Infrataster::Plugin::Firewall
Firewall plugin for Infrataster.
Why Infrataster::Plugin::Firewall
We want to test connectivity between a source server and a destination server. But the servers could not respond because of no service provided on the port which we want to test. So, this plugin tests tcp/udp with tcpdump which can get packets on destination servers. Tcpdump can capture packets even if iptables or firewalld drops the packets.
Usage
The usage is as same as Infrataster.
require 'infrataster-plugin-firewall'
describe server(:src) do
describe firewall(server(:dst)) do
it { is_expected.to be_reachable } #ICMP ping
it { is_expected.to be_reachable.dest_port(80) } #TCP:80
it { is_expected.to be_reachable.tcp.dest_port(80) }
it { is_expected.to be_reachable.tcp.dest_port(22).ack } # judge with both ACK and captured SYN
it { is_expected.to be_reachable.tcp.dest_port(22).ack(:only) } # judge with only ACK
it { is_expected.to be_reachable.udp.dest_port(53) }
it { is_expected.to be_reachable.dest_port('80/tcp') }
it { is_expected.to be_reachable.dest_port('53/udp') }
it { is_expected.to be_reachable.tcp.dest_port(80).source_port(30123) }
end
end
You can get following result:
$ bundle exec rspec
server 'src'
via firewall
should reach to server 'dst'
should reach to server 'dst' dest_port: 80
should reach to server 'dst' tcp dest_port: 80
should reach to server 'dst' tcp dest_port: 22
should reach to server 'dst' tcp dest_port: 22
should reach to server 'dst' udp dest_port: 53
should reach to server 'dst' dest_port: 80/tcp
should reach to server 'dst' dest_port: 53/udp
should reach to server 'dst' tcp dest_port: 80 source_port: 30123
Finished in 21.35 seconds (files took 0.7851 seconds to load)
9 examples, 0 failures
$
Installation
Add this line to your application's Gemfile:
gem 'infrataster-plugin-firewall'
And then execute:
$ bundle
Or install it yourself as:
$ gem install infrataster-plugin-firewall
Requirement
This plugin uses nc(netcat) and tcpdump. You need to run tcpdump on destination servers with sudo, and nc on source servers.
Release Notes
Contributing
- Fork it ( https://github.com/otahi/infrataster-plugin-firewall/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request