internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-06 21:32:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

ufw: allow to insert rules relative to first/last IPv4/IPv6 rules (#49796)

Browse Source 
* Insert should have type int.

* Add insert_relative_to option.

* Add changelog.

* Add tests.

* Improve comment.
This commit is contained in:
Felix Fontein
2019-02-12 09:05:14 +01:00
committed by John R Barker
parent 2e3964b474
commit 09f78d2f6c
4 changed files with 166 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
test/integration/targets/ufw/tasks/run-test.yml
View File

@@ -16,3 +16,6 @@
state: disabled
- name: "Loading tasks from {{ item }}"
include_tasks: "{{ item }}"
- name: Reset to factory defaults
ufw:
state: reset

80
test/integration/targets/ufw/tasks/tests/insert_relative_to.yml Normal file
View File

@@ -0,0 +1,80 @@
---
- name: Enable
ufw:
state: enabled
register: enable
# ## CREATE RULES ############################
- name: ipv4
ufw:
rule: deny
port: 22
to_ip: 0.0.0.0
- name: ipv4
ufw:
rule: deny
port: 23
to_ip: 0.0.0.0
- name: ipv6
ufw:
rule: deny
port: 122
to_ip: "::"
- name: ipv6
ufw:
rule: deny
port: 123
to_ip: "::"
- name: first-ipv4
ufw:
rule: deny
port: 10
to_ip: 0.0.0.0
insert: 0
insert_relative_to: first-ipv4
- name: last-ipv4
ufw:
rule: deny
port: 11
to_ip: 0.0.0.0
insert: 0
insert_relative_to: last-ipv4
- name: first-ipv6
ufw:
rule: deny
port: 110
to_ip: "::"
insert: 0
insert_relative_to: first-ipv6
- name: last-ipv6
ufw:
rule: deny
port: 111
to_ip: "::"
insert: 0
insert_relative_to: last-ipv6
# ## CHECK RESULT ############################
- name: Get rules
shell: |
ufw status | grep DENY | cut -f 1-2 -d ' ' | grep -E "^(0\.0\.0\.0|::) [123]+"
# Note that there was also a rule "ff02::fb mDNS" on at least one CI run;
# to ignore these, the extra filtering (grepping for DENY and the regex) makes
# sure to remove all rules not added here.
register: ufw_status
- assert:
that:
- ufw_status.stdout_lines == expected_stdout
vars:
expected_stdout:
- "0.0.0.0 10"
- "0.0.0.0 22"
- "0.0.0.0 11"
- "0.0.0.0 23"
- ":: 110"
- ":: 122"
- ":: 111"
- ":: 123"