Don't fix bad
firewall rules.
Fix the request
that created them.

Shift-Left firewall request validation.
Free. Private. No signup required.

Launch App Quick Start
netbobr app showing firewall rule validation with risk scores and compliance findings

The Problem

Firewall requests fail review because nobody checks them first.

These land in your approval queue every day. Sound familiar?

0.0.0.0/0 → ANY / TCP ANY
"Just open everything for now, we'll tighten it in production." Spoiler: they never do.
FTP to a public database
"We need to transfer files to the DB server." Plaintext credentials over the internet. PCI violation on arrival.
No zone segmentation
"We don't have network zones yet." Flat network, no blast radius containment, auditor's worst nightmare.
Compliance finding post-deploy
"Nobody told me about NIST 800-53." The rule went live, the audit found it, now it's a P1 remediation ticket.

How It Works

Three steps. Zero ambiguity.

1
Describe the flow
Enter source, destination, protocol, and port. Or upload a CSV, Terraform plan, or cloud config.
2
Get instant findings
Risk score (0-100), compliance violations across 6 frameworks, zone policy verdicts, and actionable remediation.
3
Fix before you submit
Tighten the scope, switch protocols, add segmentation. Submit a clean request the first time.
0
Rules
0
Frameworks
0
Cloud Formats
0
Data Collected

CLI

Add to your CI/CD pipeline.

Fail builds on high-risk firewall requests. Shift left from the terminal.

Install from npm and validate firewall rules in any pipeline. Supports JSON, CSV, SARIF, table, and PDF output. Auto-detects AWS Security Groups, Azure NSG, Kubernetes NetworkPolicy, and Terraform plans.

View on npm
GitHub Actions Azure DevOps GitLab CI Jenkins SARIF
$ npx @netbobr/cli analyze \ --src 10.0.0.0/8 --dst 203.0.113.5 \ --proto tcp --port 22 Risk: High (68/100) PCI-DSS: 3 findings | NIST: 2 findings Remediation: Restrict source to /24 or narrower $ terraform show -json tfplan | \ npx @netbobr/cli analyze - --cloud-format tf-plan \ --fail-on high --output sarif

Compliance

Six frameworks. One analysis.

Every flow is checked against all enabled frameworks simultaneously. No separate scans, no context switching.

PCI-DSS
v4.0.1
Insecure protocols, network segmentation, database exposure, remote access, and cardholder data environment controls.
35 rules
CIS Controls
v8 (IG1-IG3)
Overly permissive rules, service exposure, administrative access, DNS policy, and implementation group tiering.
22 rules
NIST SP 800-53
Rev. 5
Information flow enforcement, least functionality, encrypted tunnel visibility, remote access, and baseline mapping.
22 rules
NIS2 Directive
2022/2555
Network segmentation, ICS/SCADA isolation, supply chain security, and incident reporting readiness for essential entities.
20 rules
DORA
2022/2554
Financial sector ICT risk management, third-party oversight, infrastructure resilience, and digital operational testing.
18 rules
MITRE ATT&CK
v18.1
Initial Access, Command & Control, Lateral Movement, Exfiltration, and Discovery tactic detection with technique mapping.
25 rules

Also Supports

CSV AWS Security Groups Azure NSG Kubernetes NetworkPolicy Terraform

Stop fixing requests after submission.
Fix them before.

Launch App Install CLI
Frequently Asked Questions
Who is netbobr for?
Infrastructure, network, and application teams who submit firewall change requests - and the security teams who review them. Use it to catch rule violations, overly broad scoping, and compliance gaps before the request reaches the approval queue.
Who is it NOT for?
netbobr is a pre-submission validator, not a firewall management platform. It does not connect to live firewalls, push rules, or replace your change management workflow. If you need to manage rulesets or deploy configurations, look at your firewall vendor tooling.
How does it work?
Enter a source, destination, port, and protocol. netbobr runs the flow against 154 built-in rules across 6 compliance frameworks and returns a composite risk score with specific findings. Everything runs in your browser - no data is sent anywhere.
Want a walkthrough? See How to Use →