//go:build integration package firewall import ( "context" "testing" ) // linuxBackends lists every Linux backend in the same order NewManager probes them. func linuxBackends() []backendFactory { return []backendFactory{ {"firewalld", func(ctx context.Context, p string) (Manager, error) { return NewFirewallD(ctx, p) }}, {"ufw", func(ctx context.Context, p string) (Manager, error) { return NewUFW(ctx, p) }}, {"csf", func(ctx context.Context, p string) (Manager, error) { return NewCSF(ctx, p) }}, {"apf", func(ctx context.Context, p string) (Manager, error) { return NewAPF(ctx, p) }}, {"iptables", func(ctx context.Context, p string) (Manager, error) { return NewIPTables(ctx, p) }}, {"nft", func(ctx context.Context, p string) (Manager, error) { return NewNFT(ctx, p) }}, } } // TestIntegration runs the capability-driven suite against the Linux backends. // See integration_test.go for the shared suite and runIntegration. func TestIntegration(t *testing.T) { runIntegration(t, linuxBackends()) } // hookPlanter returns a function that writes a rule directly into the backend's // raw-iptables pre-hook, standing in for a copy a customer added by hand, or nil when // the backend has no pre-hook. Only csf and apf carry one. It lives here rather than // in the shared suite because it names the Linux-only backend types, which do not // compile for the pf and Windows targets. func hookPlanter(mgr Manager) func(*Rule) error { switch b := mgr.(type) { case *APF: return func(r *Rule) error { _, err := b.hook().edit(r, false); return err } case *CSF: return func(r *Rule) error { _, err := b.hook().edit(r, false); return err } } return nil }