Date: Tue, 11 Jun 2002 16:35:10 -0700 From: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Michael Tang Helmeste <elf@glassfish.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Testing firewall rules Message-ID: <200206112335.g5BNZAGn091487@cwsys.cwsent.com> In-Reply-To: Message from Michael Tang Helmeste <elf@glassfish.net> of "Wed, 05 Jun 2002 16:28:39 PDT." <3CFE9EA7.9000809@glassfish.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <3CFE9EA7.9000809@glassfish.net>, Michael Tang Helmeste writes: > I sent this earlier but it seems to have gotten lost in the mail... > > Is there any way to test firewall rules with example packets before you > implement them? Maybe like a mock-ipfw and packet injection tool or > something. Some type of network stack emulator that reads IPFW style > rules? I have some very large ipfw rulesets and its hard to step thru > each rule and check it against a packet, especially for when you want to > test all different types of services, in both directions, etc. The shields up firewall tester at grc.com can do some basic testing for you. If however you want to test some specific aspect of your firewall, nmap is probably the way to go. -- Cheers, Phone: 250-387-8437 Cy Schubert Fax: 250-387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, CITS Ministry of Management Services Province of BC FreeBSD UNIX: cy@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206112335.g5BNZAGn091487>