From Fedora Project Wiki
(create test case for default Server firewall configuration (per tech spec, criteria)) |
(associated release criterion) |
||
Line 1: | Line 1: | ||
{{Template:Associated_release_criterion|Alpha|firewall-configuration}} | |||
{{QA/Test_Case | {{QA/Test_Case | ||
|description=This test case checks that the default configuration of the system firewall for the Server product is as required in the [[Server/Technical_Specification]]. | |description=This test case checks that the default configuration of the system firewall for the Server product is as required in the [[Server/Technical_Specification]]. |
Revision as of 00:51, 9 July 2014
Description
This test case checks that the default configuration of the system firewall for the Server product is as required in the Server/Technical_Specification.
How to test
- Install the Fedora Server release you wish to test, in graphical or text mode, with one or more server roles selected, and without doing anything otherwise to affect firewall configuration.
- Boot the installed system, and check the firewall configuration:
sudo iptables -L -v
is the most detailed and 'close to the metal' way to check, but may be too complex readily to understandsudo firewall-cmd --list-all (zone)
should list active services and open ports in the specified firewall zone (e.g. 'home', 'public' etc)sudo firewall-cmd --get-zone-of-interface=(interface)
should return which zone an interface is in- To do a functional test, you can manually attempt to connect to various ports with a telnet or netcat-like utility from another system, or use a port scanning tool only if you are the admin for both systems and the network itself or have permission from the relevant admin(s)
Expected Results
- The firewall should be configured as specified in the Server/Technical_Specification - that is, the ssh and Cockpit ports must be open, and the only other ports that may be open are those associated with the role(s) deployed during installation.