1IPTables::Parse(3)    User Contributed Perl Documentation   IPTables::Parse(3)
2
3
4

NAME

6       IPTables::Parse - Perl extension for parsing iptables firewall rulesets
7

SYNOPSIS

9         use IPTables::Parse;
10
11         my %opts = (
12             'iptables' => '/sbin/iptables',
13             'iptout'   => '/tmp/iptables.out',
14             'ipterr'   => '/tmp/iptables.err',
15             'debug'    => 0,
16             'verbose'  => 0
17         );
18
19         my $ipt_obj = new IPTables::Parse(%opts)
20             or die "[*] Could not acquire IPTables::Parse object";
21
22         my $rv = 0;
23
24         my $table = 'filter';
25         my $chain = 'INPUT';
26
27         my ($ipt_hr, $rv) = $ipt_obj->default_drop($table, $chain);
28         if ($rv) {
29             if (defined $ipt_hr->{'all'}) {
30                 print "The INPUT chain has a default DROP rule for all protocols.\n";
31             } else {
32                 for my $proto qw/tcp udp icmp/ {
33                     if (defined $ipt_hr->{$proto}) {
34                         print "The INPUT chain drops $proto by default.\n";
35                     }
36                 }
37             }
38         } else {
39             print "[-] Could not parse iptables policy\n";
40         }
41
42         ($ipt_hr, $rv) = $ipt_obj->default_log($table, $chain);
43         if ($rv) {
44             if (defined $ipt_hr->{'all'}) {
45                 print "The INPUT chain has a default LOG rule for all protocols.\n";
46             } else {
47                 for my $proto qw/tcp udp icmp/ {
48                     if (defined $ipt_hr->{$proto}) {
49                         print "The INPUT chain logs $proto by default.\n";
50                     }
51                 }
52             }
53         } else {
54             print "[-] Could not parse iptables policy\n";
55         }
56

DESCRIPTION

58       The "IPTables::Parse" package provides an interface to parse iptables
59       rules on Linux systems through the direct execution of iptables
60       commands, or from parsing a file that contains an iptables policy
61       listing.  You can get the current policy applied to a table/chain, look
62       for a specific user-defined chain, check for a default DROP policy, or
63       determing whether or not logging rules exist.
64

FUNCTIONS

66       The IPTables::Parse extension provides an object interface to the
67       following functions:
68
69       chain_policy($table, $chain)
70           This function returns the policy (e.g. 'DROP', 'ACCEPT', etc.) for
71           the specified table and chain:
72
73             print "INPUT policy: ", $ipt_obj->chain_policy('filter', 'INPUT'), "\n";
74
75       chain_rules($table, $chain)
76           This function parses the specified chain and table and returns an
77           array reference for all rules in the chain.  Each element in the
78           array reference is a hash with the following keys (that contain
79           values depending on the rule): "src", "dst", "protocol", "s_port",
80           "d_port", "target", "packets", "bytes", "intf_in", "intf_out",
81           "to_ip", "to_port", "state", "raw", and "extended".  The "extended"
82           element contains the rule output past the protocol information, and
83           the "raw" element contains the complete rule itself as reported by
84           iptables.
85
86       default_drop($table, $chain)
87           This function parses the running iptables policy in order to
88           determine if the specified chain contains a default DROP rule.  Two
89           values are returned, a hash reference whose keys are the protocols
90           that are dropped by default if a global ACCEPT rule has not
91           accepted matching packets first, along with a return value that
92           tells the caller if parsing the iptables policy was successful.
93           Note that if all protocols are dropped by default, then the hash
94           key 'all' will be defined.
95
96             ($ipt_hr, $rv) = $ipt_obj->default_drop('filter', 'INPUT');
97
98       default_log($table, $chain)
99           This function parses the running iptables policy in order to
100           determine if the specified chain contains a default LOG rule.  Two
101           values are returned, a hash reference whose keys are the protocols
102           that are logged by default if a global ACCEPT rule has not accepted
103           matching packets first, along with a return value that tells the
104           caller if parsing the iptables policy was successful.  Note that if
105           all protocols are logged by default, then the hash key 'all' will
106           be defined.  An example invocation is:
107
108             ($ipt_hr, $rv) = $ipt_obj->default_log('filter', 'INPUT');
109

AUTHOR

111       Michael Rash, <mbr@cipherdyne.org>
112

SEE ALSO

114       The IPTables::Parse is used by the IPTables::ChainMgr extension in
115       support of the psad, fwsnort, and fwknop projects to parse iptables
116       policies (see the psad(8), fwsnort(8), and fwknop(8) man pages).  As
117       always, the iptables(8) provides the best information on command line
118       execution and theory behind iptables.
119
120       Although there is no mailing that is devoted specifically to the
121       IPTables::Parse extension, questions about the extension will be
122       answered on the following lists:
123
124         The psad mailing list: http://lists.sourceforge.net/lists/listinfo/psad-discuss
125         The fwknop mailing list: http://lists.sourceforge.net/lists/listinfo/fwknop-discuss
126         The fwsnort mailing list: http://lists.sourceforge.net/lists/listinfo/fwsnort-discuss
127
128       The latest version of the IPTables::Parse extension can be found at:
129
130       http://www.cipherdyne.org/modules/
131

CREDITS

133       Thanks to the following people:
134
135         Franck Joncourt <franck.mail@dthconnex.com>
136         Grant Ferley
137

AUTHOR

139       The IPTables::Parse extension was written by Michael Rash
140       <mbr@cipherdyne.org> to support the psad, fwknop, and fwsnort projects.
141       Please send email to this address if there are any questions, comments,
142       or bug reports.
143
145       Copyright (C) 2005-2008 by Michael Rash
146
147       This library is free software; you can redistribute it and/or modify it
148       under the same terms as Perl itself, either Perl version 5.8.5 or, at
149       your option, any later version of Perl 5 you may have available.
150
151
152
153perl v5.12.0                      2008-10-18                IPTables::Parse(3)
Impressum