···
# Test the firewall module.
3
-
import ./make-test.nix ( { pkgs, ... } : {
3
+
import ./make-test-python.nix ( { pkgs, ... } : {
meta = with pkgs.stdenv.lib.maintainers; {
···
testScript = { nodes, ... }: let
newSystem = nodes.walled2.config.system.build.toplevel;
42
-
$walled->waitForUnit("firewall");
43
-
$walled->waitForUnit("httpd");
44
-
$attacker->waitForUnit("network.target");
41
+
walled.wait_for_unit("firewall")
42
+
walled.wait_for_unit("httpd")
43
+
attacker.wait_for_unit("network.target")
# Local connections should still work.
47
-
$walled->succeed("curl -v http://localhost/ >&2");
46
+
walled.succeed("curl -v http://localhost/ >&2")
# Connections to the firewalled machine should fail, but ping should succeed.
50
-
$attacker->fail("curl --fail --connect-timeout 2 http://walled/ >&2");
51
-
$attacker->succeed("ping -c 1 walled >&2");
49
+
attacker.fail("curl --fail --connect-timeout 2 http://walled/ >&2")
50
+
attacker.succeed("ping -c 1 walled >&2")
# Outgoing connections/pings should still work.
54
-
$walled->succeed("curl -v http://attacker/ >&2");
55
-
$walled->succeed("ping -c 1 attacker >&2");
53
+
walled.succeed("curl -v http://attacker/ >&2")
54
+
walled.succeed("ping -c 1 attacker >&2")
# If we stop the firewall, then connections should succeed.
58
-
$walled->stopJob("firewall");
59
-
$attacker->succeed("curl -v http://walled/ >&2");
57
+
walled.stop_job("firewall")
58
+
attacker.succeed("curl -v http://walled/ >&2")
# Check whether activation of a new configuration reloads the firewall.
62
-
$walled->succeed("${newSystem}/bin/switch-to-configuration test 2>&1" .
63
-
" | grep -qF firewall.service");
62
+
"${newSystem}/bin/switch-to-configuration test 2>&1 | grep -qF firewall.service"
pyrox.dev