Network Security
π₯ Firewall Rule Analyzer
Paste iptables or nftables rules to detect misconfigurations, dangerous policies, shadowed rules, and ordering issues. 100% client-side β your rules never leave the browser.
β οΈ Findings
π Parsed Rules
| # | Chain | Target | Proto | Source | Dest | Port(s) | Flags |
|---|
π Common Firewall Misconfigurations
| Issue | Risk | Recommendation |
|---|---|---|
| Default ACCEPT policy | Critical | Change to DROP/REJECT; explicitly allow only needed traffic |
| Any-to-any rule (0.0.0.0/0 β 0.0.0.0/0) | Critical | Replace with specific source/destination CIDRs |
| Admin ports open to internet (22, 3389, 5900) | High | Restrict to management IPs or use a VPN jump host |
| Database ports exposed (3306, 5432, 27017) | High | Allow only from application tier subnets |
| Shadowed rules (rule never reached) | Medium | Reorder rules; more specific rules must precede general ones |
| No logging rule before DROP | Low | Add LOG target before final DROP to capture denied traffic |