Crate firewall_audit

Expand description

Firewall Audit

Firewall Audit is a cross-platform command-line tool and for auditing firewall rules against user-defined security criteria. It helps security professionals, system administrators, and auditors automatically check firewall configurations for misconfigurations, policy violations, and best practices.

Audit firewall rules using flexible, extensible criteria (YAML/JSON)
Export audit results in HTML, JSON, CSV, or plain text
Supports Windows (full), Linux (partial), and is extensible

§Quick Start (CLI)

§Installation

cargo install firewall_audit

§Usage

Audit your firewall rules using a YAML or JSON criteria file and export the results:

firewall_audit --export html

firewall_audit --criteria audit_criteria.yaml --export html --output result.html

firewall_audit -c audit_criteria.yaml -e html -o result.html

--criteria / -c: Path to your audit criteria file (YAML or JSON). Optional; if not provided, a default criteria file will be used.
--export / -e: Output format (csv, html, json, or stdout default: stdout)
--output / -o: Output file path (optional; auto-generated if omitted)
--quiet / -q: Do not print anything to stdout

§HTML Export Screenshot

Here is an example of the HTML report generated by firewall_audit:

Html export example

The image above shows how audit results can be viewed in a browser after exporting to HTML format.

§What Does It Do?

Loads firewall rules from the local system (Windows Firewall or Linux iptables)
Loads user-defined audit criteria (YAML or JSON)
Evaluates each firewall rule against all criteria
Reports all rules that match any problematic criteria
Exports results in your chosen format (HTML, JSON, CSV, or text)

§Example: Audit Criteria (YAML)

Below is a sample of what an audit criteria file can look like. Each rule defines a security check, its logic, and severity:

- id: block-rdp-from-anywhere
  description: Block RDP (3389) from any source (should not be open to the world)
  criteria:
    and:
      - field: local_ports
        operator: matches
        value: 3389
      - field: protocol
        operator: equals
        value: "TCP"
      - field: action
        operator: equals
        value: "Allow"
      - field: remote_addresses
        operator: contains
        value: "0.0.0.0/0"
  severity: critical

- id: block-any-rule-without-description
  description: Detect any rule without a description (should be documented)
  criteria:
    and:
      - field: description
        operator: is_null
  severity: medium

You can also use JSON for your criteria files.

For more examples, see docs/EXAMPLES.md. For a complete reference of all supported fields and operators, see docs/CRITERIA_REFERENCE.md.

§Platform Support & Limitations

Windows: Full support (uses Windows Firewall APIs; admin rights may be required)
Linux: Partial support (parses iptables rules; some fields may be missing or incomplete)
macOS: Not supported/tested
Criteria File Format: Only YAML and JSON are supported for criteria files.
Firewall Modification: This tool does not modify firewall rules; it only audits and reports.

§Support

For issues and questions:

Open an issue on GitHub
Check the documentation

§License

This project is licensed under either of

Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)

at your option.

Structs§

Args: Firewall Audit CLI arguments

Functions§

run_firewall_audit: Runs a full firewall audit based on the provided CLI arguments.