• Your recent searches
App-Iptables2Dot
10 results

 view release on metacpan or  search on metacpan

lib/App/Iptables2Dot.pm  view on Meta::CPAN 


# _internal_nodes(@tables)
#
# Lists all chains from all tables in @tables, that are internal chains.
#
# Returns a list of all internal tables.
#
sub _internal_nodes {
    my $self      = shift;
    my $opt       = shift;
    my $re_in     = qr/^(PREROUTING|POSTROUTING|INPUT|FORWARD|OUTPUT)$/;
    my @nodes     = ();
    my %have_node = ();
    my %used      = ();
    foreach my $table (@_) {
        unless ($opt->{showunusednodes} || $opt->{"use-numbered-nodes"}) {
            %used = map { $_->[0] => 1, } @{$self->{jumps}->{$table}};
        }
        foreach my $node (sort keys %{$self->{chains}->{$table}}) {
            next unless ($used{$node}
                        || $opt->{showunusednodes}

t/app-iptables2dot.t  view on Meta::CPAN 

unlike($dg, qr/POSTROUTING:R1:e -> SNAT:name:w;$/ms, 'got SNAT target');
unlike($dg, qr/PREROUTING:R0:e -> DNAT:name:w;$/ms, 'got DNAT target');

# Test show unused CHAINS
#
# first: omit them
#
$dg = $i2d->dot_graph( {}, 'filter' );
like($dg, qr/{ rank = source; "FORWARD"; }$/ms,
    'did not get unused chains');
unlike($dg, qr/INPUT \[shape=none,margin=0,/ms, 'did not get unused chains');
unlike($dg, qr/OUTPUT \[shape=none,margin=0,/ms, 'did not get unused chains');
#
# second: show them
#
$dg = $i2d->dot_graph( {showunusednodes => 1}, 'filter' );
like($dg, qr/{ rank = source; "FORWARD"; "INPUT"; "OUTPUT"; }$/ms,
    'got unused chains');
like($dg, qr/INPUT \[shape=none,margin=0,/ms, 'got unused chains');
like($dg, qr/OUTPUT \[shape=none,margin=0,/ms, 'got unused chains');

done_testing();

t/iptables-save/bug-120616.txt  view on Meta::CPAN 

# Generated by iptables-save v1.4.21 on Tue Mar 14 21:33:23 2017
*nat
:PREROUTING ACCEPT [1795:233177]
:INPUT ACCEPT [2:104]
:OUTPUT ACCEPT [99:25953]
:POSTROUTING ACCEPT [96:24969]
:delegate_postrouting - [0:0]
:delegate_prerouting - [0:0]
:postrouting_client_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_local_node_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_client_rule - [0:0]
:prerouting_lan_rule - [0:0]

t/iptables-save/bug-120616.txt  view on Meta::CPAN 

:prerouting_wan_rule - [0:0]
:zone_client_postrouting - [0:0]
:zone_client_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_local_node_postrouting - [0:0]
:zone_local_node_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -j delegate_prerouting
-A OUTPUT -d 127.0.0.1/32 -o lo -p udp -m owner --gid-owner 800 -m udp --dport 53 -j DNAT --to-destination :54
-A POSTROUTING -j delegate_postrouting
-A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule
-A delegate_postrouting -o br-wan -j zone_wan_postrouting
-A delegate_postrouting -o br-client -j zone_client_postrouting
-A delegate_postrouting -o local-node -j zone_local_node_postrouting
-A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule
-A delegate_prerouting -i br-wan -j zone_wan_prerouting
-A delegate_prerouting -i br-client -j zone_client_prerouting
-A delegate_prerouting -i local-node -j zone_local_node_prerouting
-A zone_client_postrouting -m comment --comment "user chain for postrouting" -j postrouting_client_rule

t/iptables-save/bug-120616.txt  view on Meta::CPAN 

-A zone_local_node_postrouting -m comment --comment "user chain for postrouting" -j postrouting_local_node_rule
-A zone_local_node_prerouting -m comment --comment "user chain for prerouting" -j prerouting_local_node_rule
-A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule
-A zone_wan_postrouting -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule
COMMIT
# Completed on Tue Mar 14 21:33:23 2017
# Generated by iptables-save v1.4.21 on Tue Mar 14 21:33:23 2017
*raw
:PREROUTING ACCEPT [23134630:3424434508]
:OUTPUT ACCEPT [1886876:535285827]
:delegate_notrack - [0:0]
:zone_client_notrack - [0:0]
:zone_local_node_notrack - [0:0]
-A PREROUTING -j delegate_notrack
-A delegate_notrack -i br-client -j zone_client_notrack
-A delegate_notrack -i local-node -j zone_local_node_notrack
-A zone_client_notrack -j CT --notrack
-A zone_local_node_notrack -j CT --notrack
COMMIT
# Completed on Tue Mar 14 21:33:23 2017
# Generated by iptables-save v1.4.21 on Tue Mar 14 21:33:23 2017
*mangle
:PREROUTING ACCEPT [23134630:3424434508]
:INPUT ACCEPT [21388488:3356230145]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1886876:535285827]
:POSTROUTING ACCEPT [1886876:535285827]
:fwmark - [0:0]
:mssfix - [0:0]
-A PREROUTING -j fwmark
-A FORWARD -j mssfix
-A mssfix -o br-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Tue Mar 14 21:33:23 2017
# Generated by iptables-save v1.4.21 on Tue Mar 14 21:33:23 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:delegate_forward - [0:0]
:delegate_input - [0:0]
:delegate_output - [0:0]
:forwarding_client_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_local_node_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_client_rule - [0:0]
:input_lan_rule - [0:0]

