Command-line utility to test fwmark in ip rule / ip route?

ip iptables iproute2 testing

You can use the mark option in the 'ip route get' command. Also you can specify source-address and input and output intefaces in this command.

Examples:

ip route get 8.8.8.8 mark 0x20 - check the route of marked packets to 8.8.8.8 address.

ip route get 8.8.8.8 from 192.168.0.200 iif eth1 - check the route of forwarded packets from 192.168.0.200 host received through eth1 interface. In this case you should specify iif if the 'from' address isn't on this host (not local).

ip route get 8.8.8.8 from 192.168.0.100 iif eth1 mark 0x30 - like previous example, but with the mark specifying.

To test the path of packets through the netfilter rule set you can use the TRACE target and scapy to construct desired packets.


The technical name for the tooling you're looking for is a "packet crafter"

Specific product recommendations are off-topic for ServerFault but one such list with alternative tools to their own nping is maintained by the nmap project and can be found on http://SecTools.org/tag/packet-crafters/ and another is on Wikipedia.

Related

Pod keeps restarting and is in a CrashLoopBackOff state
CentOS 7 Generic Cloud login?
When using docker containers, is a docker hub account necessary?
HAProxy 1.7 Statistics Setup
find the client responsible for the schannel ldap error
Two Ubuntu VM types on AWS - what's the difference?
How to add new persistent disk without rebooting the server?
Entering local admin username and password in a script
Simple solution to get notification when certain events appear in Windows logs [closed]
What triggers the usage of the negative time to live DNS SOA record value?
Does order of lines matter in Nginx?
Does a raid controller use cache in JBOD mode?