[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: slightly OT - software for testing FW rule sets.

Russell Fulton wrote:
Does anyone know of any software that will forge packets (SYNs and UDP
should be enough) for a list of IPs and ports that I can use for testing
in future.

Back when OpenBSD still used IPFilter there used to be a program called ipftest, which could be used to test rulesets against a predetermined list of packets without actually loading the ruleset in the kernel.

Maybe something similar should to be written for pf rulesets? Doing tests in user-space makes it much easier (and safer) to test the intended behaviour of rulesets.