Date: Sat, 19 Jun 2004 13:40:20 +0300 From: Viktor Ivanov <viktor.ivanov@gmail.com> To: freebsd-hackers@freebsd.org Subject: ipfw2 test utility Message-ID: <7f4bda01040619034050be53a2@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello -hackers. I'm thinking about an utility to test a simple packet against the machine's firewall (ipfw2 to be more specific). I needed it because on some of my routers the configuration got complicated and the rule count is too high. And sometimes I need to see quickly what a colleague have done to the firewall and why it's not working as expected. Is there an (easy) way to take the packet-matching code from the kernel and use it to check a (manually) constructed packet on the current ipfw2 rule set? I was planning on writing a simple script that reads the output of `ipfw list' and then does some very simple checks. Mostly I need to look what's done to packets from certain address/network coming from a certain interface. Sometimes I need to check on tcp streams too. Maybe I should just write a good script to build proper rule sets and not try to fix a problem by creating more problems :) Any comments are welcome
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7f4bda01040619034050be53a2>