I'm sorry if this has been discussed before, but I'll ask any way.
I know that there isn't a -C (--check) option in iptables because of
stateful firewalling, but is there any method of testing one's iptables
logic?
For example-- I'm blocking a set of addresses (from port 22-25 with
IPSET); within that set I am trying to specifically allow traffic from a
subset before the block applies.
Is there any way of being able to tell how iptables is handling a
package from a particular address short of actually sending something
from said address?
Thanks,
--
Rob Carlson, Systems and Network Administrator
Kitchen & Associates Architectural Services, PA
Architecture - Planning - Interior Design
856.854.1880
