From Fedora Project Wiki
(associated release criterion) |
(obsolete this test case (i'm splitting it in two)) |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
{{ | {{admon/note|Obsolete|The test case was split into [[QA:Testcase_kickstart_firewall_disabled]] and [[QA:Testcase_kickstart_firewall_configured]] on 2016-03-23 to make it simpler to follow and ease openQA result reporting.}} | ||
{{QA/Test_Case | {{QA/Test_Case | ||
Line 8: | Line 8: | ||
# Boot using a dedicated installer image for the Fedora release you wish to test | # Boot using a dedicated installer image for the Fedora release you wish to test | ||
# At the boot menu, edit the options for one of the "Install Fedora" options to include the parameter <tt>inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-disabled-net.ks</tt> | # At the boot menu, edit the options for one of the "Install Fedora" options to include the parameter <tt>inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-disabled-net.ks</tt> | ||
# The installation should run unattended: allow it to complete, boot the installed system, and check the state of the firewall using {{command|sudo iptables -L -v}} or {{command|sudo firewall-cmd state}}, and/or by attempting to connect to a port or running service from the other test system | # The installation should run unattended: allow it to complete, boot the installed system, and check the state of the firewall using {{command|sudo iptables -L -v}} or {{command|sudo firewall-cmd --state}}, and/or by attempting to connect to a port or running service from the other test system | ||
# Boot using a dedicated installer image for the Fedora release you wish to test | # Boot using a dedicated installer image for the Fedora release you wish to test | ||
# At the boot menu, edit the options for one of the "Install Fedora" options to include the parameter <tt>inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-configured-net.ks</tt> | # At the boot menu, edit the options for one of the "Install Fedora" options to include the parameter <tt>inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-configured-net.ks</tt> | ||
# The installation should run unattended: allow it to complete, boot the installed system, and check the state of the firewall using {{command|sudo iptables -L -v}} or {{command|sudo firewall-cmd state}}, {{command|sudo firewall-cmd --get-zone-of-interface<nowiki>=</nowiki>(interface)}}, and {{command|sudo firewall-cmd --list-all (zone)}}, and/or by attempting to connect to various ports or running services from the other test system | # The installation should run unattended: allow it to complete, boot the installed system, and check the state of the firewall using {{command|sudo iptables -L -v}} or {{command|sudo firewall-cmd --state}}, {{command|sudo firewall-cmd --get-zone-of-interface<nowiki>=</nowiki>(interface)}}, and {{command|sudo firewall-cmd --list-all (zone)}}, and/or by attempting to connect to various ports or running services from the other test system | ||
|results= | |results= | ||
# On the first installation, the firewall should be disabled | # On the first installation, the firewall should be disabled | ||
# On the second installation, the firewall should be enabled, and ports 143/tcp (IMAP), 1234/ucp, 47, and 21 (FTP) should be open. The relevant services will likely not be installed, so connecting to the ports will not necessarily "work", but it should not behave as if they are firewalled, and you could install and enable relevant services to do a functional test, if you liked. | # On the second installation, the firewall should be enabled, and ports 143/tcp (IMAP), 1234/ucp, 47, and 21 (FTP) should be open. The relevant services will likely not be installed, so connecting to the ports will not necessarily "work", but it should not behave as if they are firewalled, and you could install and enable relevant services to do a functional test, if you liked. | ||
}} | }} | ||
[[Category: | [[Category:Obsolete_Test_Cases]] |
Latest revision as of 20:59, 23 March 2016
Description
This test case tests whether firewall configuration works correctly in a kickstart-driven installation.
Setup
- Prepare a test system (virtual or real) with sufficient memory to install Fedora, an empty hard disk (or such that you do not mind losing the contents of all connected hard disks: this test WILL wipe all hard disks connected to the test system), and (ideally) a network connection and another system from which you can connect to the test system
How to test
- Boot using a dedicated installer image for the Fedora release you wish to test
- At the boot menu, edit the options for one of the "Install Fedora" options to include the parameter inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-disabled-net.ks
- The installation should run unattended: allow it to complete, boot the installed system, and check the state of the firewall using
sudo iptables -L -v
orsudo firewall-cmd --state
, and/or by attempting to connect to a port or running service from the other test system - Boot using a dedicated installer image for the Fedora release you wish to test
- At the boot menu, edit the options for one of the "Install Fedora" options to include the parameter inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-configured-net.ks
- The installation should run unattended: allow it to complete, boot the installed system, and check the state of the firewall using
sudo iptables -L -v
orsudo firewall-cmd --state
,sudo firewall-cmd --get-zone-of-interface=(interface)
, andsudo firewall-cmd --list-all (zone)
, and/or by attempting to connect to various ports or running services from the other test system
Expected Results
- On the first installation, the firewall should be disabled
- On the second installation, the firewall should be enabled, and ports 143/tcp (IMAP), 1234/ucp, 47, and 21 (FTP) should be open. The relevant services will likely not be installed, so connecting to the ports will not necessarily "work", but it should not behave as if they are firewalled, and you could install and enable relevant services to do a functional test, if you liked.