Solved

IPTABLES Custom list (-L)

Posted on 2007-04-04
5
275 Views
Last Modified: 2011-04-14
Hi, I was wondering if there is way to customize the output of the IPTABLES -L to certain format. So for example it list the results in the format of  SIP/SMash, DIP/DMask, Protocol, Action.

If maybe someone can tell me how tokenize the IPTABLES -L output that would help too.

Thanks,

Zenrov
0
Comment
Question by:haszan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 18854771
There is very usefull script 'iptables-save' that prints everything in a common format. Also it's output may be used ny 'iptables-restore' to restore firewall configuration.
0
 
LVL 27

Expert Comment

by:Nopius
ID: 18854781
Oops, that's not a script, that's a binary, but it is standard and comes with any Linux :-)
0
 
LVL 1

Author Comment

by:haszan
ID: 18862979
Thank Nopius, that still doesn't really answer my question...My question is really how to customize format of the printed rulesets, I want the rules to be printed out in a certain format, and not the common format.
0
 
LVL 27

Expert Comment

by:Nopius
ID: 18863164
Yes, I didn't answer your question, but I suppose you will use iptables-save instead of iptables -L. It's output can be easily parsed. Did you test it?

Suppose my output of iptables-save:
...
:OUTPUT ACCEPT [16267792:2558906548]
-A INPUT -s 1.1.1.0/255.255.255.0 -d 2.2.2.2 -p tcp -m tcp --sport 25 -j ACCEPT
...

What is after -s is your SIP/SMASK
What is after -d is a DIP/DMASK, if no mask, then /32
-p tcp -m tcp  --sport is a Protocol SMTP (You can match --sport --dport numeric value with /etc/services to get a string)
-j ACCEPT means ACTION.

Parsing of iptables -L output also can be done, but more difficult since, parameters are positional and not well structured, other parameters (such as -i or -o) are skipped:
target     prot opt source               destination
ACCEPT     tcp  --  1.1.1.0/24           2.2.2.2             tcp spt:smtp

You can assume that field 1 is an Action, field 4 is a SIP/SMASK, field 5  is DIP/DMASK and everything after spt: or dpt: is your Protocol (but when both, you don't know which one).
Rules for each chain goes after "Chain XXX" and one line skipped until empty line.
What else do you like to know about how to parse this output?
0
 
LVL 1

Author Comment

by:haszan
ID: 18881429
Thank you for the info.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question