Advanced iptables configuration analyzer with security risk detection and chaos index calculation
Guernica is an analysis tool designed for security professionals to detect and understand changes in iptables firewall configurations.
Inspired by Picasso’s iconic painting symbolizing turmoil, Guernica reveals the hidden risks in rule modifications and quantifies their impact through a unique metric : the Chaos Index.
It turns complex differences into clear visual information, helping you spot dangerous changes in your firewall configurations before they become vulnerabilities in your information systems.
Guernica processes two iptables configuration files (.txt, .rules, or .iptables) and follows these steps :
- Load Configs – Validates baseline and modified files
- Normalize – Fixes common syntax issues
- Compare – Detects added, removed, or changed rules
- Analyze – Flags risky ports and patterns
- Calculate – Computes the Chaos Index
- Visualize – Generates charts and metrics
- Report – Outputs in terminal, HTML, or plain text
Identifies :
- Critical ports (SSH, HTTP, DNS, databases, etc.)
- Wide-open port ranges
- Permissive rules (e.g., unfiltered
INPUT/FORWARD) - Changes to connection state rules
- Suspicious source IP modifications
Organizes changes by :
- Port number (e.g., all changes affecting port 80)
- Chain type (
INPUT,OUTPUT,FORWARD) - Rule purpose (based on pattern recognition)
A 0–100 metric that quantifies disruption introduced by rule changes.
Formula :
Chaos Index = min(100, (raw_score / adaptive_max) * 100)
raw_score = (additions × 1.5) + (removals × 1.0)adaptive_max = max(50, min(200, total_lines / 2))
Additions are more heavily weighted as they potentially expand the attack surface.
| Score | Assessment | Description |
|---|---|---|
| 0–25 | Low | Minimal changes with limited security impact |
| 25–50 | Moderate | Significant changes requiring attention |
| 50–75 | High | Major reconfiguration with potential security concerns |
| 75–100 | Extreme | Complete overhaul with high security risk |
Guernica generates :
- Bar charts : Additions vs. Removals
- Chain-specific distribution charts
- Chaos Index gauge with color-coded thresholds
- Normalization : Auto-fixes common iptables syntax errors
- Validation : Confirms file format correctness
- Flexible Formats : Supports various iptables output styles
-
Basic analysis
python guernica.py --before baseline.rules --after current.rules -
Export reports
python guernica.py -b baseline.rules -a current.rules -e report.html -o report.txt -
Skip normalization
python guernica.py -b baseline.rules -a current.rules --no-normalize -
Skip charts
python guernica.py -b baseline.rules -a current.rules --no-visualization
This project is in its first version, still in beta. Over time, it aims to help network administrators better secure their firewall configurations.
Feel free to modify and use this code as you wish :)