Linux IPTables Firewall Emulator/Analyzer (LIFE)
Venkat Nandam, Graduate Candidate, Masters in Information Technology and Management
Bill Lidinsky, Alva C. Todd Professor and Assistant Director of Information Technology and Management
LIFE, working with rules dumped from an IPtables firewall using the iptables-save utility, aids IPtables firewall administrators in analyzing and debugging firewalls.
LIFE is a GUI-based tool designed to analyze and debug IPtables firewalls. LIFE provides the look and feel of a high level language debugger with a clean and easy user interface. Like a programming language debugger, it is also designed to work in “single-step” mode where the rules are applied to the packet one at a time. This single-step mode can help the user clearly see how a packet traverses various legs of the Linux network stack.
It is designed to work off-line to generate a detailed report about which rules in the firewall will apply to a specified packet, in what sequence, and how those rules will affect the packet. The generated report also shows which parameters of the packet matched parameters of the firewall rules, and which ones did not. LIFE is also designed to emulate the state-full nature of the IPtables firewall making it a powerful debugger. It is capable of understanding and analyzing complex firewall rules involving NAT’ing, logging, TCP flags, ICMP types, etc.
The project was presented at the Computer and Network Security Workshop on April 7, 2005 and to the Institute of Electrical and Electronics Engineers (IEEE) on May 12, 2005 as part of an IEEE student colloquium.