Date: Thu, 17 Aug 2006 03:16:39 -0500 From: "Travis H." <solinym@gmail.com> To: Volker <volker@vwsoft.com> Cc: Greg Hennessy <Greg.Hennessy@nviz.net>, freebsd-pf@freebsd.org Subject: Re: "Reset" Script, Anyone? Message-ID: <d4f1333a0608170116j5e6d331awf92214125049fcc7@mail.gmail.com> In-Reply-To: <44DF4125.6060009@vwsoft.com> References: <000001c6bed4$680fd4d0$0a00a8c0@thebeast> <44DF4125.6060009@vwsoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Back when NetBSD was using ipfilter, there was a way to simulate throwing packets at a packet filter. I wrote a regression test harness around it, to make sure that a new config file would allow certain basic operations and prevent a few basic operations, as a kind of sanity check, before even loading it. It sure would be nice if pf had something like it. I suppose with some preprocessing judo, you could remap the interfaces to some temporary interface aliases you set up, but that's not a particularly easy or comprehensive way of testing your rules. Although I seem to recall someone suggesting a way to do something similar... anyone have any suggestions? -- "If you're not part of the solution, you're part of the precipitate." Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d4f1333a0608170116j5e6d331awf92214125049fcc7>