Is there a tool that shows iptables graphically?

dj_farid · l33t Joined: 14 Jun 2004 Posts: 613

I am not 100% sure if my iptables script works the way I want it to work.
According to my logic it does, but it would feel better to be sure.

So is there a tool that could interpret either my script with commands or the running rules, and then show it in a more understandable way?

JeroenV · Posted: Thu Nov 16, 2006 11:33 am Post subject:

I don't know about a real visualisation solution, but you might try to build your rules in a more "human readable" way in the first place, it will minimise the chance you do things you didn't want. A great tool for this is shorewall. (I use it on a production server, and found it very easy to make a solid firewall using almost natural language).

Good luck :!:

_________________
Cheers

Jeroen
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
May The Source be with you!

JeliJami · Veteran Joined: 17 Jan 2006 Posts: 1086 Location: Belgium

dj_farid · l33t Joined: 14 Jun 2004 Posts: 613

Thanks for the replies.
I have tried fwbuilder in the past. It is nice.

The thing is that I want to do it hardcore and do iptables just as a learning experience.
I have a simple script that I have been doing the past days. I am fairly certain that it does exactly what I want it to do.
But there is no easy way to find out. I have done a ShiledsUp test at http://www.grc.com/ and the portscan shows things as I expected.

My thought was that there could be a program that reads the current iptables rules and somehow makes it easier to understand than the output of "iptables -L -n -v". Not that I am completely lost when I read the output, but still a picture would be more clear...

DNAspark99 · Guru Joined: 03 Sep 2004 Posts: 321

FireHOL will let you generate a complex ruleset in a very understandable syntax.

I highly recommend it, it is the only tool I use for iptables configurations.

CZAirwolfOC · n00b Joined: 08 Nov 2006 Posts: 32

Or use Webmin and its modules.

arpunk · n00b Joined: 13 Jun 2006 Posts: 61 Location: Colombia

Maybe vuurmuur?

JeroenV · Posted: Fri Nov 17, 2006 8:36 am Post subject:

ah, seems we all kind of misunderstood the question, dj_farid is asking for visualisiation of the rules of an existing iptables firewall.

I'm sorry, don't know about such a tool, although one of the mentioned GUI firewalls may be able to extract the rules from a running firewall and translate them to their native format? That way you may be able to also use the visualisation feature of that GUI.

It may also be possible to write one using semi-automatic graphers like graphiz (and I read about other python based ones) and just parse the output of the IPtables listing and build a graph from it. (You could draw zones for interfaces, and coloured lines between them for connections). Of course this is by no means trivial and a project of its own.
_________________
Cheers

Jeroen
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
May The Source be with you!