anyway I don’t think that many security advisor’s do firewall testing, this kind of tool can be useful to people that test new firewalls on the market, to see how well they work under different circumstances …

From the manpage:

The firewall test suite fwtest is a security auditing tool made up of
two parts: the test control application fwtest and optionally one or
two helper processes named fwagent. The test control application
fwtest(1) starts up the python(1) interpreter with the given test
script. The test script controls the packet data flow between two vir?
tual interfaces A and B. For this purpose the python interpreter is
extended by commands which support the construction and transfer of
arbitrary IP-packets. In this way it is possible to stimulate a fire?
wall (or other relaying network nodes) connected between the interfaces
A and B.
According to the interface-spec the virtual interfaces A and B are
mapped on given physical interfaces on the same host the fwtest is run?
ning or to an interface on a remote host which runs the application
fwagent. For the remote access the fwtest establishes a control TLS-
protected connection to the fwagent on the specified host. You may use
a ca structure or a fingerprint file to authenticate the peer. The
shell script keymager.sh is distributed with this software to help you
generate the necessary keys for both (ca structure and fingerprint)
variants. For both variants (one or two fwagents) the interfaces needs
to be controlled by fwtest and fwagent on the link level. This is
achieved by use of the berkely packet filter library pcap(3) for read?
ing and The Network Library libnet(3) for writing of packets.

It surely is wort a check, though it’s a bit complicated in the beginning. Unfortunately the only documentation at the moment are the manpages. Optionally “read the source luke”

Homepage

Actually name of the tool is also very interesting…