Re: Tree view for rules/chains?

netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: John Miller <johnmill@brandeis.edu>
To: alvin <alvin.sm@mail.linux-consulting.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Tree view for rules/chains?
Date: Wed, 5 Aug 2015 16:22:36 -0400	[thread overview]
Message-ID: <CAGYMsbtD7fKUh+W9kK-vQyqqgz2j2cfNK8-nK_oKASvvDreajw@mail.gmail.com> (raw)
In-Reply-To: <20150805193040.GA14052@Mail.Linux-Consulting.com>

On Wed, Aug 5, 2015 at 3:30 PM, alvin
<alvin.sm@mail.linux-consulting.com> wrote:
>
> hi ya john
>
> On Wed, Aug 05, 2015 at 12:50:43PM -0400, John Miller wrote:
>> Hi folks,
>>
>> We keep pretty simple firewall rulesets for the most part.  That said,
>> it'd be nice to be able to display chains and rules in a tree-based
>> format: it'd help to visualize more complex rulesets.  Do you all know
>> of any existing tools that'll let me display things in a tree
>> structure--sort of the iptables equivalent of the 'tree' command for
>> files and directories?
>
> how and what would you want to change for the output of "iptables -nvL"
>

Hi Alvin,

What I'd really like is something like (let's see how well this displays):

--filter table--

                  INPUT (policy reject)
PREROUTING, OUTPUT, FORWARD, user-defined top-level chains, etc.
                         |
     ---------------------------------------------
     |                   |                       |
   Rule1        INPUT_USERCHAIN1          INPUT_USERCHAIN2
   Rule2        |              |                 |
   Rule3      Rule1        SUBCHAIN1           Rule1
   Rule4      Rule2            |               Rule2
              Rule3          Rule1             Rule3
              Rule4          Rule2             Rule4
                             Rule3
                             Rule4

--nat table, mangle table, etc.--

This is definitely not something I expect to see from iptables -nvL,
but more as a shell script or separate standalone utility.  If I can
accomplish something like this with a simple pipe or two (like to
gnuplot, for example), that'd be fine, too.  I figured there might be
an existing tool for this, or a relatively simple shell script that
someone had run before.

John

next prev parent reply	other threads:[~2015-08-05 20:22 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-08-05 16:50 Tree view for rules/chains? John Miller
2015-08-05 19:30 ` alvin
2015-08-05 20:22   ` John Miller [this message]
2015-08-05 20:52     ` alvin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAGYMsbtD7fKUh+W9kK-vQyqqgz2j2cfNK8-nK_oKASvvDreajw@mail.gmail.com \
    --to=johnmill@brandeis.edu \
    --cc=alvin.sm@mail.linux-consulting.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).