aboutsummaryrefslogtreecommitdiff
path: root/spec/classes/ferm_spec.rb
AgeCommit message (Collapse)Author
2019-09-13fix kernel incompatibilitiesThore Bödecker
Certain kernel modules and thus iptables functionality was introduced at later releases, so we need to properly reflect that in our default chain initialization procedure. `INPUT` chain for `nat` table was introduced with 2.6.36 `ip6table_nat` kernel module for NAT functionality with IPv6 was introduced with 3.17 This commit implements the required conditional constraints and includes the rspec tests to validate it.
2019-09-12readd Debian 9/10 supportTim Meusel
2019-09-11add ability to define rules in tables != filterThore Bödecker
Previously it was neither possible to properly define custom chains nor to define rules in tables other than the default filter table. For various legitimate reasons it can be required to define rules in the raw, nat or mangle tables, e.g. to use NOTRACK or to configure DNAT/SNAT/MASQUERADE. Additionally it might come in handy to define custom chains to group certain rules and allow a more efficient evaluation for incoming packets by not cramming all rules into the filter/INPUT chain so that (worst-case) all packets need to traverse and evaluate all rules. I have tried to maintain backwards compatibility and to not change default filenames/paths so that it won't result in leftover obsolete unmaged files from previous versions of this module. In order to improve the naming schema the rule $policy has been renamed to $action, however both parameters are available and optional now, with some sanity checks that require at most one of them and issueing a warning() for users of the now deprecated $policy parameter. All previous tests have been adapted to the changes, a long with an additional set of tests for the new feature. Fixes #61
2019-09-02allow preserving of chains in tablesThore Bödecker
2019-09-01Add Debian 10 support & make configdirectory configureableTim Meusel
2019-04-05add test for RedHat-like to contain init scriptKilian Engelhardt
2018-07-11rubocop: autofixTim Meusel
2018-07-11disable rule caching on ubuntuTim Meusel
Fixes #16. Ubuntu caches rules. This doesn't allow us to reload the daemon and to apply new rules. Also this is a ubuntu only feature, it works well on all other platforms without cache.
2018-07-11add official ubuntu supportTim Meusel
2018-03-15initial commitTim Meusel