Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # $Id: iptables-trace,v 1.6 2003/03/27 00:51:38 apc Exp $
- # Author: Tony Clayton <tony-netfilter@enfusion-group.com>
- # You may use and edit this code freely. If you make changes to
- # it that are generally useful, please email them to me and/or
- # post them on the netfilter mailing list.
- LOGPREFIX='${table:0:1}:${chain:0:14}:$rulenum:${target:0:14}'
- log_entry() {
- local action=$1
- local table=$3 chain=$5
- shift 5
- if [ "$last_chain" != "$chain" ]; then
- rulenum=1
- fi
- case $action in
- (skip) ;;
- (add)
- local rulespec
- while [ "$1" != "-j" ]; do
- rulespec="$rulespec $1"
- shift;
- done
- shift;
- target=$*
- eval prefix="${LOGPREFIX}"
- iptables -t $table -I $chain $rulenum $rulespec -j LOG \
- --log-level debug --log-prefix "*${prefix:0:27}:"
- let rulenum=$rulenum+1
- ;;
- (delete)
- iptables -t $table -D $chain $rulenum
- let rulenum=$rulenum-1
- ;;
- esac
- last_chain=$chain
- }
- start() {
- for table in $(cat /proc/net/ip_tables_names); do
- rulenum=1
- iptables-save -t $table | grep '^-' | \
- while read cmd; do
- log_entry add -t $table $cmd
- let rulenum=$rulenum+1
- done
- done
- }
- stop() {
- for table in $(cat /proc/net/ip_tables_names); do
- iptables-save -t $table | grep '^-' | \
- while read cmd; do
- echo $cmd | grep -q -e '--log-prefix "*'
- if [ $? -eq 0 ]; then
- log_entry delete -t $table $cmd
- else
- log_entry skip -t $table $cmd
- fi
- let rulenum=$rulenum+1
- done
- done
- }
- case "$1" in
- start) start
- ;;
- stop) stop
- ;;
- *) echo $"Usage: $0 {start|stop}"
- exit 1
- esac
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
