Can anybody confirm for me - is there anything that has replaced the iptables check command -C? I'm a newbie to iptables & am wanting to test FORWARD rules allowing access from networks that I have no access to.
There dosen't appear to be a dedecated check facility listed in the man page. But it sounds like it should have. Using some sought of loop-back facility i would think.
But i'm not sure if i'm following you with your reason.. I though a 'FORWARD'rule would be for passing on packets to another location. As would be used by a gateway. If you want to govern the access condition of other networks, wouldn't that involve the 'INPUT' chain first. And then the FORWARD target, depending on the kind of match. Or do you mean just passing on networks that you don't want to access your network ... if they should come by ???
I'd create a seperate chain for rule testing though. And insert an initial rule to jump to it in the FORWARD chain. Then you could just remove/insert that one rule to include the whole set in the testing chain.
I suppose, if you set it up for a specific external box/network, and use that as a specific rule match, that could pass for a testing method. You would just need a someone with their own network set up that they could lend.
- Code: Select all
-:- If the system is the answer, then the question
must have been really stupid -:-