Devin Prasad ← Tools

Security · Firewall

Firewall Rule Analyzer

Paste a rule set — iptables, a Cisco extended ACL, or AWS Security Group JSON — and the tool normalizes every rule and flags the problems: shadowed and unreachable rules, redundant rules, and over-permissive rules that open SSH, RDP, or a database to the whole internet. Format is auto-detected.

→ Common Ports Reference → Subnet Calculator → CIA Triad Reference
Everything is parsed in your browser — nothing is uploaded.
No rules analyzed yet. Paste a rule set above or load a sample.
Normalized rules

How it reads the rules: iptables chains and Cisco ACLs are evaluated top-down, first-match — so a broad rule above a narrower one can make the narrow one shadowed (dead code) or redundant. AWS Security Groups are an unordered allow-set with no first-match ordering, so they are checked for over-permissive and redundant entries only. The analyzer reasons about each rule's address, protocol, and port ranges; it does not resolve hostnames, interface names, or Security Group references, so rules that depend on those are reported but not cross-compared. It is a second pair of eyes, not a substitute for review.