def test_ensure_dns_chain(tmpdir): path = tmpdir.join('resolv.conf') path.write( 'nameserver 8.8.8.8\n' 'nameserver 8.8.4.4\n' ) with mock.patch.object( iptables, 'ensure_chain', autospec=True, ) as m, mock.patch.object( firewall, 'RESOLV_CONF', path.strpath, ): firewall._ensure_dns_chain() call, = m.call_args_list args, _ = call assert args[0] == 'PAASTA-DNS' assert args[1] == ( EMPTY_RULE._replace( dst='8.8.8.8/255.255.255.255', target='ACCEPT', protocol='udp', matches=( ('udp', (('dport', ('53',)),)), ), ), EMPTY_RULE._replace( dst='8.8.8.8/255.255.255.255', target='ACCEPT', protocol='tcp', matches=( ('tcp', (('dport', ('53',)),)), ), ), EMPTY_RULE._replace( dst='8.8.4.4/255.255.255.255', target='ACCEPT', protocol='udp', matches=( ('udp', (('dport', ('53',)),)), ), ), EMPTY_RULE._replace( dst='8.8.4.4/255.255.255.255', target='ACCEPT', protocol='tcp', matches=( ('tcp', (('dport', ('53',)),)), ), ), )
def test_ensure_dns_chain(tmpdir): path = tmpdir.join("resolv.conf") path.write("nameserver 8.8.8.8\n" "nameserver 8.8.4.4\n") with mock.patch.object(iptables, "ensure_chain", autospec=True) as m, mock.patch.object( firewall, "RESOLV_CONF", path.strpath): firewall._ensure_dns_chain() (call, ) = m.call_args_list args, _ = call assert args[0] == "PAASTA-DNS" assert args[1] == ( EMPTY_RULE._replace( dst="8.8.8.8/255.255.255.255", target="ACCEPT", protocol="udp", matches=(("udp", (("dport", ("53", )), )), ), ), EMPTY_RULE._replace( dst="8.8.8.8/255.255.255.255", target="ACCEPT", protocol="tcp", matches=(("tcp", (("dport", ("53", )), )), ), ), EMPTY_RULE._replace( dst="8.8.4.4/255.255.255.255", target="ACCEPT", protocol="udp", matches=(("udp", (("dport", ("53", )), )), ), ), EMPTY_RULE._replace( dst="8.8.4.4/255.255.255.255", target="ACCEPT", protocol="tcp", matches=(("tcp", (("dport", ("53", )), )), ), ), )