HP-UX IPFilter Version A.03.05.14 Administrator's Guide
HP-UX IPFilter Utilities
The ipftest Utility
Chapter 5 97
The ipftest Utility
Use the ipftest utility to test your ruleset in user space without
compromising the security of your IPFilter system. The ipftest utility
can be run by a non-root user.
The ipftest utility tests a ruleset using a set of packet descriptions that
simulate real network traffic. Actions taken by IPFilter on each
simulated packet are written to stdout.
When you generate simulated traffic, you can use example data obtained
from a packet probe or similar monitor. These packets can show the
specifics of the traffic the subject machine will encounter in a production
environment. Be sure to include the various flags in TCP packets, as they
are used in the various keep state rules.
Syntax
ipftest
<options><filename>
Options
-i
<filename>
Specifies the file from which to take input. The default is stdin.
-r
<filename>
Specifies the rules file from which to read rules.
Many other options are available to refine testing with ipftest. For a
complete list of options and their functions, see the ipftest manpage.
Example
The following ruleset is used for this example:
block in all
pass in from 10.1.84.195 to any