FTester is a software tool used for firewall testing to determine filtering policies and to check for intrusions in the system. It is built to improvise the security of the system by identifying and blocking any unwanted source of a network.
The software logs all the packets that were unable to reach the sniffer due to filtering rules, and these logs can be compared to identify inconsistencies in firewall configurations. The logs generated by ftest and ftestd are written in the same format that facilitates easy comparison using a diff tool.
Apart from the above core features, the software also comes with support for stateful inspection firewalls, which use a connection tracking mechanism to identify packets that belong to an established connection. This is achieved using the 'connection spoofing' option. In addition to this, the software supports the use of snort rule definition files instead of configuration files, making it more versatile.
The IDS testing feature can be used in conjunction with both ftest and ftestd. The software supports the use of common IDS evasion techniques, making it more robust against sophisticated attacks.
One of the strengths of this software is its flexibility. The configuration file, ftest.conf, can be customized for every unique situation. The software comes with examples and rules to get you started. Automatic log reporting is also possible using the freport script.
The software requires the following perl modules: Net::RawIP, Net::PcapUtils, and NetPacket. Installation is straightforward and can be completed quickly.
Overall, FirewallTester is a powerful tool for testing firewalls and IDSs, and it is an excellent alternative to doing this manually with packet-crafting tools and tcpdump. The latest release of this software has added features such as the marker feature for running multiple ftest/ftestd instances, proper lookup of configuration directives, and a fix for the IP ID field logging bug when the maximum value is reached.
Version 1.0: N/A