nixpkgs/tests/firewall.nix
Eelco Dolstra 51006ffdc7 * Make some tests more robust. In particular, tests should make sure
that the network-interfaces job is up before accessing the network.

svn path=/nixos/trunk/; revision=28877
2011-08-29 14:23:26 +00:00

48 lines
1.2 KiB
Nix

# Test the firewall module.
{ pkgs, ... }:
{
nodes =
{ walled =
{ config, pkgs, nodes, ... }:
{ networking.firewall.enable = true;
networking.firewall.logRefusedPackets = true;
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
};
attacker =
{ config, pkgs, ... }:
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
};
};
testScript =
{ nodes, ... }:
''
startAll;
$walled->waitForJob("firewall");
$walled->waitForJob("httpd");
$attacker->waitForJob("network-interfaces");
# Local connections should still work.
$walled->succeed("curl -v http://localhost/ >&2");
# Connections to the firewalled machine should fail.
$attacker->fail("curl -v http://walled/ >&2");
$attacker->fail("ping -c 1 walled >&2");
# Outgoing connections/pings should still work.
$walled->succeed("curl -v http://attacker/ >&2");
$walled->succeed("ping -c 1 attacker >&2");
# If we stop the firewall, then connections should succeed.
$walled->succeed("stop firewall");
$attacker->succeed("curl -v http://walled/ >&2");
'';
}