mirror of
https://github.com/pi-hole/pi-hole.git
synced 2025-04-19 05:40:13 +00:00
remove configureFirewall function, the call to it, and related tests
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
This commit is contained in:
Adam Warner
parent
471006676c
commit
a37dba2c81
2 changed files with 0 additions and 205 deletions
|
|
@ -92,168 +92,6 @@ def test_setupVars_saved_to_file(Pihole):
|
|||
assert "{}={}".format(k, v) in output
|
||||
|
||||
|
||||
def test_configureFirewall_firewalld_running_no_errors(Pihole):
|
||||
'''
|
||||
confirms firewalld rules are applied when firewallD is running
|
||||
'''
|
||||
# firewallD returns 'running' as status
|
||||
mock_command('firewall-cmd', {'*': ('running', 0)}, Pihole)
|
||||
# Whiptail dialog returns Ok for user prompt
|
||||
mock_command('whiptail', {'*': ('', 0)}, Pihole)
|
||||
configureFirewall = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
configureFirewall
|
||||
''')
|
||||
expected_stdout = 'Configuring FirewallD for httpd and pihole-FTL'
|
||||
assert expected_stdout in configureFirewall.stdout
|
||||
firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
|
||||
assert 'firewall-cmd --state' in firewall_calls
|
||||
assert ('firewall-cmd '
|
||||
'--permanent '
|
||||
'--add-service=http '
|
||||
'--add-service=dns') in firewall_calls
|
||||
assert 'firewall-cmd --reload' in firewall_calls
|
||||
|
||||
|
||||
def test_configureFirewall_firewalld_disabled_no_errors(Pihole):
|
||||
'''
|
||||
confirms firewalld rules are not applied when firewallD is not running
|
||||
'''
|
||||
# firewallD returns non-running status
|
||||
mock_command('firewall-cmd', {'*': ('not running', '1')}, Pihole)
|
||||
configureFirewall = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
configureFirewall
|
||||
''')
|
||||
expected_stdout = ('No active firewall detected.. '
|
||||
'skipping firewall configuration')
|
||||
assert expected_stdout in configureFirewall.stdout
|
||||
|
||||
|
||||
def test_configureFirewall_firewalld_enabled_declined_no_errors(Pihole):
|
||||
'''
|
||||
confirms firewalld rules are not applied when firewallD is running, user
|
||||
declines ruleset
|
||||
'''
|
||||
# firewallD returns running status
|
||||
mock_command('firewall-cmd', {'*': ('running', 0)}, Pihole)
|
||||
# Whiptail dialog returns Cancel for user prompt
|
||||
mock_command('whiptail', {'*': ('', 1)}, Pihole)
|
||||
configureFirewall = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
configureFirewall
|
||||
''')
|
||||
expected_stdout = 'Not installing firewall rulesets.'
|
||||
assert expected_stdout in configureFirewall.stdout
|
||||
|
||||
|
||||
def test_configureFirewall_no_firewall(Pihole):
|
||||
''' confirms firewall skipped no daemon is running '''
|
||||
configureFirewall = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
configureFirewall
|
||||
''')
|
||||
expected_stdout = 'No active firewall detected'
|
||||
assert expected_stdout in configureFirewall.stdout
|
||||
|
||||
|
||||
def test_configureFirewall_IPTables_enabled_declined_no_errors(Pihole):
|
||||
'''
|
||||
confirms IPTables rules are not applied when IPTables is running, user
|
||||
declines ruleset
|
||||
'''
|
||||
# iptables command exists
|
||||
mock_command('iptables', {'*': ('', '0')}, Pihole)
|
||||
# modinfo returns always true (ip_tables module check)
|
||||
mock_command('modinfo', {'*': ('', '0')}, Pihole)
|
||||
# Whiptail dialog returns Cancel for user prompt
|
||||
mock_command('whiptail', {'*': ('', '1')}, Pihole)
|
||||
configureFirewall = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
configureFirewall
|
||||
''')
|
||||
expected_stdout = 'Not installing firewall rulesets.'
