"Reset" Script, Anyone?
Travis H.
solinym at gmail.com
Thu Aug 17 08:16:43 UTC 2006
Back when NetBSD was using ipfilter, there was a way to simulate
throwing packets at a packet filter. I wrote a regression test
harness around it, to make sure that a new config file would allow
certain basic operations and prevent a few basic operations, as a kind
of sanity check, before even loading it.
It sure would be nice if pf had something like it. I suppose with
some preprocessing judo, you could remap the interfaces to some
temporary interface aliases you set up, but that's not a particularly
easy or comprehensive way of testing your rules. Although I seem to
recall someone suggesting a way to do something similar... anyone have
any suggestions?
--
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
More information about the freebsd-pf
mailing list