Find out if your firewall really works the way you think it should.
set up a firewall and done a few cursory tests to make sure
it’s working, but have you tested the firewall to be
sure that it’s blocking everything that
it’s supposed to? You may not have done this because
you think it will take too long or be too difficult. Luckily
(http://ftester.sourceforge.net), a free tool
for doing extensive firewall tests.
Ftester consists of three Perl scripts. The
ftest script is used for injecting custom
packets as defined in the configuration file
ftest.conf. If you are testing how the firewall
behaves with ingress traffic, you should run this script on a machine
outside of your firewalled network. If you want to test your
firewall’s behavior toward egress traffic, you will
need to run
ftest from a machine within your
firewall’s protected network. One of the other
ftestd, which listens for the packets
ftest that come through the
firewall that you are testing. This script should be run on a machine
within your internal network if you are testing the
firewall’s ingress behavior. If you are testing
egress behavior, you’ll need to run it on a machine
external to your network. Both of these scripts keep a log of what
they send or receive. After a test run, their respective logs can be
compared using the
freport script, to quickly
see what packets were able to get through the firewall.
Before you can use Ftester, you will ...