No commit activity in last 3 years
No release in over 3 years
Firewall plugin for Infrataster.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.7
>= 0
~> 0.7
~> 10.0
~> 3.0
= 0.28.0

Runtime

~> 0.3.0
 Project Readme

Infrataster::Plugin::Firewall

Gem Version Build Status Coverage Status

Firewall plugin for Infrataster.

Why Infrataster::Plugin::Firewall

We want to test connectivity between a source server and a destination server. But the servers could not respond because of no service provided on the port which we want to test. So, this plugin tests tcp/udp with tcpdump which can get packets on destination servers. Tcpdump can capture packets even if iptables or firewalld drops the packets.

Usage

The usage is as same as Infrataster.

require 'infrataster-plugin-firewall'

describe server(:src) do
  describe firewall(server(:dst)) do
    it { is_expected.to be_reachable } #ICMP ping
    it { is_expected.to be_reachable.dest_port(80) } #TCP:80
    it { is_expected.to be_reachable.tcp.dest_port(80) }
    it { is_expected.to be_reachable.tcp.dest_port(22).ack } # judge with both ACK and captured SYN
    it { is_expected.to be_reachable.tcp.dest_port(22).ack(:only) } # judge with only ACK
    it { is_expected.to be_reachable.udp.dest_port(53) }
    it { is_expected.to be_reachable.dest_port('80/tcp') }
    it { is_expected.to be_reachable.dest_port('53/udp') }
    it { is_expected.to be_reachable.tcp.dest_port(80).source_port(30123) }
  end
end

You can get following result:

$ bundle exec rspec

server 'src'
  via firewall
    should reach to server 'dst'
    should reach to server 'dst' dest_port: 80
    should reach to server 'dst' tcp dest_port: 80
    should reach to server 'dst' tcp dest_port: 22
    should reach to server 'dst' tcp dest_port: 22
    should reach to server 'dst' udp dest_port: 53
    should reach to server 'dst' dest_port: 80/tcp
    should reach to server 'dst' dest_port: 53/udp
    should reach to server 'dst' tcp dest_port: 80 source_port: 30123

Finished in 21.35 seconds (files took 0.7851 seconds to load)
9 examples, 0 failures
$

Installation

Add this line to your application's Gemfile:

gem 'infrataster-plugin-firewall'

And then execute:

$ bundle

Or install it yourself as:

$ gem install infrataster-plugin-firewall

Requirement

This plugin uses nc(netcat) and tcpdump. You need to run tcpdump on destination servers with sudo, and nc on source servers.

Release Notes

Release Notes

Contributing

  1. Fork it ( https://github.com/otahi/infrataster-plugin-firewall/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request