Has anyone built a iptables analyzer? I am thinking writing one, but I don't want to reinvent what might already exist. I have in mind something that tries all "interesting" (as gleaned from the rules themselves) combinations of IP addresses, protocols, ports, etc., simulates the ruleset and says what happens. The result would be displayed in table form. One could test the equivalence of two iptables specifications by analyzing them and comparing the output (useful for seeing if an "optmization" is correct).
