Date: Sat, 19 Jun 2004 19:20:37 +0300 From: Anton Alin-Adrian <aanton@spintech.ro> To: Viktor Ivanov <viktor.ivanov@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: ipfw2 test utility Message-ID: <40D467D5.5000100@spintech.ro> In-Reply-To: <7f4bda01040619034050be53a2@mail.gmail.com> References: <7f4bda01040619034050be53a2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Viktor Ivanov wrote: > Hello -hackers. > > I'm thinking about an utility to test a simple packet against the > machine's firewall (ipfw2 to be more specific). I needed it because on > some of my routers the configuration got complicated and the rule > count is too high. And sometimes I need to see quickly what a > colleague have done to the firewall and why it's not working as > expected. > See nemesistcp from ports. > Is there an (easy) way to take the packet-matching code from the > kernel and use it to check a (manually) constructed packet on the > current ipfw2 rule set? > I doubt. Faster with logging & scripts. > I was planning on writing a simple script that reads the output of > `ipfw list' and then does some very simple checks. Mostly I need to > look what's done to packets from certain address/network coming from a > certain interface. Sometimes I need to check on tcp streams too. > > Maybe I should just write a good script to build proper rule sets and > not try to fix a problem by creating more problems :) > > Any comments are welcome > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > -- Alin-Adrian Anton Spintech Systems GPG keyID 0x1E2FFF2E (2963 0C11 1AF1 96F6 0030 6EE9 D323 639D 1E2F FF2E) gpg --keyserver pgp.mit.edu --recv-keys 1E2FFF2E
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40D467D5.5000100>