Skip to content

test: firewall validation should FAIL without iptables fix #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
theFong wants to merge 1 commit into from
Closed

test: firewall validation should FAIL without iptables fix #82

theFong wants to merge 1 commit into from

Conversation

@theFong
Copy link
Member

@theFong theFong commented Jan 31, 2026

⚠️ DO NOT MERGE - TEST PR

This PR tests that the firewall validation correctly detects when iptables rules are missing.

Setup:

Expected Result:

  • Shadeform Provider Validation should FAIL because without the iptables fix, servers on 0.0.0.0 are accessible from outside

This validates that our test actually catches the security issue.

@theFong theFong requested a review from a team as a code owner January 31, 2026 17:51
@theFong theFong mentioned this pull request Jan 31, 2026
Open
3 tasks
@theFong theFong force-pushed the test/firewall-validation-should-fail branch 3 times, most recently from 0b6b71c to c079400 Compare January 31, 2026 18:41
@theFong
feat(validation): add firewall validation for iptables/ufw rules
a3f8a62 
- Add networking_validation.go with ValidateFirewallBlocksPort and
  ValidateDockerFirewallBlocksPort to verify servers on 0.0.0.0 are
  not accessible from outside
- Extract instance validation functions to instance_validation.go
- Add RunFirewallValidation to validation suite
- Integrate ValidateFirewallBlocksPort into RunInstanceLifecycleValidation
@theFong theFong force-pushed the test/firewall-validation-should-fail branch from c079400 to a3f8a62 Compare January 31, 2026 19:02
@theFong
Copy link
Member Author

theFong commented Jan 31, 2026

Test PR successful - proved that ValidateDockerFirewallBlocksPort correctly detects when iptables DOCKER-USER rules are missing. See PR #81 for the actual validation code.

@theFong theFong closed this Jan 31, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@theFong