t/iptables-save/bug-120616.txt  view on Meta::CPAN 

:zone_local_node_forward - [0:0]
:zone_local_node_input - [0:0]
:zone_local_node_output - [0:0]
:zone_local_node_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -j delegate_input
-A FORWARD -j delegate_forward
-A OUTPUT -j delegate_output
-A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
-A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A delegate_forward -i br-wan -j zone_wan_forward
-A delegate_forward -i br-client -j zone_client_forward
-A delegate_forward -i local-node -j zone_local_node_forward
-A delegate_forward -j reject
-A delegate_input -i lo -j ACCEPT
-A delegate_input -m comment --comment "user chain for input" -j input_rule
-A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood

t/iptables-save/github-issue-1.txt  view on Meta::CPAN 

*filter
:INPUT ACCEPT [0:0]
-A INPUT -i em1 -p icmp -m icmp --icmp-type 3/1 -m comment --comment "ICMP host unreachable" -j ACCEPT
-A INPUT -i em1 -p icmp -m icmp --icmp-type 3/4 -m comment --comment "ICMP frag needed but not set" -j ACCEPT
-A INPUT -i em1 -p icmp -m icmp --icmp-type 11/0 -m comment --comment "ICMP TTL exceded" -j ACCEPT
-A INPUT -i em1 -p icmp -m icmp --icmp-type 11/1 -m comment --comment "ICMP frag reassembly time exceeded" -j ACCEPT

t/iptables-save/github-issue-4.txt  view on Meta::CPAN 

*filter
:OUTPUT ACCEPT [0:0]
-A output_fs -p tcp -m owner --uid-owner 5010 -m tcp -m multiport --dports 5555,10520,10530,13001,13062,13141:13150,13231,13211 -j ACCEPT

t/iptables-save/iptables-extension-owner.txt  view on Meta::CPAN 

# Generated by iptables-save v1.4.21 on Tue Mar 14 21:33:23 2017
*filter
:OUTPUT ACCEPT [0:0]
-A OUTPUT -m owner --gid-owner 123 --suppl-groups -j ACCEPT
-A OUTPUT -m owner --uid-owner 456 -j ACCEPT
-A OUTPUT -m owner --socket-exists -j ACCEPT

t/iptables-save/maiki.txt  view on Meta::CPAN 

# Generated by ferm 2.0.6 on Sat Jun 30 08:56:40 2012
*nat
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
COMMIT
*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
:filter_from_eth2 - [0:0]
-A INPUT -j ULOG --ulog-prefix "[INPUT Dr:Ukn Iface] "
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10989:11989 -j LOG_IN_SRV_ACCEPT_APPLI
-A OUTPUT -p tcp -m state --state NEW -m tcp --sport 989 -j LOG_OUT_SRV_ACCEPT_APPLI
COMMIT

t/iptables-save/test.txt  view on Meta::CPAN 

# Generated by ferm 2.0.6 on Sat Jun 30 08:56:40 2012
*nat
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
-A POSTROUTING --in-interface eth0 --jump MASQUERADE
-A POSTROUTING --in-interface eth1 --destination 192.168.1.0/24 --jump SNAT --to-source 192.168.2.0/24
-A PREROUTING --in-interface eth1 --destination 192.168.2.0/24 --jump DNAT --to-destination 192.168.1.0/24
COMMIT
*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
:filter_from_eth2 - [0:0]
-A FORWARD --in-interface eth2 --jump filter_from_eth2
-A FORWARD --protocol tcp --in-interface eth0 --dport 25 --jump ACCEPT
-A FORWARD --protocol tcp --jump LOG
-A FORWARD --protocol udp --dport 123 --jump ACCEPT
-A FORWARD --protocol udp --jump LOG
-A FORWARD --jump LOG
-A filter_from_eth2 --jump LOG
COMMIT

t/iptables-save/unknown.txt  view on Meta::CPAN 

# Generated by ferm 2.0.6 on Sat Jun 30 08:56:40 2012
*nat
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
COMMIT
*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD --unknown-opt arg --jump LOG
COMMIT

t/maiki.t  view on Meta::CPAN 

use Test::More;
use App::Iptables2Dot;

my ($i2d,$dg);

$i2d = new App::Iptables2Dot();

$i2d->read_iptables_file('t/iptables-save/maiki.txt');

$dg = $i2d->dot_graph( {showrules => 1, }, 'filter' );
like($dg, qr/INPUT:R0:e -> ULOG:name:w;$/ms, 'got ULOG target');
like($dg, qr/INPUT:R1:e -> LOG_IN_SRV_ACCEPT_APPLI:name:w;$/ms,
    'got LOG_IN_SRV target');
like($dg, qr/OUTPUT:R0:e -> LOG_OUT_SRV_ACCEPT_APPLI:name:w;$/ms,
    'got LOG_IN_SRV target');

done_testing();



( run in 0.435 second using v1.01-cache-2.11-cpan-64827b87656 )