Two questions/proposals for the netfilter core developers

Theo theo@crazygreek.co.uk
Fri, 26 Oct 2001 02:21:58 +0100


----- Original Message -----
From: "Nigel Kukard" <nkukard@lbsd.net>
To: "s I n" <sin@Aniela.EU.ORG>
Cc: <netfilter-devel@lists.samba.org>
Sent: Friday, October 26, 2001 1:02 AM
Subject: Re: Two questions/proposals for the netfilter core developers

> i've written an iptables parser, which i'm currently (as i write this),
> rewriting... it takes match rules out a config file and builds simple
> tables which are then parsed by a perl script & inserted into a postgres
> database. from there, a cgi script is used which pulls values out of
> the database creating either reports or graphs, this is attatched to the
>   ESTABLISHED,RELATED   match, so it doesn't affect the actual firewall
> as we accept packets there anyway.

For parsing iptables output, you may want to take a look at my perl module
IPTables - which although is getting more stable every day, is still in
alpha version - however it seems perfectly stable for grabbing details of
rules.

I've just uploaded a new version right now (0.04), that fixed the bug where
i assumed iptables-1.2.3 was installed, instead of asking for source dir.

Theo