iptables-optimizer version 0.9.10
In the meantime, my initial ITP was converted to an RFP.
I am still working on the iptables-optimizer and its debianization. A lot of todos are waiting to be done.
Some month ago Guido gave me a hint to shunit2, a unittest framework for shell scripts. So I played a little with it. Soon I was convinced, the existing shell wrapper for the iptables-optimizer needs to be rewritten completely.
As untested software is assumed to be broken by design nowadays, I began writing tests for the wrappers functions. It is a work in progress, testing is fun.
I started to write the functions and their parameters aside their corresponding tests. Four steps are identified, four functions are needed:
check and apply new rules if present iptables-save to a file run the python script iptables-restore the output of 3rd step
Most annoying is, every iptables command needs to be run by uid 0. So all the tests need to be run by root as well as the optimizer itself. Therefore the effective uid is tested as well and this test will inform about missing access rights if it not equals to zero.
All these functions are tested by eleven different tests now:
test_AutoApply_Not_Present test_AutoApply_Not_Ready test_AutoApply_Ready test_AutoApply_Execute test_Needs_to_run_as_root test_Modprobe_NetFilter test_Good_iptables_save test_Run_the_python_part test_Bad_iptables_save test_Correct_iptables_restore test_Faulty_iptables_restore
For me some more work is still to be done, especially integrating the tests and the source file (optimizer-functions) into the debian package.
The new version of the iptables-optimizer will be uploaded when ready.
Many thanks to Kate Ward for writing shunit2.
Your comments are welcome!