How to test a Firewall

Dustin Kirkland dustin.kirkland at
Wed Feb 20 20:44:48 UTC 2008

On Wed, Feb 20, 2008 at 2:22 PM, ml at <ml at> wrote:
>  we have set up a firewall and would like to test the setup.
>  Its not as simple as nust running a portscanner against it because you
>  need to have services listen behind the required services.
>  I am looking for some server-client tool where i can set up a config to
>  open up tcp and udp services on multiple port and port ranges.

I won't claim that this is the best way to solve this problem, but in
the past, I've test my firewall using ssh.  It's trivial to run an
sshd server on any port.

# seq 1 1000 | xargs -i /usr/sbin/sshd -p {}

That'll start 1000 ssh processes, listening on every port 1 through
1000 inclusive.

When you're done:

# killall sshd
# /etc/init.d/ssh restart

That'll get your server end going.  On the client side, just try
ssh'ing to each of those ports in a shell script loop.  Alternatively,
you could use a port scanner or telnet.

That should take care of the TCP side.  For UDP, you could use a
similarly simple UDP service as well.


More information about the ubuntu-server mailing list