ipsim
A library and CLI tool to simulate iptables operations for a packet visualize the packet's path through tables, chains, rules, and explain why a packet was accepted or dropped.
Description
ipsim takes an iptables-save ruleset and a packet description, simulates exactly how iptables would process that packet, and finds the reason why a packet was accepted/dropped. The result is an object which describes the packet's path traversal through tables, chain, rules. This object can be visualized as a graph.
It is useful for debugging complex firewall rule-sets, and auditing security policies without needing to send real traffic or touch a live system.
The core of the project is a library with a clean API, paired with a CLI for quick use from the terminal.
Issues & PRs Board
No issues or pull requests added.