Date: Tue, 11 Jun 2002 16:35:10 -0700 From: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Michael Tang Helmeste <elf@glassfish.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Testing firewall rules Message-ID: <200206112335.g5BNZAGn091487@cwsys.cwsent.com> In-Reply-To: Message from Michael Tang Helmeste <elf@glassfish.net> of "Wed, 05 Jun 2002 16:28:39 PDT." <3CFE9EA7.9000809@glassfish.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <3CFE9EA7.9000809@glassfish.net>, Michael Tang Helmeste
writes:
> I sent this earlier but it seems to have gotten lost in the mail...
>
> Is there any way to test firewall rules with example packets before you
> implement them? Maybe like a mock-ipfw and packet injection tool or
> something. Some type of network stack emulator that reads IPFW style
> rules? I have some very large ipfw rulesets and its hard to step thru
> each rule and check it against a packet, especially for when you want to
> test all different types of services, in both directions, etc.
The shields up firewall tester at grc.com can do some basic testing for
you. If however you want to test some specific aspect of your
firewall, nmap is probably the way to go.
--
Cheers, Phone: 250-387-8437
Cy Schubert Fax: 250-387-5766
Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, CITS
Ministry of Management Services
Province of BC
FreeBSD UNIX: cy@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206112335.g5BNZAGn091487>