New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tests: os: add check for iptables rules #3398
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is useful to verify content is present for the BALENA-FIREWALL chain in the filter table. This tells us that the Supervisor was able to create and add some rules in a way that balenaOS sees them. Supervisor also performs more detailed mock tests.
I also would add a comment in the code that states why we are running this test -- to ensure Supervisor rule generation is working.
Does OS testing include any other checking of firewall rules? If not, consider adding a sanity check. For example, we expect to see the MASQUERADE target used in the nat table POSTROUTING chain for the balena0 network, like below.
root@c5be172:~# iptables -t nat -L -vn
...
Chain POSTROUTING (policy ACCEPT 46 packets, 3058 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !balena0 10.114.101.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * !supervisor0 10.114.104.0/25 0.0.0.0/0
assuming new tests are currently failing as expected due to issue with supervisor - waiting on #3390 to rebase over it |
588d344
to
456e0c0
Compare
@resin-jenkins retest this please |
456e0c0
to
cadcf3a
Compare
@resin-jenkins retest this please |
Revisions look good, and the comments do a great job explaining why the tests are composed as they are. |
@resin-jenkins retest this please |
1 similar comment
@resin-jenkins retest this please |
@resin-jenkins retest this please |
cadcf3a
to
bab5f3f
Compare
bab5f3f
to
8df4d1d
Compare
Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
8df4d1d
to
0e3e4ce
Compare
Change-type: patch
Contributor checklist
Change-type
present on at least one commitSigned-off-by
is presentReviewer Guidelines