ITVal is an open source utility for testing, and debugging iptables firewall policies. It can detect many different kinds of errors, such as typos, out-of-order rules, faulty understanding of the firewall, or poor assumptions about the policy logic.
ITVal can also generate a "policy map" that illustrates how the firewall treats various groups of hosts on the network. This grouping is automatically calculated from the policy and can make it very easy to spot anomalies in the policy.
Current development on ITVal focuses on ways to partially automate repair of the policy.
These details are provided for information only. No information here is legal advice and should not be used as such.