Flint – Web-based Firewall Rule Scanner


Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can:

  • CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic.
  • ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules
  • SANITY CHECK CHANGES to see if new rules create problems.

Flint is absolutely free. There’s no catch. You can download the source from the git repository. This isn’t the “play at home” version; it’s their second product, and they want to do it open source.

Why You Need Flint

You have multiple firewalls protecting internal networks from the Internet and controlling access to customer data. Your business changes, and so do your firewalls, and not always at the same time. Firewalls can get out of step with policies.

Everybody makes mistakes. To understand a firewall configuration, you have to read hundreds of configuration lines, and then you have to think like a firewall does. People aren’t good at thinking like firewalls. So most firewalls are riddled with subtle mistakes. Some of those mistakes can be expensive:

  • INSECURE SERVICES might be allowed through the firewall, preventing it from blocking attacks.
  • LAX CONTROLS ON DMZs may expose staging and test servers.
  • FIREWALL MANAGEMENT PORTS may be exposed to untrusted networks.
  • REDUNDANT FIREWALL RULES may be complicating your configuration and slowing you down.

You can download Flint here:

VMWare Virtual Machine – FlintVM-current.zip
OVF Virtual Machine – FlintVM-current.ovf.zip
Source – flint-current.tgz

Or read more here.

Posted in: Countermeasures, Networking Hacking, Security Software

, , , ,


Latest Posts:


dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.


One Response to Flint – Web-based Firewall Rule Scanner

  1. Winter March 30, 2010 at 6:04 pm #

    FlintVM-current.ovf.zip doesn’t appear to be a ovf file and doesn’t appear to have a ovf file in the archive.

    Am I missing something?