[pve-devel] new simulate command
Alexandre DERUMIER
aderumier at odiso.com
Wed May 21 06:03:19 CEST 2014
ok thanks, good job !
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER (aderumier at odiso.com)" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mardi 20 Mai 2014 11:16:59
Objet: new simulate command
Hi Alexandre,
I finally moved the regression test code into a separate package “PVE::FirewallSimulator”,
and made it available with the command line tool. So we can now
run tests with:
# pve-firewall simulate -dport 8006
Test packet:
from : outside
to : host
proto : tcp
dport : 8006
ACTION: ACCEPT
# pve-firewall simulate -from vm100 -to outside -dport 22
Test packet:
from : vm100
to : outside
proto : tcp
dport : 22
ACTION: ACCEPT
(use option –verbose to get complete trace)
# pve-firewall help simulate
USAGE: pve-firewall simulate [OPTIONS]
Simulate firewall rules. This does not simulate kernel 'routing' table.
Instead, this simply assumes that routing from source zone to destination
zone is possible.
-dest string
Destination IP address.
-dport integer
Destination port.
-from (host|outside|vm\d+|ct\d+|vmbr\d+/\S+) (default=outside)
Source zone.
-protocol (tcp|udp) (default=tcp)
Protocol.
-source string
Source IP address.
-sport integer
Source port.
-to (host|outside|vm\d+|ct\d+|vmbr\d+/\S+) (default=host)
Destination zone.
-verbose boolean (default=0)
Verbose output.
More information about the pve-devel
mailing list