Solved

IPTABLES Custom list (-L)

Posted on 2007-04-04
5
268 Views
Last Modified: 2011-04-14
Hi, I was wondering if there is way to customize the output of the IPTABLES -L to certain format. So for example it list the results in the format of  SIP/SMash, DIP/DMask, Protocol, Action.

If maybe someone can tell me how tokenize the IPTABLES -L output that would help too.

Thanks,

Zenrov
0
Comment
Question by:haszan
  • 3
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 18854771
There is very usefull script 'iptables-save' that prints everything in a common format. Also it's output may be used ny 'iptables-restore' to restore firewall configuration.
0
 
LVL 27

Expert Comment

by:Nopius
ID: 18854781
Oops, that's not a script, that's a binary, but it is standard and comes with any Linux :-)
0
 
LVL 1

Author Comment

by:haszan
ID: 18862979
Thank Nopius, that still doesn't really answer my question...My question is really how to customize format of the printed rulesets, I want the rules to be printed out in a certain format, and not the common format.
0
 
LVL 27

Expert Comment

by:Nopius
ID: 18863164
Yes, I didn't answer your question, but I suppose you will use iptables-save instead of iptables -L. It's output can be easily parsed. Did you test it?

Suppose my output of iptables-save:
...
:OUTPUT ACCEPT [16267792:2558906548]
-A INPUT -s 1.1.1.0/255.255.255.0 -d 2.2.2.2 -p tcp -m tcp --sport 25 -j ACCEPT
...

What is after -s is your SIP/SMASK
What is after -d is a DIP/DMASK, if no mask, then /32
-p tcp -m tcp  --sport is a Protocol SMTP (You can match --sport --dport numeric value with /etc/services to get a string)
-j ACCEPT means ACTION.

Parsing of iptables -L output also can be done, but more difficult since, parameters are positional and not well structured, other parameters (such as -i or -o) are skipped:
target     prot opt source               destination
ACCEPT     tcp  --  1.1.1.0/24           2.2.2.2             tcp spt:smtp

You can assume that field 1 is an Action, field 4 is a SIP/SMASK, field 5  is DIP/DMASK and everything after spt: or dpt: is your Protocol (but when both, you don't know which one).
Rules for each chain goes after "Chain XXX" and one line skipped until empty line.
What else do you like to know about how to parse this output?
0
 
LVL 1

Author Comment

by:haszan
ID: 18881429
Thank you for the info.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now