|
||||
assert expected_stdout in configureFirewall.stdout
|
||||
|
||||
|
||||
def test_configureFirewall_IPTables_enabled_rules_exist_no_errors(Pihole):
|
||||
'''
|
||||
confirms IPTables rules are not applied when IPTables is running and rules
|
||||
exist
|
||||
'''
|
||||
# iptables command exists and returns 0 on calls
|
||||
# (should return 0 on iptables -C)
|
||||
mock_command('iptables', {'-S': ('-P INPUT DENY', '0')}, Pihole)
|
||||
# modinfo returns always true (ip_tables module check)
|
||||
mock_command('modinfo', {'*': ('', '0')}, Pihole)
|
||||
# Whiptail dialog returns Cancel for user prompt
|
||||
mock_command('whiptail', {'*': ('', '0')}, Pihole)
|
||||
configureFirewall = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
configureFirewall
|
||||
''')
|
||||
expected_stdout = 'Installing new IPTables firewall rulesets'
|
||||
assert expected_stdout in configureFirewall.stdout
|
||||
firewall_calls = Pihole.run('cat /var/log/iptables').stdout
|
||||
# General call type occurances
|
||||
assert len(re.findall(r'iptables -S', firewall_calls)) == 1
|
||||
assert len(re.findall(r'iptables -C', firewall_calls)) == 4
|
||||
assert len(re.findall(r'iptables -I', firewall_calls)) == 0
|
||||
|
||||
# Specific port call occurances
|
||||
assert len(re.findall(r'tcp --dport 80', firewall_calls)) == 1
|
||||
assert len(re.findall(r'tcp --dport 53', firewall_calls)) == 1
|
||||
assert len(re.findall(r'udp --dport 53', firewall_calls)) == 1
|
||||
assert len(re.findall(r'tcp --dport 4711:4720', firewall_calls)) == 1
|
||||
|
||||
|
||||
def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole):
|
||||
'''
|
||||
confirms IPTables rules are applied when IPTables is running and rules do
|
||||
not exist
|
||||
'''
|
||||
# iptables command and returns 0 on calls (should return 1 on iptables -C)
|
||||
mock_command(
|
||||
'iptables',
|
||||
{
|
||||
'-S': (
|
||||
'-P INPUT DENY',
|
||||
'0'
|
||||
),
|
||||
'-C': (
|
||||
'',
|
||||
1
|
||||
),
|
||||
'-I': (
|
||||
'',
|
||||
0
|
||||
)
|
||||
},
|
||||
Pihole
|
||||
)
|
||||
# modinfo returns always true (ip_tables module check)
|
||||
mock_command('modinfo', {'*': ('', '0')}, Pihole)
|
||||
# Whiptail dialog returns Cancel for user prompt
|
||||
mock_command('whiptail', {'*': ('', '0')}, Pihole)
|
||||
configureFirewall = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
configureFirewall
|
||||
''')
|
||||
expected_stdout = 'Installing new IPTables firewall rulesets'
|
||||
assert expected_stdout in configureFirewall.stdout
|
||||
firewall_calls = Pihole.run('cat /var/log/iptables').stdout
|
||||
# General call type occurances
|
||||
assert len(re.findall(r'iptables -S', firewall_calls)) == 1
|
||||
assert len(re.findall(r'iptables -C', firewall_calls)) == 4
|
||||
assert len(re.findall(r'iptables -I', firewall_calls)) == 4
|
||||
|
||||
# Specific port call occurances
|
||||
assert len(re.findall(r'tcp --dport 80', firewall_calls)) == 2
|
||||
assert len(re.findall(r'tcp --dport 53', firewall_calls)) == 2
|
||||
assert len(re.findall(r'udp --dport 53', firewall_calls)) == 2
|
||||
assert len(re.findall(r'tcp --dport 4711:4720', firewall_calls)) == 2
|
||||
|
||||
|
||||
def test_selinux_not_detected(Pihole):
|
||||
'''
|
||||
confirms installer continues when SELinux configuration file does not exist
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue