#!/usr/bin/env python # -*- coding: utf-8 -*- # Compteur des règles iptables import sys,commands,string # On prend l'argument pour définir la table à analyser TABLE = sys.argv[0].split('_')[1] if TABLE : IPTABLES = "iptables -n -t %s -L " % TABLE else : IPTABLES = "iptables -n -L " try : arg = sys.argv[1] except : arg = '' CHAINS = commands.getoutput('%s | grep Chain | awk \'{print $2}\'' % IPTABLES).split('\n') if arg == "config" : print 'graph_title Firewall %s' % string.lower(TABLE) print 'graph_args --base 1000 --lower-limit 0' print 'graph_category network' print "graph_vlabel nb de regles" for chain in CHAINS : nom = string.lower(chain.replace('_', '').replace('-', '').replace('.','').replace('/', '')) label = chain.replace('_', '-').replace('.','-').replace('/','-') if label != "TEST-MAC-IP" : print "%s.label %s" % (nom, label) if CHAINS.index(chain) == 0 : print "%s.draw AREA" % nom else : print "%s.draw STACK" % nom else : print "%sadm.label %s-adm" % (nom, label) print "%sadm.draw STACK" % nom for subnet in range(136,152): print "%s%s.label %s-%s" % (nom, subnet, label, subnet) print "%s%s.draw STACK" % (nom, subnet) print "%s.label %s" % (nom, label) print "%s.warning 100:2500" % nom print "%s.critical 1:3000" % nom else : for chain in CHAINS : nom = string.lower(chain.replace('_', '').replace('-', '').replace('.','').replace('/', '')) label = chain.replace('_', '-').replace('.','-').replace('/','-') if label == "TEST-MAC-IP" : data = commands.getoutput("%s %s | uniq | awk '{print $4}' | grep 231 | awk -F '.' '{print $1$2$3}' | sort | uniq -c | grep 231" % (IPTABLES, chain)).split('\n') total = 0 for line in data : value, subnet = line.split() total += int(value) if subnet[:8] == "10231136": print "%sadm.value %s" % (nom, value) for x in range(136,152): if subnet[:9] == ("138231%d" % x): print "%s%d.value %s" % (nom, x, value) print "%s.value %d" % (nom, total) else : value = int(commands.getoutput('%s %s | uniq | wc -l' % (IPTABLES, chain))) - 2 print "%s.value %d" % (nom, value)