How to check when iptables updates ?

Brought to you by: mikehorn

How to check when iptables updates ?

Forum: Open Discussion

Created: 2011-07-19

Updated: 2013-03-05

Armz - 2011-07-19

There was a recent update to iptables (Debian testing amd 64).

Is there a recommended method to allow a firewall builder user to verify if any
of the iptables updates affected the currently installed firewall builder script?

Thanks much.
Armz

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Vadim Kurland - 2011-07-19

I can not offer any kind of formalized method to do this. I guess you need to test generated firewall script and see if anything breaks. Iptables developers usually do not introduce changes that are not backwards-compatible so I would expect things to just work.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Armz - 2011-07-20

Thanks Vkurland.

If I do a "nmap -sS 192.168.1.1" and an "nmap -sU 192.168.1.1" scan and it produces the same results as before the iptables update, would that be enough of a test for a success in your opinion ?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Vadim Kurland - 2011-07-20

Tests like that are useful but not complete. These simple port scans do not test complex protocols that involve more than one connection and they test only from one side of the firewall.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Armz - 2011-07-20

Thanks for your feedback Vkurland…
Would it be possible for you to recommend a more thorough test method ?

Regards,
Armz

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.