blob: 776a72f87964f27996a3c6443ed665cdd53f2f17 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
- name: Enable
ufw:
state: enabled
- name: Route with interface in and out
ufw:
rule: allow
route: yes
interface_in: foo
interface_out: bar
proto: tcp
from_ip: 1.1.1.1
to_ip: 8.8.8.8
from_port: 1111
to_port: 2222
- name: Route with interface in
ufw:
rule: allow
route: yes
interface_in: foo
proto: tcp
from_ip: 1.1.1.1
from_port: 1111
- name: Route with interface out
ufw:
rule: allow
route: yes
interface_out: bar
proto: tcp
from_ip: 1.1.1.1
from_port: 1111
- name: Non-route with interface in
ufw:
rule: allow
interface_in: foo
proto: tcp
from_ip: 1.1.1.1
from_port: 3333
- name: Non-route with interface out
ufw:
rule: allow
interface_out: bar
proto: tcp
from_ip: 1.1.1.1
from_port: 4444
- name: Check result
shell: ufw status |grep -E '(ALLOW|DENY|REJECT|LIMIT)' |sed -E 's/[ \t]+/ /g'
register: ufw_status
- assert:
that:
- '"8.8.8.8 2222/tcp on bar ALLOW FWD 1.1.1.1 1111/tcp on foo " in stdout'
- '"Anywhere ALLOW FWD 1.1.1.1 1111/tcp on foo " in stdout'
- '"Anywhere on bar ALLOW FWD 1.1.1.1 1111/tcp " in stdout'
- '"Anywhere on foo ALLOW 1.1.1.1 3333/tcp " in stdout'
- '"Anywhere ALLOW OUT 1.1.1.1 4444/tcp on bar " in stdout'
vars:
stdout: '{{ ufw_status.stdout_lines }}'
- name: Non-route with interface_in and interface_out
ufw:
rule: allow
interface_in: foo
interface_out: bar
proto: tcp
from_ip: 1.1.1.1
from_port: 1111
to_ip: 8.8.8.8
to_port: 2222
ignore_errors: yes
register: ufw_non_route_iface
- assert:
that:
- ufw_non_route_iface is failed
- '"Only route rules" in ufw_non_route_iface.msg'
|
