Yes, but this would still require some fancy footwork with chroots and network provisioning therein. Hmm...
--Corey On Jun 28, 2013, at 11:23 AM, [email protected] wrote: > Hello Tom, > > I use iptables-save -c to show the packet counts per rule to determine which > rules are hitting. > > Here is a very basic tool utilizing this feature. > > http://blackcore.net/source/ipdiff.txt > > I hope this gets you somewhat towards your desired goal :) > > Thanks, > Ash Palmer > > -----Original Message----- > From: Tom Limoncelli <[email protected]> > Sender: [email protected] > Date: Fri, 28 Jun 2013 14:02:50 > To: LOPSA Discuss List<[email protected]> > Subject: [lopsa-discuss] Linux iptables simulator > > Hi! > > I'd like to write "unit tests" for my firewall rules. I used to do > this with FreeBSD but I haven't found a similar tool for Linux. Any > suggestions? > > In particular, on FreeBSD there was a utility that simulated the > firewall system. You could give it a list of rules, a packet's > source/dest/ports, and it would return "DROP" or "ALLOW". The > Makefile I used for maintaining my firewall rules ran a couple scripts > that tested basic functionality (was port X blocked, was port Y > permitted). That way if I totally messed up the ruleset it wouldn't > be installed. > > For Linux I found http://sourceforge.net/projects/iptview (IPTview) > which seems to have been abandoned in 2005. It creates a graphical > view of the rules; not a simple "permit/deny" output. However that's > the best I've found so far. > > Does anyone know if such a thing exists? > > Thanks! > > Tom > > -- > Email: [email protected] > Skype: YesThatTom > Blog: http://EverythingSysadmin.com > ⬤ . . : . ) ● ● ● ● > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
