1IPTables::Parse(3) User Contributed Perl Documentation IPTables::Parse(3)
2
3
4
6 IPTables::Parse - Perl extension for parsing iptables firewall rulesets
7
9 use IPTables::Parse;
10
11 my %opts = (
12 'iptables' => '/sbin/iptables',
13 'iptout' => '/tmp/iptables.out',
14 'ipterr' => '/tmp/iptables.err',
15 'debug' => 0,
16 'verbose' => 0
17 );
18
19 my $ipt_obj = new IPTables::Parse(%opts)
20 or die "[*] Could not acquire IPTables::Parse object";
21
22 my $rv = 0;
23
24 my $table = 'filter';
25 my $chain = 'INPUT';
26
27 my ($ipt_hr, $rv) = $ipt_obj->default_drop($table, $chain);
28 if ($rv) {
29 if (defined $ipt_hr->{'all'}) {
30 print "The INPUT chain has a default DROP rule for all protocols.\n";
31 } else {
32 for my $proto qw/tcp udp icmp/ {
33 if (defined $ipt_hr->{$proto}) {
34 print "The INPUT chain drops $proto by default.\n";
35 }
36 }
37 }
38 } else {
39 print "[-] Could not parse iptables policy\n";
40 }
41
42 ($ipt_hr, $rv) = $ipt_obj->default_log($table, $chain);
43 if ($rv) {
44 if (defined $ipt_hr->{'all'}) {
45 print "The INPUT chain has a default LOG rule for all protocols.\n";
46 } else {
47 for my $proto qw/tcp udp icmp/ {
48 if (defined $ipt_hr->{$proto}) {
49 print "The INPUT chain logs $proto by default.\n";
50 }
51 }
52 }
53 } else {
54 print "[-] Could not parse iptables policy\n";
55 }
56
58 The "IPTables::Parse" package provides an interface to parse iptables
59 rules on Linux systems through the direct execution of iptables
60 commands, or from parsing a file that contains an iptables policy
61 listing. You can get the current policy applied to a table/chain, look
62 for a specific user-defined chain, check for a default DROP policy, or
63 determing whether or not logging rules exist.
64
66 The IPTables::Parse extension provides an object interface to the
67 following functions:
68
69 chain_policy($table, $chain)
70 This function returns the policy (e.g. 'DROP', 'ACCEPT', etc.) for
71 the specified table and chain:
72
73 print "INPUT policy: ", $ipt_obj->chain_policy('filter', 'INPUT'), "\n";
74
75 chain_rules($table, $chain)
76 This function parses the specified chain and table and returns an
77 array reference for all rules in the chain. Each element in the
78 array reference is a hash with the following keys (that contain
79 values depending on the rule): "src", "dst", "protocol", "s_port",
80 "d_port", "target", "packets", "bytes", "intf_in", "intf_out",
81 "to_ip", "to_port", "state", "raw", and "extended". The "extended"
82 element contains the rule output past the protocol information, and
83 the "raw" element contains the complete rule itself as reported by
84 iptables.
85
86 default_drop($table, $chain)
87 This function parses the running iptables policy in order to
88 determine if the specified chain contains a default DROP rule. Two
89 values are returned, a hash reference whose keys are the protocols
90 that are dropped by default if a global ACCEPT rule has not
91 accepted matching packets first, along with a return value that
92 tells the caller if parsing the iptables policy was successful.
93 Note that if all protocols are dropped by default, then the hash
94 key 'all' will be defined.
95
96 ($ipt_hr, $rv) = $ipt_obj->default_drop('filter', 'INPUT');
97
98 default_log($table, $chain)
99 This function parses the running iptables policy in order to
100 determine if the specified chain contains a default LOG rule. Two
101 values are returned, a hash reference whose keys are the protocols
102 that are logged by default if a global ACCEPT rule has not accepted
103 matching packets first, along with a return value that tells the
104 caller if parsing the iptables policy was successful. Note that if
105 all protocols are logged by default, then the hash key 'all' will
106 be defined. An example invocation is:
107
108 ($ipt_hr, $rv) = $ipt_obj->default_log('filter', 'INPUT');
109
111 Michael Rash, <mbr@cipherdyne.org>
112
114 The IPTables::Parse is used by the IPTables::ChainMgr extension in
115 support of the psad, fwsnort, and fwknop projects to parse iptables
116 policies (see the psad(8), fwsnort(8), and fwknop(8) man pages). As
117 always, the iptables(8) provides the best information on command line
118 execution and theory behind iptables.
119
120 Although there is no mailing that is devoted specifically to the
121 IPTables::Parse extension, questions about the extension will be
122 answered on the following lists:
123
124 The psad mailing list: http://lists.sourceforge.net/lists/listinfo/psad-discuss
125 The fwknop mailing list: http://lists.sourceforge.net/lists/listinfo/fwknop-discuss
126 The fwsnort mailing list: http://lists.sourceforge.net/lists/listinfo/fwsnort-discuss
127
128 The latest version of the IPTables::Parse extension can be found at:
129
130 http://www.cipherdyne.org/modules/
131
133 Thanks to the following people:
134
135 Franck Joncourt <franck.mail@dthconnex.com>
136 Grant Ferley
137
139 The IPTables::Parse extension was written by Michael Rash
140 <mbr@cipherdyne.org> to support the psad, fwknop, and fwsnort projects.
141 Please send email to this address if there are any questions, comments,
142 or bug reports.
143
145 Copyright (C) 2005-2008 by Michael Rash
146
147 This library is free software; you can redistribute it and/or modify it
148 under the same terms as Perl itself, either Perl version 5.8.5 or, at
149 your option, any later version of Perl 5 you may have available.
150
151
152
153perl v5.12.0 2008-10-18 IPTables::Parse(3)