Provided by: libiptables-parse-perl_1.1-1+deb8u1build0.14.04.1_all 
NAME
IPTables::Parse - Perl extension for parsing iptables and ip6tables policies
SYNOPSIS
use IPTables::Parse;
my $ipt_bin = '/sbin/iptables'; # can set this to /sbin/ip6tables
my %opts = (
'iptables' => $ipt_bin,
'debug' => 0,
'verbose' => 0
);
my $ipt_obj = new IPTables::Parse(%opts)
or die "[*] Could not acquire IPTables::Parse object";
my $rv = 0;
my $table = 'filter';
my $chain = 'INPUT';
my ($ipt_hr, $rv) = $ipt_obj->default_drop($table, $chain);
if ($rv) {
if (defined $ipt_hr->{'all'}) {
print "The INPUT chain has a default DROP rule for all protocols.\n";
} else {
for my $proto (qw/tcp udp icmp/) {
if (defined $ipt_hr->{$proto}) {
print "The INPUT chain drops $proto by default.\n";
}
}
}
} else {
print "[-] Could not parse $ipt_obj->{'_ipt_bin_name'} policy\n";
}
($ipt_hr, $rv) = $ipt_obj->default_log($table, $chain);
if ($rv) {
if (defined $ipt_hr->{'all'}) {
print "The INPUT chain has a default LOG rule for all protocols.\n";
} else {
for my $proto (qw/tcp udp icmp/) {
if (defined $ipt_hr->{$proto}) {
print "The INPUT chain logs $proto by default.\n";
}
}
}
} else {
print "[-] Could not parse $ipt_obj->{'_ipt_bin_name'} policy\n";
}
DESCRIPTION
The "IPTables::Parse" package provides an interface to parse iptables or ip6tables rules on Linux systems
through the direct execution of iptables/ip6tables commands, or from parsing a file that contains an
iptables/ip6tables policy listing. You can get the current policy applied to a table/chain, look for a
specific user-defined chain, check for a default DROP policy, or determing whether or not logging rules
exist.
FUNCTIONS
The IPTables::Parse extension provides an object interface to the following functions:
chain_policy($table, $chain)
This function returns the policy (e.g. 'DROP', 'ACCEPT', etc.) for the specified table and chain:
print "INPUT policy: ", $ipt_obj->chain_policy('filter', 'INPUT'), "\n";
chain_rules($table, $chain)
This function parses the specified chain and table and returns an array reference for all rules in
the chain. Each element in the array reference is a hash with the following keys (that contain
values depending on the rule): "src", "dst", "protocol", "s_port", "d_port", "target", "packets",
"bytes", "intf_in", "intf_out", "to_ip", "to_port", "state", "raw", and "extended". The "extended"
element contains the rule output past the protocol information, and the "raw" element contains the
complete rule itself as reported by iptables or ip6tables.
default_drop($table, $chain)
This function parses the running iptables or ip6tables policy in order to determine if the specified
chain contains a default DROP rule. Two values are returned, a hash reference whose keys are the
protocols that are dropped by default if a global ACCEPT rule has not accepted matching packets
first, along with a return value that tells the caller if parsing the iptables or ip6tables policy
was successful. Note that if all protocols are dropped by default, then the hash key 'all' will be
defined.
($ipt_hr, $rv) = $ipt_obj->default_drop('filter', 'INPUT');
default_log($table, $chain)
This function parses the running iptables or ip6tables policy in order to determine if the specified
chain contains a default LOG rule. Two values are returned, a hash reference whose keys are the
protocols that are logged by default if a global ACCEPT rule has not accepted matching packets first,
along with a return value that tells the caller if parsing the iptables or ip6tables policy was
successful. Note that if all protocols are logged by default, then the hash key 'all' will be
defined. An example invocation is:
($ipt_hr, $rv) = $ipt_obj->default_log('filter', 'INPUT');
AUTHOR
Michael Rash, <mbr@cipherdyne.org>
SEE ALSO
The IPTables::Parse is used by the IPTables::ChainMgr extension in support of the psad and fwsnort
projects to parse iptables or ip6tables policies (see the psad(8), and fwsnort(8) man pages). As always,
the iptables(8) and ip6tables(8) man pages provide the best information on command line execution and
theory behind iptables and ip6tables.
Although there is no mailing that is devoted specifically to the IPTables::Parse extension, questions
about the extension will be answered on the following lists:
The psad mailing list: http://lists.sourceforge.net/lists/listinfo/psad-discuss
The fwsnort mailing list: http://lists.sourceforge.net/lists/listinfo/fwsnort-discuss
The latest version of the IPTables::Parse extension can be found on CPAN and also here:
http://www.cipherdyne.org/modules/
Source control is provided by git:
http://www.cipherdyne.org/git/IPTables-Parse.git
http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=IPTables-Parse.git;a=summary
CREDITS
Thanks to the following people:
Franck Joncourt <franck.mail@dthconnex.com>
Grant Ferley
AUTHOR
The IPTables::Parse extension was written by Michael Rash <mbr@cipherdyne.org> to support the psad and
fwsnort projects. Please send email to this address if there are any questions, comments, or bug
reports.
COPYRIGHT AND LICENSE
Copyright (C) 2005-2012 Michael Rash. All rights reserved.
This module is free software. You can redistribute it and/or modify it under the terms of the Artistic
License 2.0. More information can be found here: http://www.perl.com/perl/misc/Artistic.html
This program is distributed "as is" in the hope that it will be useful, but without any warranty; without
even the implied warranty of merchantability or fitness for a particular purpose.
perl v5.18.2 2018-11-02 IPTables::Parse(3pm)