Solved

IPTABLES Custom list (-L)

Posted on 2007-04-04
5
274 Views
Last Modified: 2011-04-14
Hi, I was wondering if there is way to customize the output of the IPTABLES -L to certain format. So for example it list the results in the format of  SIP/SMash, DIP/DMask, Protocol, Action.

If maybe someone can tell me how tokenize the IPTABLES -L output that would help too.

Thanks,

Zenrov
0
Comment
Question by:haszan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 18854771
There is very usefull script 'iptables-save' that prints everything in a common format. Also it's output may be used ny 'iptables-restore' to restore firewall configuration.
0
 
LVL 27

Expert Comment

by:Nopius
ID: 18854781
Oops, that's not a script, that's a binary, but it is standard and comes with any Linux :-)
0
 
LVL 1

Author Comment

by:haszan
ID: 18862979
Thank Nopius, that still doesn't really answer my question...My question is really how to customize format of the printed rulesets, I want the rules to be printed out in a certain format, and not the common format.
0
 
LVL 27

Expert Comment

by:Nopius
ID: 18863164
Yes, I didn't answer your question, but I suppose you will use iptables-save instead of iptables -L. It's output can be easily parsed. Did you test it?

Suppose my output of iptables-save:
...
:OUTPUT ACCEPT [16267792:2558906548]
-A INPUT -s 1.1.1.0/255.255.255.0 -d 2.2.2.2 -p tcp -m tcp --sport 25 -j ACCEPT
...

What is after -s is your SIP/SMASK
What is after -d is a DIP/DMASK, if no mask, then /32
-p tcp -m tcp  --sport is a Protocol SMTP (You can match --sport --dport numeric value with /etc/services to get a string)
-j ACCEPT means ACTION.

Parsing of iptables -L output also can be done, but more difficult since, parameters are positional and not well structured, other parameters (such as -i or -o) are skipped:
target     prot opt source               destination
ACCEPT     tcp  --  1.1.1.0/24           2.2.2.2             tcp spt:smtp

You can assume that field 1 is an Action, field 4 is a SIP/SMASK, field 5  is DIP/DMASK and everything after spt: or dpt: is your Protocol (but when both, you don't know which one).
Rules for each chain goes after "Chain XXX" and one line skipped until empty line.
What else do you like to know about how to parse this output?
0
 
LVL 1

Author Comment

by:haszan
ID: 18881429
Thank you for the info.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question