Projects / ITVal


ITVal is a decision-diagram based query engine for testing and verifying iptables firewalls. Because firewalls can be very complicated, it is often difficult to know whether your firewall is correctly configured to protect against various attacks. ITVal allows the system administrator to quickly and easily verify that the firewall setup satisfies a set of security properties expressed as queries. Queries are specified in a simple English-like language that is very easy to use. Advanced firewall techniques, such as NAT and stateful filtering, are supported.

Operating Systems

Recent releases

  •  05 Feb 2007 04:31

    Release Notes: Released with .rpm and .ebuild files.

    •  02 Feb 2007 09:57

      Release Notes: This version is a pre-release of ITVal 1.0. It is intended primarily for last minute beta-testing. True/False assertions can be used for testing in addition to the query interface. Witnesses and counter-examples can be generated for easier debugging and repair. The output of the equivalence class queries has been significantly improved and made more readable.

      •  25 May 2006 09:18

        Release Notes: This version introduced a new type of query called "CLASSES" that partitions the set of all IP addresses into groups according to how the firewall treats each host with that address. Some bugs were fixed and support for address ranges both in queries and in group/service definitions was added.

        •  17 Nov 2005 01:30

          No changes have been submitted for this release.


          Project Spotlight


          A Fluent OpenStack client API for Java.


          Project Spotlight

          TurnKey TWiki Appliance

          A TWiki appliance that is easy to use and lightweight.