def test_ensure_dns_chain(tmpdir):
path = tmpdir.join('resolv.conf')
path.write(
'nameserver 8.8.8.8\n'
'nameserver 8.8.4.4\n'
)
with mock.patch.object(
iptables, 'ensure_chain', autospec=True,
) as m, mock.patch.object(
firewall, 'RESOLV_CONF', path.strpath,
):
firewall._ensure_dns_chain()
call, = m.call_args_list
args, _ = call
assert args[0] == 'PAASTA-DNS'
assert args[1] == (
EMPTY_RULE._replace(
dst='8.8.8.8/255.255.255.255',
target='ACCEPT',
protocol='udp',
matches=(
('udp', (('dport', ('53',)),)),
),
),
EMPTY_RULE._replace(
dst='8.8.8.8/255.255.255.255',
target='ACCEPT',
protocol='tcp',
matches=(
('tcp', (('dport', ('53',)),)),
),
),
EMPTY_RULE._replace(
dst='8.8.4.4/255.255.255.255',
target='ACCEPT',
protocol='udp',
matches=(
('udp', (('dport', ('53',)),)),
),
),
EMPTY_RULE._replace(
dst='8.8.4.4/255.255.255.255',
target='ACCEPT',
protocol='tcp',
matches=(
('tcp', (('dport', ('53',)),)),
),
),
)
def test_ensure_dns_chain(tmpdir):
path = tmpdir.join("resolv.conf")
path.write("nameserver 8.8.8.8\n" "nameserver 8.8.4.4\n")
with mock.patch.object(iptables, "ensure_chain",
autospec=True) as m, mock.patch.object(
firewall, "RESOLV_CONF", path.strpath):
firewall._ensure_dns_chain()
(call, ) = m.call_args_list
args, _ = call
assert args[0] == "PAASTA-DNS"
assert args[1] == (
EMPTY_RULE._replace(
dst="8.8.8.8/255.255.255.255",
target="ACCEPT",
protocol="udp",
matches=(("udp", (("dport", ("53", )), )), ),
),
EMPTY_RULE._replace(
dst="8.8.8.8/255.255.255.255",
target="ACCEPT",
protocol="tcp",
matches=(("tcp", (("dport", ("53", )), )), ),
),
EMPTY_RULE._replace(
dst="8.8.4.4/255.255.255.255",
target="ACCEPT",
protocol="udp",
matches=(("udp", (("dport", ("53", )), )), ),
),
EMPTY_RULE._replace(
dst="8.8.4.4/255.255.255.255",
target="ACCEPT",
protocol="tcp",
matches=(("tcp", (("dport", ("53", )), )), ),
),
)