ipftest man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

ipftest(1M)							   ipftest(1M)

NAME
       ipftest - test packet filter rules with arbitary input.

SYNOPSIS
DESCRIPTION
       The utility enables you to to test a set of HP-UX IPFilter filter rules
       without loading them.

       The utility will parse any standard IPFilter ruleset and	 evaluate  the
       rules  against  a set of packet descriptors that simulate network traf‐
       fic.  The utility determines the action IPFilter would  take  for  each
       packet  and writes the packet descriptor and the action to The possible
       actions are pass, block or nomatch.

       When used without the options  or  takes	 an  input  file  with	packet
       descriptors specified in the following format:

       This  enables you to describe a packet going "in" or "out" of an inter‐
       face, and optionally, the upper-layer protocol. If the protocol	is  or
       you  must  also specify a port number.  If the protocol is you can also
       specify TCP flags.

       The following is an example IPv4 input file:
		 # a UDP packet coming in on lan0
		 in on lan0 udp 10.1.1.1,2210 10.2.1.5,23
		 # an IP packet coming in on lan0 from host1
		 in on lan0 host1 10.4.12.1
		 # a TCP packet going out of lan0 with the SYN flag set.
		 out on lan0 tcp 10.4.12.1,2245 10.1.1.1,23 S

       The following is an example IPv6 input file:
		 # a UDP packet coming in on lan0
		 in on lan0 udp 2001:db8::100,2210 2001:db8::111,23
		 # an IP packet coming in on lan0 from host2
		 in on lan0 host2 2001:db8::111
		 # a TCP packet going out of lan0 with the SYN flag set.
		 out on lan0 tcp 2110:db8::111,65535 2001:db8::333,23 S

OPTIONS
       This option is required to parse IPv6 rules.

       Verbose mode.  This provides more information about which parts of rule
	      matching the input packet passes and fails.

       Turn on filter rule debugging.  Currently, this	only  shows  you  what
       caused
	      the  rule to not match in the IP header checking (addresses/net‐
	      masks, etc).

       Cause the output to be a brief summary  (one-word)  of  the  result  of
       passing
	      the  packet  through  the	 filter;  either  "pass",  "block"  or
	      "nomatch".  This is used in the regression testing.

       Set the interface name (used in rule  matching)	to  be	the  specified
       name.
	      This is useful with the and options, where it is not possible to
	      specify an interface name in the packet descriptor.

       The input file specified for the
	      option is a binary file produced using  libpcap  (i.e.,  tcpdump
	      version  3).  You can specify an interface for the packets using
	      the option.

       The input file specified for the
	      option is in "snoop" format (see RFC 1761).  You can specify  an
	      interface for the packets using the option.

       The input file specified for the
	      option  is  output file from tcpdump.  You can specify an inter‐
	      face for the packets using the option.

	      The file must be created	using  one  of	the  following	tcdump
	      option combinations:

		 tcpdump -n
		 tcpdump -nq
		 tcpdump -nqt
		 tcpdump -nqtt
		 tcpdump -nqte

       The input file specified for the
	      option  contains	hexadecimal  digits  that represent the binary
	      value of the packet.  No length correction is  made  if  the  IP
	      header length field contains an incorrect length.

       The input file specified for the
	      option contains text descriptions of IP packets.

       The input file specified for the
	      option  contains	text  output from etherfind.  The file must be
	      created using one of the	following  etherfind  option  combina‐
	      tions:

		 etherfind -n
		 etherfind -n -t

       Specify the input filename for the packets. The default is

       Specify the filename from which to read filter rules.

SEE ALSO
       ipf(4), ipf(1M)

AUTHOR
       IPFilter	  was	originally   developed	 by  Darren  Reed.  This HP-UX
       enhanced	 version  of IPFilter  is based	 on the	 open  source  version
       3.5  Alpha 5.

								   ipftest(1M)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net