ITVal is a decision-diagram based query engine for testing and verifying iptables firewalls. Because firewalls can be very complicated, it is often difficult to know whether your firewall is correctly configured to protect against various attacks. ITVal allows the system administrator to quickly and easily verify that the firewall setup satisfies a set of security properties expressed as queries. Queries are specified in a simple English-like language that is very easy to use. Advanced firewall techniques, such as NAT and stateful filtering, are supported.
|Tags||Networking Firewalls Systems Administration|
|Operating Systems||POSIX Linux Unix|
Release Notes: Released with .rpm and .ebuild files.
Release Notes: This version is a pre-release of ITVal 1.0. It is intended primarily for last minute beta-testing. True/False assertions can be used for testing in addition to the query interface. Witnesses and counter-examples can be generated for easier debugging and repair. The output of the equivalence class queries has been significantly improved and made more readable.
Release Notes: This version introduced a new type of query called "CLASSES" that partitions the set of all IP addresses into groups according to how the firewall treats each host with that address. Some bugs were fixed and support for address ranges both in queries and in group/service definitions was added.
No changes have been submitted for this release.