Refactor from the scratch
Customer-Found
Prod-Related: CEEMCP-19
Prod-Related: PROD-22620
Change-Id: Ib14838becc409c2f735d93b5fa8a8ead6ea1a5ec
diff --git a/tests/pillar/iptables.sls b/tests/pillar/iptables.sls
new file mode 100644
index 0000000..05fe015
--- /dev/null
+++ b/tests/pillar/iptables.sls
@@ -0,0 +1,71 @@
+iptables:
+ schema:
+ epoch: 1
+ service:
+ v4:
+ enabled: true
+ modules:
+ - nf_conntrack_ftp
+ - nf_conntrack_pptp
+ v6:
+ enabled: false
+ modules:
+ - nf_conntrack_ipv6
+ defaults:
+ v4:
+ metadata_rules: false
+ policy: ACCEPT
+ ruleset:
+ action: ACCEPT
+ params: ""
+ rule: ""
+ v6:
+ metadata_rules: false
+ policy: DROP
+ ruleset:
+ action: ACCEPT
+ params: ""
+ rule: ""
+ tables:
+ v4:
+ filter:
+ chains:
+ INPUT:
+ ruleset:
+ 5:
+ action: log_drop
+ 10:
+ rule: -s 192.168.0.0/24 -p tcp
+ log_drop:
+ policy: DROP
+ ruleset:
+ 10:
+ rule: ""
+ action: LOG
+ nat:
+ chains:
+ OUTPUT:
+ PREROUTING:
+ POSTROUTING:
+ policy: ACCEPT
+ ruleset:
+ 10:
+ rule: -s 192.168.0.0/24 -p tcp -o lo
+ action: SNAT
+ params: --to-source=127.0.0.1
+ config: v4
+ v6:
+ filter:
+ chains:
+ INPUT:
+ ruleset:
+ 5:
+ action: log_drop
+ 10:
+ rule: -s 200A:0:200C::1/64 -p tcp
+ log_drop:
+ policy: DROP
+ ruleset:
+ 10:
+ rule: ""
+ action: LOG
diff --git a/tests/pillar/iptables_server.sls b/tests/pillar/iptables_server.sls
deleted file mode 100644
index 408b273..0000000
--- a/tests/pillar/iptables_server.sls
+++ /dev/null
@@ -1,28 +0,0 @@
-iptables:
- service:
- enabled: true
- chain:
- INPUT:
- policy:
- - table: nat
- policy: ACCEPT
- rules:
- - position: 1
- table: filter
- protocol: tcp
- destination_port: 8088
- source_network: 127.0.0.1
- jump: ACCEPT
- comment: Blah
- OUTPUT:
- policy: ACCEPT
- FORWARD:
- policy:
- - table: mangle
- policy: DROP
- POSTROUTING:
- rules:
- - jump: MASQUERADE
- protocol: icmp
- out_interface: ens3
- table: nat