Viktor Ivanov wrote:
Hello -hackers.
I'm thinking about an utility to test a simple packet against the
machine's firewall (ipfw2 to be more specific). I needed it because on
some of my routers the configuration got complicated and the rule
count is too high. And sometimes I need to see quickly what a
colleague have done to the firewall and why it's not working as
expected.
See nemesistcp from ports.
Is there an (easy) way to take the packet-matching code from the
kernel and use it to check a (manually) constructed packet on the
current ipfw2 rule set?
I doubt. Faster with logging & scripts.
I was planning on writing a simple script that reads the output of
`ipfw list' and then does some very simple checks. Mostly I need to
look what's done to packets from certain address/network coming from a
certain interface. Sometimes I need to check on tcp streams too.
Maybe I should just write a good script to build proper rule sets and
not try to fix a problem by creating more problems :)
Any comments are welcome
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
--
Alin-Adrian Anton
Spintech Systems
GPG keyID 0x1E2FFF2E (2963 0C11 1AF1 96F6 0030 6EE9 D323 639D 1E2F FF2E)
gpg --keyserver pgp.mit.edu --recv-keys 1E2FFF2E
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
