[pve-devel] new simulate command
Dietmar Maurer
dietmar at proxmox.com
Tue May 20 11:16:59 CEST 2014
Hi Alexandre,
I finally moved the regression test code into a separate package "PVE::FirewallSimulator",
and made it available with the command line tool. So we can now
run tests with:
# pve-firewall simulate -dport 8006
Test packet:
from : outside
to : host
proto : tcp
dport : 8006
ACTION: ACCEPT
# pve-firewall simulate -from vm100 -to outside -dport 22
Test packet:
from : vm100
to : outside
proto : tcp
dport : 22
ACTION: ACCEPT
(use option -verbose to get complete trace)
# pve-firewall help simulate
USAGE: pve-firewall simulate [OPTIONS]
Simulate firewall rules. This does not simulate kernel 'routing' table.
Instead, this simply assumes that routing from source zone to destination
zone is possible.
-dest string
Destination IP address.
-dport integer
Destination port.
-from (host|outside|vm\d+|ct\d+|vmbr\d+/\S+) (default=outside)
Source zone.
-protocol (tcp|udp) (default=tcp)
Protocol.
-source string
Source IP address.
-sport integer
Source port.
-to (host|outside|vm\d+|ct\d+|vmbr\d+/\S+) (default=host)
Destination zone.
-verbose boolean (default=0)
Verbose output.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140520/5dcfa53e/attachment.htm>
More information about the pve-devel
mailing list