Two questions/proposals for the netfilter core developers

Fri, 26 Oct 2001 02:21:58 +0100

Subject: Re: Two questions/proposals for the netfilter core developers

> i've written an iptables parser, which i'm currently (as i write this),
> rewriting... it takes match rules out a config file and builds simple
> tables which are then parsed by a perl script & inserted into a postgres
> database. from there, a cgi script is used which pulls values out of
> the database creating either reports or graphs, this is attatched to the
>   ESTABLISHED,RELATED   match, so it doesn't affect the actual firewall
> as we accept packets there anyway.

For parsing iptables output, you may want to take a look at my perl module
IPTables - which although is getting more stable every day, is still in
alpha version - however it seems perfectly stable for grabbing details of

I've just uploaded a new version right now (0.04), that fixed the bug where
i assumed iptables-1.2.3 was installed, instead of asking for source dir.