ipfw2 test utility
Anton Alin-Adrian
aanton at spintech.ro
Sat Jun 19 16:20:56 GMT 2004
Viktor Ivanov wrote:
> Hello -hackers.
>
> I'm thinking about an utility to test a simple packet against the
> machine's firewall (ipfw2 to be more specific). I needed it because on
> some of my routers the configuration got complicated and the rule
> count is too high. And sometimes I need to see quickly what a
> colleague have done to the firewall and why it's not working as
> expected.
>
See nemesistcp from ports.
> Is there an (easy) way to take the packet-matching code from the
> kernel and use it to check a (manually) constructed packet on the
> current ipfw2 rule set?
>
I doubt. Faster with logging & scripts.
> I was planning on writing a simple script that reads the output of
> `ipfw list' and then does some very simple checks. Mostly I need to
> look what's done to packets from certain address/network coming from a
> certain interface. Sometimes I need to check on tcp streams too.
>
> Maybe I should just write a good script to build proper rule sets and
> not try to fix a problem by creating more problems :)
>
> Any comments are welcome
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
>
--
Alin-Adrian Anton
Spintech Systems
GPG keyID 0x1E2FFF2E (2963 0C11 1AF1 96F6 0030 6EE9 D323 639D 1E2F FF2E)
gpg --keyserver pgp.mit.edu --recv-keys 1E2FFF2E
More information about the freebsd-hackers
mailing list