There's a commercial product called Firewall Informer, made by Blade Software (http://www.blade-software.com/), and several open source scripts, one of which is firewall tester (http://ftester.sourceforge.net/).
> HI Folks, > Yesterday I changed the software that generates to rule sets for our > perimeter firewall, and yew, you guessed it, there was one minor > problem. The real problem was that affected an important service owned > by a noisy group so I have spent an hour or so this morning writing long > explanations. > > We had tested inbound access of the new rule sets in the lab by simply > hanging a PC on the outside of the bridge with the inside connected to > the general network and then worked though all the important services > and made sure they were visible. > > Testing outbound access is more difficult and we did not do this > extensively and were bitten because we managed to loose the rules that > allowed one of our proxy servers out. > > Does anyone know of any software that will forge packets (SYNs and UDP > should be enough) for a list of IPs and ports that I can use for testing > in future. > > I am sure that I can cobble something together using perl and one of the > packet assembling kits and I will do so if I need to, but I hate > reinventing the wheel. > > Anyone think of any problems with this approach? > > Russell