Brussels / 3 & 4 February 2024


Testing iptables firewall rules with scapy

The challenge we were facing was to verify a firewall based on iptables according to a set of defined requirements. Included in the challenge were finding a tool to craft custom network packets, integrating the tool into the test environment and defining test cases based on the expected communication behaviors and the given firewall rules. For this it is important to know how the packet filtering in the Linux kernel is working in general. This talk will highlight how the scapy python framework works in general and how it can be used to empower developers for testing to achieve this challenge.

This talk will start with an overview about the existing network packet tools and why scapy was chosen. Next it is important to understand the basics of the netfiler in the Linux kernel and how scapy is attached to it. Once a functional overview of scapy is given, we are able to write proper test cases. We will explain detailed examples how to create ICMP, UDP and TCP packets, how to manipulate the protocol header and how to choose fitting methods for sending in specific test scenarios. To wrap this up we will provide advanced real world examples based on specific iptables firewall rules.


Photo of Michael Estner Michael Estner
Simone WeiƟ