From owner-freebsd-security  Tue Jun 11 16:35:25 2002
Delivered-To: freebsd-security@freebsd.org
Received: from spqr.osg.gov.bc.ca (spqr.osg.gov.bc.ca [142.32.102.24])
	by hub.freebsd.org (Postfix) with ESMTP id 851D937B41A
	for <freebsd-security@FreeBSD.ORG>; Tue, 11 Jun 2002 16:35:11 -0700 (PDT)
Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29])
	by spqr.osg.gov.bc.ca (Postfix) with ESMTP
	id 5B3AB9EF18; Tue, 11 Jun 2002 16:35:11 -0700 (PDT)
Received: from cwsys.cwsent.com (cwsys2 [10.1.2.1])
	by passer.osg.gov.bc.ca (8.12.4/8.12.3) with ESMTP id g5BNZA5W005174;
	Tue, 11 Jun 2002 16:35:10 -0700 (PDT)
	(envelope-from cy@cwsent.com)
Received: from cwsys (localhost [127.0.0.1])
	by cwsys.cwsent.com (8.12.4/8.12.3) with ESMTP id g5BNZAGn091487;
	Tue, 11 Jun 2002 16:35:10 -0700 (PDT)
	(envelope-from cy@cwsys.cwsent.com)
Message-Id: <200206112335.g5BNZAGn091487@cwsys.cwsent.com>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
Reply-To: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-os: FreeBSD
X-Sender: cy@cwsent.com
To: Michael Tang Helmeste <elf@glassfish.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Testing firewall rules 
In-Reply-To: Message from Michael Tang Helmeste <elf@glassfish.net> 
   of "Wed, 05 Jun 2002 16:28:39 PDT." <3CFE9EA7.9000809@glassfish.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 11 Jun 2002 16:35:10 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In message <3CFE9EA7.9000809@glassfish.net>, Michael Tang Helmeste 
writes:
> I sent this earlier but it seems to have gotten lost in the mail...
> 
> Is there any way to test firewall rules with example packets before you 
> implement them? Maybe like a mock-ipfw and packet injection tool or 
> something. Some type of network stack emulator that reads IPFW style 
> rules? I have some very large ipfw rulesets and its hard to step thru 
> each rule and check it against a packet, especially for when you want to 
> test all different types of services, in both directions, etc.

The shields up firewall tester at grc.com can do some basic testing for 
you.  If however you want to test some specific aspect of your 
firewall, nmap is probably the way to go.


--
Cheers,                          Phone:  250-387-8437
Cy Schubert                        Fax:  250-387-5766
Team Leader, Sun/Alpha Team      Email:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, CITS
Ministry of Management Services
Province of BC            
                    FreeBSD UNIX:  cy@FreeBSD.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message