Flint is the Open Source / free Firewall auditing software
Click image to enlarge
Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems, so you can:
save time
Clean up rusty configurations that are crudded up with rules that can't match traffic.
spot flaws
Eradicate latent security problems lurking in overly-permissive rules.
stay sane
Sanity check changes to see if new rules create problems.
people suck at thinking like firewalls