[pve-devel] new simulate command

Dietmar Maurer dietmar at proxmox.com
Tue May 20 11:16:59 CEST 2014


Hi Alexandre,

I finally moved the regression test code into a separate package "PVE::FirewallSimulator",
and made it available with the command line tool. So we can now
run tests with:

# pve-firewall simulate -dport 8006
Test packet:
  from    : outside
  to      : host
  proto   : tcp
  dport   : 8006
ACTION: ACCEPT

# pve-firewall simulate -from vm100 -to outside -dport 22
Test packet:
  from    : vm100
  to      : outside
  proto   : tcp
  dport   : 22
ACTION: ACCEPT

(use option -verbose to get complete trace)

# pve-firewall help simulate
USAGE: pve-firewall simulate  [OPTIONS]

  Simulate firewall rules. This does not simulate kernel 'routing' table.
  Instead, this simply assumes that routing from source zone to destination
  zone is possible.

  -dest      string

                    Destination IP address.

  -dport     integer

                    Destination port.

  -from      (host|outside|vm\d+|ct\d+|vmbr\d+/\S+)   (default=outside)

                    Source zone.

  -protocol  (tcp|udp)      (default=tcp)

                    Protocol.

  -source    string

                    Source IP address.

  -sport     integer

                    Source port.

  -to            (host|outside|vm\d+|ct\d+|vmbr\d+/\S+)   (default=host)

                    Destination zone.

  -verbose   boolean   (default=0)

                    Verbose output.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140520/5dcfa53e/attachment.htm>


More information about the pve-devel mailing list