nixpkgs/nixos/tests/lxd/nftables.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

47 lines
1.2 KiB
Nix
Raw Normal View History

2020-06-08 19:33:21 +00:00
# This test makes sure that lxd stops implicitly depending on iptables when
# user enabled nftables.
#
# It has been extracted from `lxd.nix` for clarity, and because switching from
# iptables to nftables requires a full reboot, which is a bit hard inside NixOS
# tests.
import ../make-test-python.nix ({ pkgs, lib, ...} : {
2020-06-08 19:33:21 +00:00
name = "lxd-nftables";
2020-09-09 15:25:27 +00:00
2022-03-20 23:15:30 +00:00
nodes.machine = { lib, ... }: {
2020-06-08 19:33:21 +00:00
virtualisation = {
lxd.enable = true;
};
networking = {
firewall.enable = false;
nftables.enable = true;
nftables.tables."filter".family = "inet";
nftables.tables."filter".content = ''
2020-06-08 19:33:21 +00:00
chain incoming {
type filter hook input priority 0;
policy accept;
}
chain forward {
type filter hook forward priority 0;
policy accept;
}
chain output {
type filter hook output priority 0;
policy accept;
}
'';
};
};
testScript = ''
machine.wait_for_unit("network.target")
with subtest("When nftables are enabled, lxd doesn't depend on iptables anymore"):
machine.succeed("lsmod | grep nf_tables")
machine.fail("lsmod | grep ip_tables")
'';
})