#!/bin/sh . /usr/lib/libmodcgi.sh sec_begin 'iptables add/remove rule' cat << EOF

Add Insert

Chain
Position (ID) (only for Insert!)

Source Address Port

Destination Address Port

Protocol
Input-Interface
Output-Interface

NAT

Action

EOF sec_end sec_begin 'iptables rules' iptables -vL --line-numbers >/var/tmp/test iptables -t nat -vL --line-numbers >>/var/tmp/test # Check if table can be listed lsmod | grep "iptable_filter" > /dev/null if [ $? -eq 1 ]; then echo "
NOTE: iptables is not running!" else sed -e "s/\*/x/g" /var/tmp/test > /var/tmp/iptables_tmp rm /var/tmp/test i=0 while read IPTABLES_LINE do if [[ $(echo ${IPTABLES_LINE} | grep -c "Chain") = 1 ]]; then # not first dataset, so close table CHAIN=$(echo ${IPTABLES_LINE} | grep "Chain" | sed -e "s/Chain //g" | sed -e "s/ .*//g") if (( i > 0 )); then echo "" fi echo "" echo "" echo "" echo "" echo "" echo "" echo "" echo "" echo "" echo "" echo "" echo "" echo "" echo "" echo "
" i=i+1 else echo ${IPTABLES_LINE} | grep "^[1-9]" > /dev/null if [ $? = 0 ]; then echo "" echo "" echo "" echo "" echo "" if [ ! $(echo ${IPTABLES_LINE} | awk '{print $12}') ]; then echo "" else PORT=$(echo ${IPTABLES_LINE} | awk '{print $12}' | sed -e "s/.*://g") SERVICE=$(cat /tmp/flash/iptables_services | grep :$PORT$ | sed -e "s/:.*//g") [ -z "$SERVICE" ] && SERVICE="$PORT" echo "" fi if [ ! $(echo ${IPTABLES_LINE} | awk '{print $13}') ]; then echo "" else echo ${IPTABLES_LINE} | awk '{print $13}' | grep '^to:' > /dev/null if [ $? -eq 1 ]; then PORT=$(echo ${IPTABLES_LINE} | awk '{print $13}' | sed -e "s/.*://g") SERVICE=$(cat /tmp/flash/iptables_services | grep :$PORT$ | sed -e "s/:.*//g") [ -z "$SERVICE" ] && SERVICE="$PORT" echo "" else echo "" fi fi IMAGE=$(echo ${IPTABLES_LINE} | awk '{print $4}') echo "" echo "" echo "" echo "" echo "" fi fi done < /var/tmp/iptables_tmp echo "

ID	Source	Destination	Protocol	Service	Service	Action	in	out	Configure
${IPTABLES_LINE}
$(echo ${IPTABLES_LINE} \| awk '{print $1}')	$(echo ${IPTABLES_LINE} \| awk '{print $9}')	$(echo ${IPTABLES_LINE} \| awk '{print $10}')	$(echo ${IPTABLES_LINE} \| awk '{print $5}')	ANY	$(echo ${IPTABLES_LINE} \| awk '{print $12}' \| sed -e "s/:.*//g"):$SERVICE	ANY	$(echo ${IPTABLES_LINE} \| awk '{print $13}' \| sed -e "s/:.*//g"):$SERVICE	$(echo ${IPTABLES_LINE} \| awk '{print $13}')		$(echo ${IPTABLES_LINE} \| awk '{print $7}')	$(echo ${IPTABLES_LINE} \| awk '{print $8}')	remove

" rm /var/tmp/iptables_tmp fi sec_end

Chain
Position (ID)	(only for Insert!)
Source Address		Port
Destination Address		Port
Protocol
Input-Interface
Output-Interface
NAT