H.3. Firewalling commands

H.3.1. Check access to services

check access <IPAddr> [table=<routetable>]

Reports access control checks for a source address to various internal services. This is separate from any firewalling.

H.3.2. Check firewall logic

check firewall source-ip=<IPAddr> target-ip=<IPAddr>
protocol=<unsignedByte> [source-port=<unsignedShort>]
[target-port=<unsignedShort>] [source-route-ip=<IPAddr>]
[table=<routetable>] [evil=<boolean>] [cug=<unsignedShort>]

Allows a detailed check of rule-sets and rules. This reports the rule-sets and rules that matched and the actions taken.