How To Test Your Linux-Distro Firewall

# perl -MCPAN -e "install Net::RawIP"



# perl -MCPAN -e "install Net::Pcap"



# perl -MCPAN -e "install Net::PcapUtils"



# perl -MCPAN -e "install NetPacket"

# wget http://dev.inversepath.com/ftester/ftester-1.0.tar.gz

# tar -xzf ftester-1.0.tar.gz

Source Address:Source Port:Destination Address:Destination Port:Flags:Protocol:Type of Service

Source Address:Source Port:Destination Address:Destination Port:Flags:ICMP:icmp_type:icmp_pre

# SYN packet to 10.1.7.1 port 80 192.168.0.10:1024:10.1.7.1:80:S:TCP:0 # PSH,ACK reply from 192.168.0.10 192.168.0.10:20:10.1.7.1:1022:AP:TCP:22 # UDP packet 192.168.0.10:53:10.1.7.1:53::UDP:0 # ICMP packet type 3 pre 5 192.168.0.10::10.1.7.1:::ICMP:3:5 # ranges are allowed for source address, source port, destination port # source address can also be specified in CIDR form 192.168.0.1-255:1024:10.1.7.1:22:S:TCP:0 192.168.0.1:1024:10.1.7.1:1-65535:S:TCP:0 192.168.0.1:1-1024:10.7.0.1:20-25:S:TCP:22 192.168.3.0/24:1-1024:10.7.0.1:20-25:S:TCP:0 192.168.0.0/22:1024:10.7.0.1:80:S:TCP:0

stop_signal=192.168.0.1:666:10.1.7.1:666:S:TCP:

# vi ftest.conf

# checking privileged ports (<1025) 192.168.0.10:1025:10.1.7.1:1-1025:S:TCP:0 # checking proxy port 192.168.0.10:1025:10.1.7.1:3128:S:TCP:0 stop_signal=192.168.0.10:80:10.1.7.1:1025:AP:TCP:0

# ./ftestd -i eth0

# ./ftest -f ftest.conf

# ./freport ftest.log ftestd.log

Authorized packets: ------------------- 21 - 192.168.0.10:1025 > 10.1.7.1:21 S TCP 0 22 - 192.168.0.10:1025 > 10.1.7.1:22 S TCP 0 23 - 192.168.0.10:1025 > 10.1.7.1:23 S TCP 0 25 - 192.168.0.10:1025 > 10.1.7.1:25 S TCP 0 80 - 192.168.0.10:1025 > 10.1.7.1:80 S TCP 0 110 - 192.168.0.10:1025 > 10.1.7.1:110 S TCP 0 113 - 192.168.0.10:1025 > 10.1.7.1:113 S TCP 0 1027 - 192.168.0.10:80 > 10.1.7.1:1025 PA TCP 0

Modified packets (probably NAT): -------------------------------- 443 - 192.168.0.10:1025 > 10.1.7.1:443 S TCP 0 443 - 192.168.0.10:1025 > 10.1.7.5:443 S TCP 0

Filtered or dropped packets: ---------------------------- 1 - 192.168.0.10:1025 > 10.1.7.1:1 S TCP 0 2 - 192.168.0.10:1025 > 10.1.7.1:2 S TCP 0 3 - 192.168.0.10:1025 > 10.1.7.1:3 S TCP 0 ... ... ... 1026 - 192.168.0.10:1025 > 10.1.7.1:3128 S TCP 0