Re: Testing firewall rules

From: Darren Reed (avalon@coombs.anu.edu.au)
Date: 06/12/02


From: Darren Reed <avalon@coombs.anu.edu.au>
To: elf@glassfish.net (Michael Tang Helmeste)
Date: Wed, 12 Jun 2002 11:29:02 +1000 (Australia/ACT)

In some mail from Michael Tang Helmeste, sie said:
>
> I sent this earlier but it seems to have gotten lost in the mail...
>
> Is there any way to test firewall rules with example packets before you
> implement them? Maybe like a mock-ipfw and packet injection tool or
> something. Some type of network stack emulator that reads IPFW style
> rules? I have some very large ipfw rulesets and its hard to step thru
> each rule and check it against a packet, especially for when you want to
> test all different types of services, in both directions, etc.

Were you using ipf, you could use ipftest.

Darren

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Testing firewall rules
    ... I sent this earlier but it seems to have gotten lost in the mail... ... Is there any way to test firewall rules with example packets before you ... Some type of network stack emulator that reads IPFW style ... each rule and check it against a packet, especially for when you want to ...
    (FreeBSD-Security)
  • Testing firewall rules
    ... Is there any way to test firewall rules with example packets before you ... Maybe like a mock-ipfw and packet injection tool or ... Some type of network stack emulator that reads IPFW style ... each rule and check it against a packet, especially for when you want to ...
    (FreeBSD-Security)
  • Re: Testing firewall rules
    ... > I sent this earlier but it seems to have gotten lost in the mail... ... > Is there any way to test firewall rules with example packets before you ... Some type of network stack emulator that reads IPFW style ... > each rule and check it against a packet, especially for when you want to ...
    (FreeBSD-Security)