# Flint -- a firewall rule analyzer

Supported firewalls:

* Cisco Pix/ASA
* IOS almost...
* IPTables soon
* Pf soon

## Installing

You will need a development environment.  On Mac OSX that means XCode.
On Ubuntu/Debian Linux is would be that `build-essentials` packages.

You will also need Ruby, along with the usual tools, rake and gem.

    rake install

## Running

    rake app

This will start a Sinatra server listening on port http://localhost:4567.  Point your browser at that.

## Developers

You will need the rspec, racc, and rdoc gems.  You can use `bundle install` to pull in those gems.  

Assuming you want to hack on the lexers, Ragel is available at: http://www.complang.org/ragel

## Project Layout

* `lib`

  Ruby code for the Flint module, as well as the support modules for
  specific firewall types.

* `app`

  The sinatra app which provides an interface to Flint.

* `checks`

  Contains all of firewall rule checks that Flint uses.  Each firewall
  has it's own subdir for example:

      checks/<firewall>/*.ftg

  Rule checks are defined in Flint Test Group files, each one defines
  a specific test group, and it's associated checks.  The
  `checks/test` subdir contains a set of dummy tests which exercise
  the UI and the Flint test result classes.

* spec

  RSpec tests for Flint.

* vendor
  
  Third party code that we depend upon.