* Tree view for rules/chains?
@ 2015-08-05 16:50 John Miller
2015-08-05 19:30 ` alvin
0 siblings, 1 reply; 4+ messages in thread
From: John Miller @ 2015-08-05 16:50 UTC (permalink / raw)
To: netfilter
Hi folks,
We keep pretty simple firewall rulesets for the most part. That said,
it'd be nice to be able to display chains and rules in a tree-based
format: it'd help to visualize more complex rulesets. Do you all know
of any existing tools that'll let me display things in a tree
structure--sort of the iptables equivalent of the 'tree' command for
files and directories?
John
--
John Miller
Systems Engineer
Brandeis University
johnmill@brandeis.edu
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Tree view for rules/chains?
2015-08-05 16:50 Tree view for rules/chains? John Miller
@ 2015-08-05 19:30 ` alvin
2015-08-05 20:22 ` John Miller
0 siblings, 1 reply; 4+ messages in thread
From: alvin @ 2015-08-05 19:30 UTC (permalink / raw)
To: John Miller; +Cc: netfilter
hi ya john
On Wed, Aug 05, 2015 at 12:50:43PM -0400, John Miller wrote:
> Hi folks,
>
> We keep pretty simple firewall rulesets for the most part. That said,
> it'd be nice to be able to display chains and rules in a tree-based
> format: it'd help to visualize more complex rulesets. Do you all know
> of any existing tools that'll let me display things in a tree
> structure--sort of the iptables equivalent of the 'tree' command for
> files and directories?
how and what would you want to change for the output of "iptables -nvL"
you could start with:
iptables -nvL | awhk '{ show only what you want to see}'
pixie dust
alvin
# http://IPtables-BlackList.net
#
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Tree view for rules/chains?
2015-08-05 19:30 ` alvin
@ 2015-08-05 20:22 ` John Miller
2015-08-05 20:52 ` alvin
0 siblings, 1 reply; 4+ messages in thread
From: John Miller @ 2015-08-05 20:22 UTC (permalink / raw)
To: alvin; +Cc: netfilter
On Wed, Aug 5, 2015 at 3:30 PM, alvin
<alvin.sm@mail.linux-consulting.com> wrote:
>
> hi ya john
>
> On Wed, Aug 05, 2015 at 12:50:43PM -0400, John Miller wrote:
>> Hi folks,
>>
>> We keep pretty simple firewall rulesets for the most part. That said,
>> it'd be nice to be able to display chains and rules in a tree-based
>> format: it'd help to visualize more complex rulesets. Do you all know
>> of any existing tools that'll let me display things in a tree
>> structure--sort of the iptables equivalent of the 'tree' command for
>> files and directories?
>
> how and what would you want to change for the output of "iptables -nvL"
>
Hi Alvin,
What I'd really like is something like (let's see how well this displays):
--filter table--
INPUT (policy reject)
PREROUTING, OUTPUT, FORWARD, user-defined top-level chains, etc.
|
---------------------------------------------
| | |
Rule1 INPUT_USERCHAIN1 INPUT_USERCHAIN2
Rule2 | | |
Rule3 Rule1 SUBCHAIN1 Rule1
Rule4 Rule2 | Rule2
Rule3 Rule1 Rule3
Rule4 Rule2 Rule4
Rule3
Rule4
--nat table, mangle table, etc.--
This is definitely not something I expect to see from iptables -nvL,
but more as a shell script or separate standalone utility. If I can
accomplish something like this with a simple pipe or two (like to
gnuplot, for example), that'd be fine, too. I figured there might be
an existing tool for this, or a relatively simple shell script that
someone had run before.
John
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Tree view for rules/chains?
2015-08-05 20:22 ` John Miller
@ 2015-08-05 20:52 ` alvin
0 siblings, 0 replies; 4+ messages in thread
From: alvin @ 2015-08-05 20:52 UTC (permalink / raw)
To: John Miller; +Cc: netfilter
hi ya john
On Wed, Aug 05, 2015 at 04:22:36PM -0400, John Miller wrote:
> On Wed, Aug 5, 2015 at 3:30 PM, alvin
> <alvin.sm@mail.linux-consulting.com> wrote:
...
> > how and what would you want to change for the output of "iptables -nvL"
> >
>
> Hi Alvin,
>
> What I'd really like is something like (let's see how well this displays):
>
> --filter table--
>
> INPUT (policy reject)
> PREROUTING, OUTPUT, FORWARD, user-defined top-level chains, etc.
> |
> ---------------------------------------------
> | | |
> Rule1 INPUT_USERCHAIN1 INPUT_USERCHAIN2
> Rule2 | | |
> Rule3 Rule1 SUBCHAIN1 Rule1
> Rule4 Rule2 | Rule2
> Rule3 Rule1 Rule3
> Rule4 Rule2 Rule4
> Rule3
> Rule4
>
> --nat table, mangle table, etc.--
doesn't look/sound like a "simple firewall" anymore :-)
reformatting the rules seems to be a job for perl or c :-)
i have "no immediate solution"
pixie dust
alvin
# IPtables-BlackList.net
> This is definitely not something I expect to see from iptables -nvL,
> but more as a shell script or separate standalone utility. If I can
> accomplish something like this with a simple pipe or two (like to
> gnuplot, for example), that'd be fine, too. I figured there might be
> an existing tool for this, or a relatively simple shell script that
> someone had run before.
>
> John
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-08-05 20:52 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-05 16:50 Tree view for rules/chains? John Miller
2015-08-05 19:30 ` alvin
2015-08-05 20:22 ` John Miller
2015-08-05 20:52 ` alvin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).