On the Cerner Engineering blog:

http://engineering.cerner.com/blog/identifying-network-acl-issues-with-chef-locally/