Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Real-time Iptables Monitor

by Dr. Mu (Hermit)
on Dec 02, 2005 at 22:25 UTC ( #513732=CUFP: print w/replies, xml ) Need Help??

In trying to solve a problem setting up iptables on my Linux gateway box, I wrote a Perl script to display netfilter activity in real-time. Every second, it grabs output from the iptables list utility, including counters (which are then zeroed). It displays this data with extraneous lines removed, highlighting the lines with non-zero packet counts in color. It's designed to run in an xterm window and uses ANSI escape sequences to control the text. To be effective, the xterm window needs to be at least as high as the output, else scrolling will ruin the visual effect. Also, the code may be iptables version-dependent, as it matches certain keywords for the formatting. Once started, it can be stopped with a ctl-C, which will restore some of the display settings. Herewith is the code:
#!/usr/bin/perl use strict; use warnings; my @types = qw/nat mangle filter/; $SIG{INT} = sub{print "\e[?25h\e[u"; exit}; print "\e[40;37m\e[2J\e[?25l"; while (1) { print "\e[0;0H"; my %output = map {$_ => scalar `iptables -t $_ -L -v -Z`} @types; foreach my $type (@types) { print "\e[01;34m------", uc($type), '-' x (73 - length($type)), "\ +n"; $output{$type} =~ s/ pkts[^\n]*\n(\n|Zeroing)/$1/gs; foreach my $line (split /\n/, $output{$type}) { next if $line =~ m/^Zeroing/ || $line eq ''; print $line =~ m/^\s*(\d+)/ || $line =~ m/(\d+) packets/ ? ($1 > 0 ? ($line =~ m/DROP|DENY|REJECT/ ? "\e[01;40;31m" : "\e[01;40;32m") : "\e[00;40;37m") : "\e[00;40;33m"; print "\e[K$line\e[01;40;37m\n" } } print "\e[s"; sleep 1 }

Replies are listed 'Best First'.
Re: Real-time Iptables Monitor
by Perlbotics (Bishop) on Jul 16, 2016 at 11:01 UTC
Re: Real-time Iptables Monitor
by hasimir44 (Sexton) on Dec 12, 2005 at 09:07 UTC
    This is pretty cool. I've setup iptables on my dev. gateway, but I'm new and haven't setup enough rules to make the output interesting.. On the other hand, my laptop is using a prebuilt firewall and the rules are about 4 screens hight some are > 100 characters causing the output to skew like you said.. I find this very motivating though, I'm going to play with it and I'm sure it will help me learn a few things. Thanks!

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: CUFP [id://513732]
Approved by ghenry
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (2)
As of 2023-09-26 02:57 GMT
Find Nodes?
    Voting Booth?

    No recent polls found