log entry 2014-08-15

iptables-optimizer version 0.9.10

In the meantime, my initial ITP was converted to an RFP.

I am still working on the iptables-optimizer and its debianization. A lot of todos are waiting to be done.

Some month ago Guido gave me a hint to shunit2, a unittest framework for shell scripts. So I played a little with it. Soon I was convinced, the existing shell wrapper for the iptables-optimizer needs to be rewritten completely.

As untested software is assumed to be broken by design nowadays, I began writing tests for the wrappers functions. It is a work in progress, testing is fun.

I started to write the functions and their parameters aside their corresponding tests. Four steps are identified, four functions are needed:

check and apply new rules if present
iptables-save to a file
run the python script
iptables-restore the output of 3rd step

Most annoying is, every iptables command needs to be run by uid 0. So all the tests need to be run by root as well as the optimizer itself. Therefore the effective uid is tested as well and this test will inform about missing access rights if it not equals to zero.

All these functions are tested by eleven different tests now:


For me some more work is still to be done, especially integrating the tests and the source file (optimizer-functions) into the debian package.

The new version of the iptables-optimizer will be uploaded when ready.

Many thanks to Kate Ward for writing shunit2.

Your comments are welcome!

Have fun!