iptperl-general

[Iptperl-general] New to IPTables::IPv4 module...

[Bill <per...@ga...>]

Greetings,

I'm attempting to write a few test scripts to read in a set of iptable rules
that have been generated by fwbuilder (www.fwbuilder.org).  When I list the
rules generated by fwbuilder that's currently active on my box, I get a
listing of various tables.

What i'd like to do is to enumerate the tables and list the various chains
contained in each table.  For example, my system (at the moment) has the
following table/chain setup:

FILTER
  - INPUT
  - FORWARD
  - OUTPUT
  - Cid3FBAE099.0
  - Cid3FBAE099.1
  - Cid4006029E.0
  - Cid4006029E.1
  - Cid4006029E.2
  - RULE_0
  - RULE_1
  - RULE_2
  - RULE_3
  - RULE_4
  - RULE_5
  - RULE_6
  - RULE_7
  - RULE_8
  - eth0_In_RULE_0
  - wireless_In_RULE_0
  - wireless_out_RULE_0

The other tables have the built in chains.

Is there any way to list the following for each rule:
  source_ip source_port destination_ip destination_port
action[permit|deny|drop] log pcnt bcnt


Thanks in advance,

-=-Bill-=-

Re: [Iptperl-general] New to IPTables::IPv4 module...

[Jordan H. <jo...@mj...>]

On Tue, 2004-09-14 at 21:13, Bill wrote:
> Greetings,
> 
> I'm attempting to write a few test scripts to read in a set of iptable rules
> that have been generated by fwbuilder (www.fwbuilder.org).  When I list the

Yes, that is a quick way to start seeing how to manage a particular
problem.

> rules generated by fwbuilder that's currently active on my box, I get a
> listing of various tables.

In order to start you can dump the hash tree generated by
$IPTables::IPv4 using the Config::General module in the perl debugger.
But watch out, reading in the data again may come out with a different
tree as degenerated arrays are usually collapsed to a scalar.

I wrote a simple parser to cope with this problem - you can have the
framework it if you like (but there is also some other stuff in like
module initialisation, /proc/sys/net configuration settings and the
template toolkit acting as a preprocessor).

> 
> What i'd like to do is to enumerate the tables and list the various chains
> contained in each table.  For example, my system (at the moment) has the
> following table/chain setup:
[snip]

... will be off until Friday
jordan