Re: Testing firewall rules

From: Darren Reed (
Date: 06/12/02

From: Darren Reed <>
To: (Michael Tang Helmeste)
Date: Wed, 12 Jun 2002 11:29:02 +1000 (Australia/ACT)

In some mail from Michael Tang Helmeste, sie said:
> I sent this earlier but it seems to have gotten lost in the mail...
> Is there any way to test firewall rules with example packets before you
> implement them? Maybe like a mock-ipfw and packet injection tool or
> something. Some type of network stack emulator that reads IPFW style
> rules? I have some very large ipfw rulesets and its hard to step thru
> each rule and check it against a packet, especially for when you want to
> test all different types of services, in both directions, etc.

Were you using ipf, you could use ipftest.


To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message