Crate firewall_audit

Expand description

Firewall Audit

Firewall Audit is a cross-platform command-line tool and for auditing firewall rules against user-defined security criteria. It helps security professionals, system administrators, and auditors automatically check firewall configurations for misconfigurations, policy violations, and best practices.

Audit firewall rules using flexible, extensible criteria (YAML/JSON)
Export audit results in HTML, JSON, CSV, or plain text
Supports Windows (full), Linux (partial), and is extensible

§Quick Start (CLI)

§Installation

cargo install firewall_audit

§Usage

Audit your firewall rules using a YAML or JSON criteria file and export the results:

firewall_audit --criteria audit_criteria.yaml --export html --output result.html

--criteria: Path to your audit criteria file (YAML or JSON)
--export: Output format (csv, html, or json). If omitted, results are printed as plain text.
--output: Output file path (optional; auto-generated if omitted)

§HTML Export Screenshot

Here is an example of the HTML report generated by firewall_audit:

Html export example

The image above shows how audit results can be viewed in a browser after exporting to HTML format.

§What Does It Do?

Loads firewall rules from the local system (Windows Firewall or Linux iptables)
Loads user-defined audit criteria (YAML or JSON)
Evaluates each firewall rule against all criteria
Reports all rules that match any problematic criteria
Exports results in your chosen format (HTML, JSON, CSV, or text)

§Example: Audit Criteria (YAML)

Below is a sample of what an audit criteria file can look like. Each rule defines a security check, its logic, and severity:

- id: block-rdp-from-anywhere
  description: Block RDP (3389) from any source (should not be open to the world)
  criteria:
    and:
      - field: local_ports
        operator: matches
        value: 3389
      - field: protocol
        operator: equals
        value: "TCP"
      - field: action
        operator: equals
        value: "Allow"
      - field: remote_addresses
        operator: contains
        value: "0.0.0.0/0"
  severity: critical

- id: block-any-rule-without-description
  description: Detect any rule without a description (should be documented)
  criteria:
    and:
      - field: description
        operator: is_null
  severity: medium

You can also use JSON for your criteria files.

For more examples, see docs/EXAMPLES.md. For a complete reference of all supported fields and operators, see docs/CRITERIA_REFERENCE.md.

§Platform Support & Limitations

Windows: Full support (uses Windows Firewall APIs; admin rights may be required)
Linux: Partial support (parses iptables rules; some fields may be missing or incomplete)
macOS: Not supported/tested
Criteria File Format: Only YAML and JSON are supported for criteria files.
Firewall Modification: This tool does not modify firewall rules; it only audits and reports.

§Support

For issues and questions:

Open an issue on GitHub
Check the documentation

§License

This project is licensed under either of

Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)

at your option.

Structs§

AuditRule: Represents a single audit rule loaded from a YAML or JSON file.
CriteriaCondition: A single condition in a criteria expression.
FirewallRule: Represents a firewall rule (cross-platform abstraction).
PlatformFirewallProvider: Linux implementation of the firewall rule provider.

Enums§

CriteriaExpr: Criteria expression (group, or, not, or condition)
CriteriaOperator: Supported operators for criteria evaluation.
FirewallAuditError: Error type for firewall_audit operations.

Traits§

FirewallRuleProvider: A trait for types that can provide firewall rules.

Functions§

audit_summary_phrase: Returns a summary phrase for the audit output for console display.
export_csv: Exports the audit results to CSV format, writing to a file if a path is provided.
export_html: Exports the audit results to HTML format, writing to a file if a path is provided.
export_json: Exports the audit results to JSON format, writing to a file if a path is provided.
export_text: Formats audit results as a human-readable text string for CLI output.
load_audit_criteria_multi: Loads and merges audit criteria from multiple YAML/JSON files.
run_audit_multi_with_criteria: Executes the audit on a list of firewall rules and audit rules, returning structured results.