ITVal is a decision-diagram based query engine for
testing and verifying iptables firewalls. Because
firewalls can be very complicated, it is often
difficult to know whether your firewall is
correctly configured to protect against various
attacks. ITVal allows the system administrator to
quickly and easily verify that the firewall setup
satisfies a set of security properties expressed
as queries. Queries are specified in a simple
English-like language that is very easy to use.
Advanced firewall techniques, such as NAT and
stateful filtering, are supported.