Test Firewall Rules

Oracle Professionals are sometimes required to apply for firewall access within a company to ensure connectivity to required services. As an example, a DBA may need to create database links to other databases or open ports to the RMAN Catalog and OEM Repository. Such request can vary from just a couple of lines to hundreds of rules that must be applied to various firewalls. This article will describe a method to automatically test access to ensure successful implementation of firewall rules on a Linux/ Unix server (tested on Solaris, but should work on all platforms that ships with the bash shell).

First, construct a CSV file with your rules. The fields are "From IP", "To IP", Port, [optional info...]

For example: fwtest.dat

10.272.126.91, 10.110.72.101, 22
10.272.126.91, 10.110.72.101, 1521

Now, create a script to test your rules (let's call it fwtest.sh):

#!/bin/bash
OK=0
NotOK=0

cat fwtest.dat |
{
  while IFS=',' read -r from to port rest; do
       echo TEST ACCESS From=$from To=$to Port=$port
       timeout 2 bash -c "</dev/tcp/${to}/${port}"
       if [ "$?" -ne 0 ]; then
          echo "Connection to $to on port $port failed"
          NotOK=$[NotOK + 1]
       else
          echo "Connection to $to on port $port succeeded"
          OK=$[OK + 1]
       fi
  done

  echo Successful = $OK
  echo Failed  = $NotOK
}

Sample output:

TEST ACCESS From=10.272.126.91 To=10.110.72.101 Port=22
Connection to 10.110.72.101 on port 22 succeeded
TEST ACCESS From=10.272.126.91 To=10.110.72.101 Port=1521
bash: connect: Connection refused
Connection to 10.110.72.101 on port 1521 failed
Successful = 1
Failed = 1