cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ansible/test/integration/targets/ufw/tasks/main.yml
Hans Jerry Illikainen a0b8b85fa5 ufw: add support for interface_in and interface_out (#65382) 
* ufw: escalate privileges in integration tests

A few of the integration tests for the UFW module forgot to `become`.
This is problematic if the test suite is executed as a non-privileged
user.  This commit amends that by adding `become` when appropriate.

* ufw: add unit tests for direction and interface

Extend the unit tests for the UFW module to test the `direction` and
`interface` parameters.  This will help in the implementation of a fix
for issue #63903.

* ufw: add support for interface_in and interface_out

The UFW module has support for specifying `direction` and `interface`
for UFW rules.  Rules with these parameters are built such that
per-interface filtering only apply to a single direction based on the
value of `direction`.

Not being able to specify multiple interfaces complicates things for
`routed` rules where one might want to apply filtering only for a
specific combination of `in` and `out` interfaces.

This commit introduces two new parameters to the UFW module:
`interface_in` and `interface_out`.  These rules are mutually exclusive
with the old `direction` and `interface` parameter because of the
ambiguity of having e.g.:

    direction: XXX
    interface: foo
    interface_XXX: bar

Fixes #63903
2019-12-02 08:01:44 +01:00

34 lines
880 B
YAML
Raw Blame History

---
# Make sure ufw is installed
- name: Install EPEL repository (RHEL only)
include_role:
name: setup_epel
when: ansible_distribution == 'RedHat'
- name: Install iptables (SuSE only)
package:
name: iptables
become: yes
when: ansible_os_family == 'Suse'
- name: Install ufw
become: yes
package:
name: ufw
# Run the tests
- block:
- include_tasks: run-test.yml
with_fileglob:
- "tests/*.yml"
become: yes
# Cleanup
always:
- pause:
# ufw creates backups of the rule files with a timestamp; if reset is called
# twice in a row fast enough (so that both timestamps are taken in the same second),
# the second call will notice that the backup files are already there and fail.
# Waiting one second fixes this problem.
seconds: 1
- name: Reset ufw to factory defaults and disable
ufw:
state: reset
Reference in a new issue View git blame Copy permalink