Hi,
I have run the ipfire wall over years now and have add rules over the time.
Last week, I have moved to new Hardware and to the actual 64Bit Version.
But how can I test, if my Firewall is working as expected?
How to be sure that all the functions are working and I do not have configure a leak ?
Is there a good test plan existing how to work like a intruder ?
How to be sure that all the functions are working and I do not have configure a leak ?
for each firewall rule you have configured, you could test if a connection matching that rule is processed properly, i. e. dropped, rejected or allowed. This is somewhat time-consuming, but would suffice your need.
Is there a good test plan existing how to work like a intruder ?
To me, this is a different approach: An attacker needs to find one hole, no matter which. This is not necessarily limited to packet filters and could, for example, include exploiting client-side vulnerabilities as well.
I recommend reading some books on penetration testing - it is a complex topic, and simple scans using tools like nmap are not always enough albeit they provide some important information for baselining security of your network.