log entry 2014-08-15

iptables-optimizer version 0.9.10

In the meantime, my initial ITP was converted to an RFP.

I am still working on the iptables-optimizer and its debianization. A lot of todos are waiting to be done.

Some month ago Guido gave me a hint to shunit2, a unittest framework for shell scripts. So I played a little with it. Soon I was convinced, the existing shell wrapper for the iptables-optimizer needs to be rewritten completely.

As untested software is assumed to be broken by design nowadays, I began writing tests for the wrappers functions. It is a work in progress, testing is fun.

I started to write the functions and their parameters aside their corresponding tests. Four steps are identified, four functions are needed:

check and apply new rules if present
iptables-save to a file
run the python script
iptables-restore the output of 3rd step

Most annoying is, every iptables command needs to be run by uid 0. So all the tests need to be run by root as well as the optimizer itself. Therefore the effective uid is tested as well and this test will inform about missing access rights if it not equals to zero.

All these functions are tested by eleven different tests now:

test_AutoApply_Not_Present
test_AutoApply_Not_Ready
test_AutoApply_Ready
test_AutoApply_Execute
test_Needs_to_run_as_root
test_Modprobe_NetFilter
test_Good_iptables_save
test_Run_the_python_part
test_Bad_iptables_save
test_Correct_iptables_restore
test_Faulty_iptables_restore

For me some more work is still to be done, especially integrating the tests and the source file (optimizer-functions) into the debian package.

The new version of the iptables-optimizer will be uploaded when ready.

Many thanks to Kate Ward for writing shunit2.

Your comments are welcome!

Have fun!

social