On 2/27/06, Peter N. M. Hansteen <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] writes: > > > Is there an online guide giving details about how to verify that a rule > > set does what you want, and how to figure out what's wrong when it's > > doing something else?
An idea I've been toying with is using QEMU to simulate several OpenBSD boxes on one machine for network setup testing- the reasoning being that QEMU lets you have multiple virtual machines running, where you can have 0-n network cards in each, and VLANS simulating your network switches... set up network traffic simulators on one or more of the VMs and you can test your rulesets and OpenBSD's behaviors in general without having to mess with wires and NICs, and not sending/using "real world" traffic when you're still hashing out the basics. And then, in theory, you can put all the config into a tgz and have others play with your exact configuration when you need help. Potential problems with that approach- QEMU not OpenBSD native. The VMs behaviour may not match your real hardware (especially interactions with routers/switches) and the project is still in its infancy which means VMs even less predictable. And I just barely know how to use it. A fair amount of work to get a useful and easily usable net debugging system... Potential benefits, standardized testing harness to check for common things (eg see what a portscan would return) and a standardized "easier" way to talk about setups- heck have a plugin to generate ASCII art of a network setup! hmmm... file under vaporware. If anyone has experience testing filters and networks in a virtualized sandbox, please let us know, I'm curious. -y
