From owner-freebsd-security Tue Jun 11 16:28:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from glassfish.net (box15.communitycolo.net [209.81.4.68]) by hub.freebsd.org (Postfix) with SMTP id 48D5F37B405 for ; Tue, 11 Jun 2002 16:28:38 -0700 (PDT) Received: (qmail 87943 invoked from network); 5 Jun 2002 23:29:07 -0000 Received: from unknown (HELO glassfish.net) (128.200.142.203) by 209.81.4.68 with SMTP; 5 Jun 2002 23:29:07 -0000 Message-ID: <3CFE9EA7.9000809@glassfish.net> Date: Wed, 05 Jun 2002 16:28:39 -0700 From: Michael Tang Helmeste User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Testing firewall rules Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I sent this earlier but it seems to have gotten lost in the mail... Is there any way to test firewall rules with example packets before you implement them? Maybe like a mock-ipfw and packet injection tool or something. Some type of network stack emulator that reads IPFW style rules? I have some very large ipfw rulesets and its hard to step thru each rule and check it against a packet, especially for when you want to test all different types of services, in both directions, etc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message