Commit graph

7 commits

Author SHA1 Message Date
Hans Jerry Illikainen
a0b8b85fa5 ufw: add support for interface_in and interface_out (#65382)
* ufw: escalate privileges in integration tests

A few of the integration tests for the UFW module forgot to `become`.
This is problematic if the test suite is executed as a non-privileged
user.  This commit amends that by adding `become` when appropriate.

* ufw: add unit tests for direction and interface

Extend the unit tests for the UFW module to test the `direction` and
`interface` parameters.  This will help in the implementation of a fix
for issue #63903.

* ufw: add support for interface_in and interface_out

The UFW module has support for specifying `direction` and `interface`
for UFW rules.  Rules with these parameters are built such that
per-interface filtering only apply to a single direction based on the
value of `direction`.

Not being able to specify multiple interfaces complicates things for
`routed` rules where one might want to apply filtering only for a
specific combination of `in` and `out` interfaces.

This commit introduces two new parameters to the UFW module:
`interface_in` and `interface_out`.  These rules are mutually exclusive
with the old `direction` and `interface` parameter because of the
ambiguity of having e.g.:

    direction: XXX
    interface: foo
    interface_XXX: bar

Fixes #63903
2019-12-02 08:01:44 +01:00
Felix Fontein
7d2e4dd2fd ufw: fix default (again) (#55004) 2019-04-11 00:06:53 +02:00
Felix Fontein
7d27348356 ufw: fix default, direction is not necessary for it (#54799)
* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.
2019-04-08 08:49:35 -04:00
Felix Fontein
09f78d2f6c ufw: allow to insert rules relative to first/last IPv4/IPv6 rules (#49796)
* Insert should have type int.

* Add insert_relative_to option.

* Add changelog.

* Add tests.

* Improve comment.
2019-02-12 08:05:14 +00:00
Jérôme BAROTIN
b99de25f32 Enable changed var with ufw check mode (#49948)
* Enable 'changed' var with ufw check mode

* Fix from comment of the PR + Unit Test

* Fix on ufw module after the second review

- delete rules change works in check mode
- simplify execute def & use it on every call process
- improved regexp
- rename vars defaults to current_default_values

* Add ignore error to execute() and use it in get_current_rules()

* Update after third code review (introduce change in changed status)

* Adjust tests and fix some problems (#1)

* 'active' also appears in 'inactive'.

* 'reject' is also a valid option here.

* For example for reloaded, changed will be set back to False here.

* Improve and adjust tests.

* Fix after merging integration test

* handle "disabled" on default routed

* Add /var/lib/ufw/.. rules files

* add unit test

* Fix pep8 formatting error

* Separate ipv6 and ipv4 rules process from checkmode

* fix non-ascii error on ci

* Some change after review

* Add unit test with sub network mask

* rename is_match function by is_starting

* add changelog fragment
2019-02-11 11:05:35 +00:00
Felix Fontein
fe4fa519d7 ufw: extend integration tests (#50400)
* Improve cleanup.

* Add check mode tests.

Failing tests commented out; will be fixed in #49948.

* Add reload and reset tests.

* Add tests for other global state.

* Work around ufw bugs.
2019-01-08 13:00:20 +00:00
Felix Fontein
a707f1a79c ufw: add integration tests (#50374)
* Add basic integration tests for ufw.

* Being more honest.
2018-12-29 13:50:04 +00:00