How to check when iptables updates ?

Armz
2011-07-19
2013-03-05
  • Armz
    Armz
    2011-07-19

    There was a recent update to iptables (Debian testing amd 64).

    Is there a recommended method to allow a firewall builder user to verify if any
    of the iptables updates affected the currently installed firewall builder script?

    Thanks much.
    Armz

     
  • Vadim Kurland
    Vadim Kurland
    2011-07-19

    I can not offer any kind of formalized method to do this. I guess you need to test generated firewall script and see if anything breaks. Iptables developers usually do not introduce changes that are not backwards-compatible so I would expect things to just work.

     
  • Armz
    Armz
    2011-07-20

    Thanks Vkurland.

    If I do a "nmap -sS 192.168.1.1" and an "nmap -sU 192.168.1.1" scan and it produces the same results as before the iptables update, would that be enough of a test for a success in your opinion ?

     
  • Vadim Kurland
    Vadim Kurland
    2011-07-20

    Tests like that are useful but not complete. These simple port scans do not test complex protocols that involve more than one connection and they test only from one side of the firewall.

     
  • Armz
    Armz
    2011-07-20

    Thanks for your feedback Vkurland…
    Would it be possible for you to recommend a more thorough test method ?

    Regards,
    Armz