IPTables::Parse(3) User Contributed Perl Documentation IPTables::Parse(3)NAMEIPTables::Parse - Perl extension for parsing iptables firewall rulesets
SYNOPSIS
use IPTables::Parse;
my %opts = (
'iptables' => '/sbin/iptables',
'iptout' => '/tmp/iptables.out',
'ipterr' => '/tmp/iptables.err',
'debug' => 0,
'verbose' => 0
);
my $ipt_obj = new IPTables::Parse(%opts)
or die "[*] Could not acquire IPTables::Parse object";
my $rv = 0;
my $table = 'filter';
my $chain = 'INPUT';
my ($ipt_hr, $rv) = $ipt_obj->default_drop($table, $chain);
if ($rv) {
if (defined $ipt_hr->{'all'}) {
print "The INPUT chain has a default DROP rule for all protocols.\n";
} else {
for my $proto qw/tcp udp icmp/ {
if (defined $ipt_hr->{$proto}) {
print "The INPUT chain drops $proto by default.\n";
}
}
}
} else {
print "[-] Could not parse iptables policy\n";
}
($ipt_hr, $rv) = $ipt_obj->default_log($table, $chain);
if ($rv) {
if (defined $ipt_hr->{'all'}) {
print "The INPUT chain has a default LOG rule for all protocols.\n";
} else {
for my $proto qw/tcp udp icmp/ {
if (defined $ipt_hr->{$proto}) {
print "The INPUT chain logs $proto by default.\n";
}
}
}
} else {
print "[-] Could not parse iptables policy\n";
}
DESCRIPTION
The "IPTables::Parse" package provides an interface to parse iptables
rules on Linux systems through the direct execution of iptables
commands, or from parsing a file that contains an iptables policy
listing. You can get the current policy applied to a table/chain, look
for a specific user-defined chain, check for a default DROP policy, or
determing whether or not logging rules exist.
FUNCTIONS
The IPTables::Parse extension provides an object interface to the
following functions:
chain_policy($table, $chain)
This function returns the policy (e.g. 'DROP', 'ACCEPT', etc.) for
the specified table and chain:
print "INPUT policy: ", $ipt_obj->chain_policy('filter', 'INPUT'), "\n";
chain_rules($table, $chain)
This function parses the specified chain and table and returns an
array reference for all rules in the chain. Each element in the
array reference is a hash with the following keys (that contain
values depending on the rule): "src", "dst", "protocol", "s_port",
"d_port", "target", "packets", "bytes", "intf_in", "intf_out",
"to_ip", "to_port", "state", "raw", and "extended". The "extended"
element contains the rule output past the protocol information, and
the "raw" element contains the complete rule itself as reported by
iptables.
default_drop($table, $chain)
This function parses the running iptables policy in order to
determine if the specified chain contains a default DROP rule. Two
values are returned, a hash reference whose keys are the protocols
that are dropped by default if a global ACCEPT rule has not
accepted matching packets first, along with a return value that
tells the caller if parsing the iptables policy was successful.
Note that if all protocols are dropped by default, then the hash
key 'all' will be defined.
($ipt_hr, $rv) = $ipt_obj->default_drop('filter', 'INPUT');
default_log($table, $chain)
This function parses the running iptables policy in order to
determine if the specified chain contains a default LOG rule. Two
values are returned, a hash reference whose keys are the protocols
that are logged by default if a global ACCEPT rule has not accepted
matching packets first, along with a return value that tells the
caller if parsing the iptables policy was successful. Note that if
all protocols are logged by default, then the hash key 'all' will
be defined. An example invocation is:
($ipt_hr, $rv) = $ipt_obj->default_log('filter', 'INPUT');
AUTHOR
Michael Rash, <mbr@cipherdyne.org>
SEE ALSO
The IPTables::Parse is used by the IPTables::ChainMgr extension in
support of the psad, fwsnort, and fwknop projects to parse iptables
policies (see the psad(8), fwsnort(8), and fwknop(8) man pages). As
always, the iptables(8) provides the best information on command line
execution and theory behind iptables.
Although there is no mailing that is devoted specifically to the
IPTables::Parse extension, questions about the extension will be
answered on the following lists:
The psad mailing list: http://lists.sourceforge.net/lists/listinfo/psad-discuss
The fwknop mailing list: http://lists.sourceforge.net/lists/listinfo/fwknop-discuss
The fwsnort mailing list: http://lists.sourceforge.net/lists/listinfo/fwsnort-discuss
The latest version of the IPTables::Parse extension can be found at:
http://www.cipherdyne.org/modules/
CREDITS
Thanks to the following people:
Franck Joncourt <franck.mail@dthconnex.com>
Grant Ferley
AUTHOR
The IPTables::Parse extension was written by Michael Rash
<mbr@cipherdyne.org> to support the psad, fwknop, and fwsnort projects.
Please send email to this address if there are any questions, comments,
or bug reports.
COPYRIGHT AND LICENSE
Copyright (C) 2005-2008 by Michael Rash
This library is free software; you can redistribute it and/or modify it
under the same terms as Perl itself, either Perl version 5.8.5 or, at
your option, any later version of Perl 5 you may have available.
perl v5.14.0 2008-10-18 IPTables::Parse(3)
