NeoShield Security logo NeoShield Security Quantum X

// tool reference · Network & Firewall

Firewall Rule Analyzer Free

Audit iptables / UFW / Cisco ACL / security-group rules for risky openings and get fixes.

Open Firewall Rule Analyzer →


What it does

Audits a firewall ruleset for openings that expose services to the internet. It parses iptables, UFW, Cisco ACL and cloud security-group syntax, resolves each rule to a service, and ranks what an attacker would reach first. Everything is evaluated in memory — no ruleset is transmitted anywhere or retained.

When to use it

Inputs

Field names are the actual form parameters, verified against source.

FieldTypeRequiredNotes
rules textarea required The ruleset. iptables-save, UFW status, Cisco ACL or a security-group export.
action hidden optional Set by the form.

What you get back

Per-rule findings with severity, the service inferred from the port, why it matters, and a concrete replacement rule.

Worked example

Input

-A INPUT -p tcp --dport 22   -s 0.0.0.0/0 -j ACCEPT
-A INPUT -p tcp --dport 3306 -s 0.0.0.0/0 -j ACCEPT
-A INPUT -p tcp --dport 6379 -s 0.0.0.0/0 -j ACCEPT

Output (abridged)

HIGH      22/tcp SSH open to 0.0.0.0/0
          → restrict source to your admin CIDR; prefer key auth + fail2ban.

CRITICAL  3306/tcp MySQL open to 0.0.0.0/0
          → databases must never face the internet. Bind 127.0.0.1 or restrict CIDR.

CRITICAL  6379/tcp Redis open to 0.0.0.0/0
          → Redis is unauthenticated by default. Bind 127.0.0.1, set requirepass.

How it works

Fully deterministic — a parser plus a service/risk table. No AI call, so it is free, instant, and gives identical output for identical input. For an AI narrative over the same data, use the AI Firewall & Exposure Auditor.

Privacy

Nothing is stored. The ruleset is parsed in memory and discarded when the response is sent.

Standards

CIS BenchmarksNIST CSF (PR.AC-5)

Related tools

← All tools Manual home