How to use IPTABLES to simulate major network outages for testing purposes?

Greetings all,

I work with a large distributed system that makes heavy use of TCP/IP.
For example, from a command system we could expect around 900 TCP/IP
connections to remote nodes.

I would like to simulate all of those 900 TCP/IP connections dropping
at the same time. I.e., I would like RST packets to be sent to the
command system at the same time.

It has been suggested to just pull the cables to this command system
but I don't think that will suffice. The command system is a NT 4.0
box, and I believe the connections would require keep-alive timeouts
to occur before dropping. I'm more interested in a major network
event occurring.

So, I've placed a Linux firewall running Red Hat 8 in between the
command system and the rest of the world. My next step is to figure
out a way to use that system to drop all the connections for me.

Thanks all!

Christiaan Lutzer wrote:
> Greetings all,
>
> [snip]
>
> I would like to simulate all of those 900 TCP/IP connections dropping
> at the same time. I.e., I would like RST packets to be sent to the
> command system at the same time.
>
> [snip]
>
> So, I've placed a Linux firewall running Red Hat 8 in between the
> command system and the rest of the world. My next step is to figure
> out a way to use that system to drop all the connections for me.

RH stores the netfilter configuration in /etc/sysconfig/iptables.
All you need to do is edit this file (or swap in another one), then execute
/etc/init.d/iptables restart
to load the new rules.

A rule of the form
-A FORWARD -p tcp -j REJECT --reject-with tcp-reset
should do the trick, making sure you have no rule for ESTABLISHED that
precedes it.