diff --git a/src/host-iptables-host-access.test.ts b/src/host-iptables-host-access.test.ts index 4d1cbe6e0..fd5062f30 100644 --- a/src/host-iptables-host-access.test.ts +++ b/src/host-iptables-host-access.test.ts @@ -1,6 +1,7 @@ import { mockedExeca, setupDefaultIptablesMocks, setupHostIptablesTestSuite } from './test-helpers/host-iptables-test-setup'; import { HostAccessConfig, setupHostIptables } from './host-iptables'; import { iptablesSharedTestHelpers } from './host-iptables-shared.test-utils'; +import { expectGatewayHttpAcceptRules } from './host-iptables-test-helpers.test-utils'; describe('host-iptables (host access)', () => { setupHostIptablesTestSuite(iptablesSharedTestHelpers.resetIpv6State); @@ -36,16 +37,7 @@ describe('host-iptables (host access)', () => { ]); // Verify ACCEPT rules for AWF network gateway (172.30.0.1) on default ports - expect(mockedExeca).toHaveBeenCalledWith('iptables', [ - '-t', 'filter', '-A', 'FW_WRAPPER', - '-p', 'tcp', '-d', '172.30.0.1', '--dport', '80', - '-j', 'ACCEPT', - ]); - expect(mockedExeca).toHaveBeenCalledWith('iptables', [ - '-t', 'filter', '-A', 'FW_WRAPPER', - '-p', 'tcp', '-d', '172.30.0.1', '--dport', '443', - '-j', 'ACCEPT', - ]); + expectGatewayHttpAcceptRules(mockedExeca, '172.30.0.1'); }); it('should not add gateway rules when hostAccess is undefined', async () => { @@ -143,16 +135,7 @@ describe('host-iptables (host access)', () => { await setupHostIptables('172.30.0.10', 3128, ['8.8.8.8', '8.8.4.4'], undefined, undefined, hostAccess); // Verify default port 80 rules exist - expect(mockedExeca).toHaveBeenCalledWith('iptables', [ - '-t', 'filter', '-A', 'FW_WRAPPER', - '-p', 'tcp', '-d', '172.30.0.1', '--dport', '80', - '-j', 'ACCEPT', - ]); - expect(mockedExeca).toHaveBeenCalledWith('iptables', [ - '-t', 'filter', '-A', 'FW_WRAPPER', - '-p', 'tcp', '-d', '172.30.0.1', '--dport', '443', - '-j', 'ACCEPT', - ]); + expectGatewayHttpAcceptRules(mockedExeca, '172.30.0.1'); }); it('should support port ranges in allowHostPorts', async () => { @@ -238,16 +221,7 @@ describe('host-iptables (host access)', () => { ])); // Default ports should still be present - expect(mockedExeca).toHaveBeenCalledWith('iptables', [ - '-t', 'filter', '-A', 'FW_WRAPPER', - '-p', 'tcp', '-d', '172.30.0.1', '--dport', '80', - '-j', 'ACCEPT', - ]); - expect(mockedExeca).toHaveBeenCalledWith('iptables', [ - '-t', 'filter', '-A', 'FW_WRAPPER', - '-p', 'tcp', '-d', '172.30.0.1', '--dport', '443', - '-j', 'ACCEPT', - ]); + expectGatewayHttpAcceptRules(mockedExeca, '172.30.0.1'); }); it('should deduplicate ports when custom ports overlap with defaults', async () => { diff --git a/src/host-iptables-test-helpers.test-utils.ts b/src/host-iptables-test-helpers.test-utils.ts new file mode 100644 index 000000000..cfdfee8c5 --- /dev/null +++ b/src/host-iptables-test-helpers.test-utils.ts @@ -0,0 +1,15 @@ +export function expectGatewayHttpAcceptRules any>( + mockedExeca: jest.MockedFunction, + gatewayIp: string +): void { + expect(mockedExeca).toHaveBeenCalledWith('iptables', [ + '-t', 'filter', '-A', 'FW_WRAPPER', + '-p', 'tcp', '-d', gatewayIp, '--dport', '80', + '-j', 'ACCEPT', + ]); + expect(mockedExeca).toHaveBeenCalledWith('iptables', [ + '-t', 'filter', '-A', 'FW_WRAPPER', + '-p', 'tcp', '-d', gatewayIp, '--dport', '443', + '-j', 'ACCEPT', + ]); +}