How to test a firewall with NAT?

Александр Шевченко alexander.shevchenko at
Sun Nov 19 01:12:31 PST 2006

U can use "-n" flag for parsing rules before loading them
pfctl -nvvv -f /etc/pf.conf
Look at this port /usr/ports/sysutils/pftop
pftop displays the active packetfilter states, rules, and queues

-----Original Message-----
From: owner-freebsd-net at [mailto:owner-freebsd-net at]
On Behalf Of Gregory Edigarov
Sent: Friday, November 17, 2006 1:25 PM
To: freebsd-net at
Subject: How to test a firewall with NAT?

Hello Everybody,

I am trying to move one of my servers/routers from linux/iptables to 
freebsd/pf, and need a methodology of testing the pf firewall ruleset 
before it will  go in production.  I cannot  experiment on live network, 
because it's a busy server.

I only have one other machine available.
What can I do and what tool can you recommend?

Thank you.
With best regards,
    Gregory Edigarov

More information about the freebsd-net mailing list