 /spec/classes | |
| parent | 1d02a062e30ffdc94a739a7280a4b124c329620d (diff) | |
| download | puppet-ferm-3117ba0822e5472b9aa2a3e6e6ef4c43ea4c6565.tar.gz puppet-ferm-3117ba0822e5472b9aa2a3e6e6ef4c43ea4c6565.tar.bz2 | |
fix kernel incompatibilities
Certain kernel modules and thus iptables functionality was introduced at
later releases, so we need to properly reflect that in our default chain
initialization procedure.
`INPUT` chain for `nat` table was introduced with 2.6.36
`ip6table_nat` kernel module for NAT functionality with IPv6 was
introduced with 3.17
This commit implements the required conditional constraints and includes
the rspec tests to validate it.
Diffstat (limited to 'spec/classes')
| -rw-r--r-- | spec/classes/ferm_spec.rb | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/spec/classes/ferm_spec.rb b/spec/classes/ferm_spec.rb index 3257fca..d400a7b 100644 --- a/spec/classes/ferm_spec.rb +++ b/spec/classes/ferm_spec.rb @@ -67,7 +67,11 @@ describe 'ferm' do it { is_expected.to contain_concat__fragment('raw-PREROUTING-config-include') } it { is_expected.to contain_concat__fragment('raw-OUTPUT-config-include') } it { is_expected.to contain_concat__fragment('nat-PREROUTING-config-include') } - it { is_expected.to contain_concat__fragment('nat-INPUT-config-include') } + if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') + it { is_expected.to contain_concat__fragment('nat-INPUT-config-include') } + else + it { is_expected.not_to contain_concat__fragment('nat-INPUT-config-include') } + end it { is_expected.to contain_concat__fragment('nat-OUTPUT-config-include') } it { is_expected.to contain_concat__fragment('nat-POSTROUTING-config-include') } it { is_expected.to contain_concat__fragment('mangle-PREROUTING-config-include') } @@ -91,7 +95,11 @@ describe 'ferm' do it { is_expected.to contain_concat__fragment('raw-PREROUTING-policy') } it { is_expected.to contain_concat__fragment('raw-OUTPUT-policy') } it { is_expected.to contain_concat__fragment('nat-PREROUTING-policy') } - it { is_expected.to contain_concat__fragment('nat-INPUT-policy') } + if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') + it { is_expected.to contain_concat__fragment('nat-INPUT-policy') } + else + it { is_expected.not_to contain_concat__fragment('nat-INPUT-policy') } + end it { is_expected.to contain_concat__fragment('nat-OUTPUT-policy') } it { is_expected.to contain_concat__fragment('nat-POSTROUTING-policy') } it { is_expected.to contain_concat__fragment('mangle-PREROUTING-policy') } @@ -106,7 +114,11 @@ describe 'ferm' do it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-PREROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-PREROUTING.conf') } - it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-INPUT.conf') } + if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') + it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-INPUT.conf') } + else + it { is_expected.not_to contain_concat('/etc/ferm/ferm.d/chains/nat-INPUT.conf') } + end it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-POSTROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/mangle-PREROUTING.conf') } @@ -121,7 +133,11 @@ describe 'ferm' do it { is_expected.to contain_concat('/etc/ferm.d/chains/raw-PREROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/raw-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-PREROUTING.conf') } - it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-INPUT.conf') } + if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') + it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-INPUT.conf') } + else + it { is_expected.not_to contain_concat('/etc/ferm.d/chains/nat-INPUT.conf') } + end it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-POSTROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/mangle-PREROUTING.conf') } @@ -136,7 +152,11 @@ describe 'ferm' do it { is_expected.to contain_ferm__chain('raw-PREROUTING') } it { is_expected.to contain_ferm__chain('raw-OUTPUT') } it { is_expected.to contain_ferm__chain('nat-PREROUTING') } - it { is_expected.to contain_ferm__chain('nat-INPUT') } + if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') + it { is_expected.to contain_ferm__chain('nat-INPUT') } + else + it { is_expected.not_to contain_ferm__chain('nat-INPUT') } + end it { is_expected.to contain_ferm__chain('nat-OUTPUT') } it { is_expected.to contain_ferm__chain('nat-POSTROUTING') } it { is_expected.to contain_ferm__chain('mangle-PREROUTING') } |