HP-UX IPFilter Version 17 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

9.2 Testing Rules with ipftest

The ipftest utility enables you to test a ruleset without loading it. You do not need superuser

capabilities to run ipftest.

The ipftest utility tests a ruleset using a set of packet descriptors that simulate network traffic.

The ipftest utility determines the action IPFilter would take for each packet and writes the

packet and the action to stdout.

When you generate simulated traffic, you can use example data obtained from a packet probe

or similar monitor. These packets can show the specifics of the traffic the subject system will

encounter in a production environment. If you are testing TCP keep state rules, include the

TCP flag values in the packet descriptor.

9.2.1 Syntax

ipftest [-6] -r ruleset_filename [-i input_filename]

9.2.2 Options

-6

Specifies that the rules tested are IPv6 filter rules.

-r ruleset_filename

Specifies the file from which to read rules.

-i input_filename

Specifies the file that contains packet descriptors. The default is

stdin.

Each packet descriptor must be contained on one line. By default,

the format for each packet descriptor is as follows:

in|out [on interface] [protocol] src_host[,src_port] dest_host[,dest_port] [flags]

Where:

interface Specifies the interface name, such as lan0.

protocol

Specifies the protocol name. Valid values are:

tcp

udp

icmp

icmpv6

src_host

Specifies the source IP address or host name.

src_port

Specifies the source TCP or UDP port number. You

must specify src_port if you specified the

protocol tcp or udp.

dest_host

Specifies the destination IP address or host name.

dest_port

Specifies the destination TCP or UDP port number.

You must specify dest_port if you specified the

protocol tcp or udp.

flags

Specifies TCP flags as a sequence of one or more

characters that indicate TCP flags. This parameter

is valid only if you specified the protocol tcp. The

valid characters are:

A (ACK - Acknowledgement)

F (FIN - No more data)

P (PUSH - Push function)

R (RST - Reset the connection)

S (SYN - Sychronize sequence numbers)

U (URG - Urgent)

9.2 Testing Rules with ipftest 85