[OpenIndiana-discuss] How can we probe ipfilter rules?
Jim Klimov
jimklimov at cos.ru
Thu Aug 22 09:46:59 UTC 2013
Hello all,
I got myself wondering: IIRC linux iptables, or some other firewall
implementation I've used over the years, has a tool to "emulate" a
packet with given parameters and feed it to the firewall rules, so
as to know in advance whether it would be blocked or permitted, NATed
or routed... Is there anything similar with ipfilter?
Also, beside matching a particular set of packet attributes, I'd be
interested to see which rules match a "wider" set of attributes.
In a most practical case, I'd like to request, for example, analysis
of "from any to internal-host port = any" and see which rules apply to
the specified host with no other specifics - is it wide-open, or are
some protocols blocked, etc.
Thanks for any pointers, if a solution already exists :)
//Jim
More information about the OpenIndiana-discuss
mailing list