[PLUG] Testing iptables rules
plug_0 at robinson-west.com
plug_0 at robinson-west.com
Thu Mar 2 05:31:29 UTC 2006
Quoting Michael Rasmussen <mikeraz at patch.com>:
> Keith Lofstrom wrote:
> > iptables rules are complex, and usually the only way to test them
> > is to "go live" with them. Are there any good offline parsers or
> > simulators for iptables rulesets?
> >
> > Ideally, it would be a tool that could read in the rulesets, and
> > a script to generate ip packets on various simulated interfaces,
> > then display them traversing the rules.
>
>
> Assuming you have a test box or two . . .
>
> Load up your iptables rules on one, *
> set up another configured to treat #1 as the gateway
> use Netcat
> or nemisis
> or ip sorcery
> or _____ to generate traffic
>
> view the logs to see if it's doing what you want.
>
> * modified to log everything.
>
Using iptables -A INPUT -j LOG --log-prefix="...: " seems to help.
Except for one major headache on my Fedora Core 3 system, undesired
logging to the console. Nothing like trying to vim in one Xterm
while you watch /var/log/messages on another only to have the
messages muddy up your editing window. I could use good
documentation on how to prevent logging to the screen for
Redhat and Fedora systems. I don't know if this happens a lot
because of bugs or if there is a simple change that can be done
to syslog.conf. Maybe the kernel logger is to blame, but where
is the kernel logger's config file??? This problem doesn't seem
to really be distro specific.
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
More information about the PLUG
mailing list