def test_restart_netfilter_persistent(self, mock_isfile):
mock_isfile.return_value = True
mgr = iptables.IPTablesManager()
mgr.restart()
assert self.execute.call_args_list == [
mock.call(['service', 'netfilter-persistent', 'restart'],
'sudo astara-rootwrap /etc/rootwrap.conf')
]
def test_mixed_floating_ip_versions(self):
# Neutron has a bug whereby you can create a floating ip that has
# mixed IP versions between the fixed and floating address. If
# people create these accidentally, just ignore them (because
# iptables will barf if it encounters them)
mgr = iptables.IPTablesManager()
config = deepcopy(CONFIG)
config.floating_ips[0].fixed_ip = netaddr.IPAddress(
'fdca:3ba5:a17a:acda:f816:3eff:fe66:33b6')
assert map(str, mgr._build_floating_ips(CONFIG)) == [
'-A PREROUTING -i eth1 -d 172.16.77.50 -j DNAT --to-destination 192.168.0.2', # noqa
'-A PREROUTING -i eth2 -d 172.16.77.50 -j DNAT --to-destination 192.168.0.2', # noqa
'-A POSTROUTING -s 192.168.0.0/24 -j PUBLIC_SNAT'
]
assert mgr._build_floating_ips(config) == []
def test_complete(self):
mgr = iptables.IPTablesManager()
mgr.save_config(CONFIG, {'ge0': 'eth0', 'ge1': 'eth1', 'ge2': 'eth2'})
assert self.replace.call_count == 2
assert mock.call('/tmp/ip4tables.rules', '\n'.join(V4_OUTPUT) +
'\n') in self.replace.call_args_list
assert mock.call('/tmp/ip6tables.rules', '\n'.join(V6_OUTPUT) +
'\n') in self.replace.call_args_list
assert self.execute.call_args_list == [
mock.call(['mv', '/tmp/ip4tables.rules', '/etc/iptables/rules.v4'],
'sudo astara-rootwrap /etc/rootwrap.conf'),
mock.call(['mv', '/tmp/ip6tables.rules', '/etc/iptables/rules.v6'],
'sudo astara-rootwrap /etc/rootwrap.conf')
]
def get_manager():
request.iptables_mgr = iptables.IPTablesManager()
def test_no_ext_port(self, fake_get_ext_net):
fake_get_ext_net.return_value = None
mgr = iptables.IPTablesManager()
mgr.save_config(CONFIG, {'ge0': 'eth0', 'ge1': 'eth1', 'ge2': 'eth2'})
def update_firewall(self):
mgr = iptables.IPTablesManager()
mgr.save_config(self._config, self.ip_mgr.generic_mapping)
mgr.restart()