What is ITVal?
ITVal is the IP Tables Validator, an open source query engine for detecting configuration holes in IP Tables. ITVal helps system administators better understand their firewall security policy by allowing them to ask simple questions about their system and view the answers in a simple and concise format. It is the work of Robert Marmorstein and Dr. Phil Kearns at the College of William and Mary.
How can I use ITVal?
ITVal has a simple command line interface which allows you to specify
a rule file and a query file to be processed. The rule file can be
obtained using the command
What can it do?
Currently, ITVal can process simple IPTables filtering rules on a single firewall. Work is underway to support NAT and packet mangling and to support composition of multiple firewall rulesets.
What can't it do?
ITVal is designed to work with the NetFilter firewall system in Linux 2.4 and 2.6 systems. It does not support ipfw, ipchains, or commercial firewalls such as Checkpoint FW-1.