26 March 2010 | 8,460 views

Flint – Web-based Firewall Rule Scanner

Cyber Raptors Hunting Your Data?

Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can:

  • CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic.
  • ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules
  • SANITY CHECK CHANGES to see if new rules create problems.

Flint is absolutely free. There’s no catch. You can download the source from the git repository. This isn’t the “play at home” version; it’s their second product, and they want to do it open source.

Why You Need Flint

You have multiple firewalls protecting internal networks from the Internet and controlling access to customer data. Your business changes, and so do your firewalls, and not always at the same time. Firewalls can get out of step with policies.

Everybody makes mistakes. To understand a firewall configuration, you have to read hundreds of configuration lines, and then you have to think like a firewall does. People aren’t good at thinking like firewalls. So most firewalls are riddled with subtle mistakes. Some of those mistakes can be expensive:

  • INSECURE SERVICES might be allowed through the firewall, preventing it from blocking attacks.
  • LAX CONTROLS ON DMZs may expose staging and test servers.
  • FIREWALL MANAGEMENT PORTS may be exposed to untrusted networks.
  • REDUNDANT FIREWALL RULES may be complicating your configuration and slowing you down.

You can download Flint here:

VMWare Virtual Machine – FlintVM-current.zip
OVF Virtual Machine – FlintVM-current.ovf.zip
Source – flint-current.tgz

Or read more here.


Recent in Countermeasures:
- Tiger – Unix Security Audit & Intrusion Detection Tool
- Egress-Assess – Test Network Egress Data Detection
- Just-Metadata – Gathers & Analyse IP Address Metadata

Related Posts:
- Dr. Morena – Firewall Configuration Testing Tool
- FWAuto v1.1 – Firewall Auditing & Ruleset Analyzer Tool
- FTester – Firewall Tester and IDS Testing tool

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,684 views
- Password Hasher Firefox Extension - 117,431 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,630 views

Low-cost VPS Hosting

One Response to “Flint – Web-based Firewall Rule Scanner”

  1. Winter 30 March 2010 at 6:04 pm Permalink

    FlintVM-current.ovf.zip doesn’t appear to be a ovf file and doesn’t appear to have a ovf file in the archive.

    Am I missing something?