// tool reference · Network & Firewall
Firewall Rule Analyzer Free
Audit iptables / UFW / Cisco ACL / security-group rules for risky openings and get fixes.
What it does
Audits a firewall ruleset for openings that expose services to the internet. It parses iptables, UFW, Cisco ACL and cloud security-group syntax, resolves each rule to a service, and ranks what an attacker would reach first. Everything is evaluated in memory — no ruleset is transmitted anywhere or retained.
When to use it
- Before exposing a host, to see what the rules actually permit rather than what you intended.
- After inheriting infrastructure, to inventory what is already open.
- During a review, to produce a defensible list of risky rules with fixes.
Inputs
Field names are the actual form parameters, verified against source.
| Field | Type | Required | Notes |
|---|---|---|---|
| rules | textarea | required | The ruleset. iptables-save, UFW status, Cisco ACL or a security-group export. |
| action | hidden | optional | Set by the form. |
What you get back
Per-rule findings with severity, the service inferred from the port, why it matters, and a concrete replacement rule.
Worked example
Input
-A INPUT -p tcp --dport 22 -s 0.0.0.0/0 -j ACCEPT -A INPUT -p tcp --dport 3306 -s 0.0.0.0/0 -j ACCEPT -A INPUT -p tcp --dport 6379 -s 0.0.0.0/0 -j ACCEPT
Output (abridged)
HIGH 22/tcp SSH open to 0.0.0.0/0
→ restrict source to your admin CIDR; prefer key auth + fail2ban.
CRITICAL 3306/tcp MySQL open to 0.0.0.0/0
→ databases must never face the internet. Bind 127.0.0.1 or restrict CIDR.
CRITICAL 6379/tcp Redis open to 0.0.0.0/0
→ Redis is unauthenticated by default. Bind 127.0.0.1, set requirepass.
How it works
Fully deterministic — a parser plus a service/risk table. No AI call, so it is free, instant, and gives identical output for identical input. For an AI narrative over the same data, use the AI Firewall & Exposure Auditor.
Privacy
Nothing is stored. The ruleset is parsed in memory and discarded when the response is sent.
Standards
CIS BenchmarksNIST CSF (PR.AC-5)