* Tree view for rules/chains? @ 2015-08-05 16:50 John Miller 2015-08-05 19:30 ` alvin 0 siblings, 1 reply; 4+ messages in thread From: John Miller @ 2015-08-05 16:50 UTC (permalink / raw) To: netfilter Hi folks, We keep pretty simple firewall rulesets for the most part. That said, it'd be nice to be able to display chains and rules in a tree-based format: it'd help to visualize more complex rulesets. Do you all know of any existing tools that'll let me display things in a tree structure--sort of the iptables equivalent of the 'tree' command for files and directories? John -- John Miller Systems Engineer Brandeis University johnmill@brandeis.edu ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Tree view for rules/chains? 2015-08-05 16:50 Tree view for rules/chains? John Miller @ 2015-08-05 19:30 ` alvin 2015-08-05 20:22 ` John Miller 0 siblings, 1 reply; 4+ messages in thread From: alvin @ 2015-08-05 19:30 UTC (permalink / raw) To: John Miller; +Cc: netfilter hi ya john On Wed, Aug 05, 2015 at 12:50:43PM -0400, John Miller wrote: > Hi folks, > > We keep pretty simple firewall rulesets for the most part. That said, > it'd be nice to be able to display chains and rules in a tree-based > format: it'd help to visualize more complex rulesets. Do you all know > of any existing tools that'll let me display things in a tree > structure--sort of the iptables equivalent of the 'tree' command for > files and directories? how and what would you want to change for the output of "iptables -nvL" you could start with: iptables -nvL | awhk '{ show only what you want to see}' pixie dust alvin # http://IPtables-BlackList.net # ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Tree view for rules/chains? 2015-08-05 19:30 ` alvin @ 2015-08-05 20:22 ` John Miller 2015-08-05 20:52 ` alvin 0 siblings, 1 reply; 4+ messages in thread From: John Miller @ 2015-08-05 20:22 UTC (permalink / raw) To: alvin; +Cc: netfilter On Wed, Aug 5, 2015 at 3:30 PM, alvin <alvin.sm@mail.linux-consulting.com> wrote: > > hi ya john > > On Wed, Aug 05, 2015 at 12:50:43PM -0400, John Miller wrote: >> Hi folks, >> >> We keep pretty simple firewall rulesets for the most part. That said, >> it'd be nice to be able to display chains and rules in a tree-based >> format: it'd help to visualize more complex rulesets. Do you all know >> of any existing tools that'll let me display things in a tree >> structure--sort of the iptables equivalent of the 'tree' command for >> files and directories? > > how and what would you want to change for the output of "iptables -nvL" > Hi Alvin, What I'd really like is something like (let's see how well this displays): --filter table-- INPUT (policy reject) PREROUTING, OUTPUT, FORWARD, user-defined top-level chains, etc. | --------------------------------------------- | | | Rule1 INPUT_USERCHAIN1 INPUT_USERCHAIN2 Rule2 | | | Rule3 Rule1 SUBCHAIN1 Rule1 Rule4 Rule2 | Rule2 Rule3 Rule1 Rule3 Rule4 Rule2 Rule4 Rule3 Rule4 --nat table, mangle table, etc.-- This is definitely not something I expect to see from iptables -nvL, but more as a shell script or separate standalone utility. If I can accomplish something like this with a simple pipe or two (like to gnuplot, for example), that'd be fine, too. I figured there might be an existing tool for this, or a relatively simple shell script that someone had run before. John ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Tree view for rules/chains? 2015-08-05 20:22 ` John Miller @ 2015-08-05 20:52 ` alvin 0 siblings, 0 replies; 4+ messages in thread From: alvin @ 2015-08-05 20:52 UTC (permalink / raw) To: John Miller; +Cc: netfilter hi ya john On Wed, Aug 05, 2015 at 04:22:36PM -0400, John Miller wrote: > On Wed, Aug 5, 2015 at 3:30 PM, alvin > <alvin.sm@mail.linux-consulting.com> wrote: ... > > how and what would you want to change for the output of "iptables -nvL" > > > > Hi Alvin, > > What I'd really like is something like (let's see how well this displays): > > --filter table-- > > INPUT (policy reject) > PREROUTING, OUTPUT, FORWARD, user-defined top-level chains, etc. > | > --------------------------------------------- > | | | > Rule1 INPUT_USERCHAIN1 INPUT_USERCHAIN2 > Rule2 | | | > Rule3 Rule1 SUBCHAIN1 Rule1 > Rule4 Rule2 | Rule2 > Rule3 Rule1 Rule3 > Rule4 Rule2 Rule4 > Rule3 > Rule4 > > --nat table, mangle table, etc.-- doesn't look/sound like a "simple firewall" anymore :-) reformatting the rules seems to be a job for perl or c :-) i have "no immediate solution" pixie dust alvin # IPtables-BlackList.net > This is definitely not something I expect to see from iptables -nvL, > but more as a shell script or separate standalone utility. If I can > accomplish something like this with a simple pipe or two (like to > gnuplot, for example), that'd be fine, too. I figured there might be > an existing tool for this, or a relatively simple shell script that > someone had run before. > > John ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-08-05 20:52 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-08-05 16:50 Tree view for rules/chains? John Miller 2015-08-05 19:30 ` alvin 2015-08-05 20:22 ` John Miller 2015-08-05 20:52 ` alvin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).