def initialize_ufw(): """Initialize the UFW firewall Ensure critical ports have explicit allows :return: None """ # this charm will monitor exclusively the ports used, using 'allow' as # default policy enables sharing the machine with other services ufw.default_policy('allow', 'incoming') # Rsync manages its own ACLs ufw.service('rsync', 'open') # Guarantee SSH access ufw.service('ssh', 'open') # Enable ufw.enable(soft_fail=config('allow-ufw-ip6-softfail'))
def initialize_ufw(): """Initialize the UFW firewall Ensure critical ports have explicit allows :return: None """ if not config('enable-firewall'): log("Firewall has been administratively disabled", "DEBUG") return # this charm will monitor exclusively the ports used, using 'allow' as # default policy enables sharing the machine with other services ufw.default_policy('allow', 'incoming') ufw.default_policy('allow', 'outgoing') ufw.default_policy('allow', 'routed') # Rsync manages its own ACLs ufw.service('rsync', 'open') # Guarantee SSH access ufw.service('ssh', 'open') # Enable ufw.enable(soft_fail=config('allow-ufw-ip6-softfail')) # Allow GRE traffic add_ufw_gre_rule(os.path.join(UFW_DIR, 'before.rules')) ufw.reload()
def test_change_default_policy_unexpected_output(self, check_output, log): check_output.return_value = "asdf" self.assertFalse(ufw.default_policy())
def test_change_default_policy_allow_outgoing(self, check_output, log): check_output.return_value = DEFAULT_POLICY_OUTPUT_OUTGOING self.assertTrue(ufw.default_policy('allow', 'outgoing')) check_output.asser_any_call(['ufw', 'default', 'allow', 'outgoing'])
def test_change_default_policy(self, check_output, log): check_output.return_value = DEFAULT_POLICY_OUTPUT self.assertTrue(ufw.default_policy()) check_output.asser_any_call(['ufw', 'default', 'deny', 'incoming'])