Re: Testing firewall rules

From: Darren Reed (avalon@coombs.anu.edu.au)
Date: 06/12/02


From: Darren Reed <avalon@coombs.anu.edu.au>
To: elf@glassfish.net (Michael Tang Helmeste)
Date: Wed, 12 Jun 2002 11:29:02 +1000 (Australia/ACT)

In some mail from Michael Tang Helmeste, sie said:
>
> I sent this earlier but it seems to have gotten lost in the mail...
>
> Is there any way to test firewall rules with example packets before you
> implement them? Maybe like a mock-ipfw and packet injection tool or
> something. Some type of network stack emulator that reads IPFW style
> rules? I have some very large ipfw rulesets and its hard to step thru
> each rule and check it against a packet, especially for when you want to
> test all different types of services, in both directions, etc.

Were you using ipf, you could use ipftest.

Darren

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message