[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: slightly OT - software for testing FW rule sets.
Russell Fulton wrote:
Does anyone know of any software that will forge packets (SYNs and UDP
should be enough) for a list of IPs and ports that I can use for testing
Back when OpenBSD still used IPFilter there used to be a program called
ipftest, which could be used to test rulesets against a predetermined
list of packets without actually loading the ruleset in the kernel.
Maybe something similar should to be written for pf rulesets? Doing
tests in user-space makes it much easier (and safer) to test the
intended behaviour of rulesets.