From Fedora Project Wiki
(create test case for default Server firewall configuration (per tech spec, criteria)) |
(fix firewall-cmd syntax) |
||
(3 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{Template:Associated_release_criterion|Alpha|firewall-configuration}} | |||
{{QA/Test_Case | {{QA/Test_Case | ||
|description=This test case checks that the default configuration of the system firewall for the Server product is as required in the [[Server/Technical_Specification]]. | |description=This test case checks that the default configuration of the system firewall for the Server product is as required in the [[Server/Technical_Specification]]. | ||
Line 5: | Line 7: | ||
# Boot the installed system, and check the firewall configuration: | # Boot the installed system, and check the firewall configuration: | ||
#: {{command|sudo iptables -L -v}} is the most detailed and 'close to the metal' way to check, but may be too complex readily to understand | #: {{command|sudo iptables -L -v}} is the most detailed and 'close to the metal' way to check, but may be too complex readily to understand | ||
#: {{command|sudo firewall-cmd --list-all | #: {{command|sudo firewall-cmd --list-all [--zone <zone>]}} should list active services and open ports in the default or specified firewall zone (e.g. 'FedoraServer', 'home', 'public' etc) | ||
#: {{command|sudo firewall-cmd --get-zone-of-interface<nowiki>=</nowiki> | #: {{command|sudo firewall-cmd --get-zone-of-interface<nowiki>=</nowiki><interface>}} should return which zone an interface is in | ||
#: To do a functional test, you can manually attempt to connect to various ports with a telnet or netcat-like utility from another system, or use a port scanning tool '''only''' if you are the admin for both systems and the network itself or have permission from the relevant admin(s) | #: To do a functional test, you can manually attempt to connect to various ports with a telnet or netcat-like utility from another system, or use a port scanning tool '''only''' if you are the admin for both systems and the network itself or have permission from the relevant admin(s) | ||
|results= | |results= | ||
# The firewall should be configured as specified in the [[Server/Technical_Specification]] - that is, the ssh and Cockpit ports must be open, and the only other ports that may be open are those associated with the role(s) deployed during installation. | # The firewall should be configured as specified in the [[Server/Technical_Specification#Firewall]] - that is, the ssh and Cockpit ports must be open, and the only other ports that may be open are those associated with the role(s) deployed during installation and dhcpv6-client (which is needed for IPv6 operation). | ||
}} | }} | ||
[[Category:Server_Acceptance_Test_Cases]] | [[Category:Server_Acceptance_Test_Cases]] |
Latest revision as of 12:55, 9 April 2015
Description
This test case checks that the default configuration of the system firewall for the Server product is as required in the Server/Technical_Specification.
How to test
- Install the Fedora Server release you wish to test, in graphical or text mode, with one or more server roles selected, and without doing anything otherwise to affect firewall configuration.
- Boot the installed system, and check the firewall configuration:
sudo iptables -L -v
is the most detailed and 'close to the metal' way to check, but may be too complex readily to understandsudo firewall-cmd --list-all [--zone <zone>]
should list active services and open ports in the default or specified firewall zone (e.g. 'FedoraServer', 'home', 'public' etc)sudo firewall-cmd --get-zone-of-interface=<interface>
should return which zone an interface is in- To do a functional test, you can manually attempt to connect to various ports with a telnet or netcat-like utility from another system, or use a port scanning tool only if you are the admin for both systems and the network itself or have permission from the relevant admin(s)
Expected Results
- The firewall should be configured as specified in the Server/Technical_Specification#Firewall - that is, the ssh and Cockpit ports must be open, and the only other ports that may be open are those associated with the role(s) deployed during installation and dhcpv6-client (which is needed for IPv6 operation).