Skip to content

Add iptables parsing script #259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TotallyMonica wants to merge 19 commits into
base: master
Choose a base branch
from
Open

Add iptables parsing script #259

TotallyMonica wants to merge 19 commits into from
+93 −0

Conversation

@TotallyMonica
Copy link

@TotallyMonica TotallyMonica commented Dec 14, 2025
edited
Loading

Summary

This PR creates a script that parses iptables and ip6tables rules, collecting the following metrics per rule:

  • Table
  • Chain
  • Rule's line number
  • Action (Labeled in iptables -L and ip6tables -L as target)
  • Protocol
  • Incoming interface
  • Outgoing interface
  • Source address
  • Destination address
  • Extra information
  • Rule hit statistics
    • Byte count (as iptables_bytes_total and ip6tables_bytes_total)
    • Packet count (as iptables_packets_total and ip6tables_bytes_total)

References

PR is largely based on prometheus/node_exporter#1264, implementing the feedback received by it. As such, no files are being written to or read from.

Notes

Due to how iptables is designed, iptables must be ran as uid 0, so this means one of the following:

  • /sbin/iptables must be setuid
  • iptables.py must be ran as root
  • /sbin/iptables must have the capabilities CAP_NET_ADMIN+ep

Testing done

  • Hosts
    • Ubuntu 24.04.3 Server with iptables v1.8.10
    • Debian 13.2 with iptables v1.8.11

@TotallyMonica
Mirror existing prototype
28fff38 
Based off of https://github.com/FelixDefrance/node_exporter commit 0e48c29, used in PR prometheus/node_exporter#1264

Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
Add comments to understand existing functionality
579ed49 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
Fix issues identified in prometheus/node_exporter#1264
20d699d 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
Resolve regex compilation error regarding invalid escape sequence
2ec62c3 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
Add line number support
32f9834 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
Rudimentary ipv6 support, use fstrings where possible
fcdfe20 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
Wrap in main function
cd209f8 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica TotallyMonica marked this pull request as ready for review December 14, 2025 17:53
@TotallyMonica
Remove redundant import
a28b913 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
Move print statement to outside of main function
eb227f4 
Should help with web server compatibility

Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
Adjust formatting so that help and type leads the contents
c02b29e 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
Fix line number labels not being quoted
a1a6cc5 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
lint: begin fixing E231, E111, and E501 violations
5e91152 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
lint: begin fixing E501 violations
31244f0 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
lint: fix W292 violation
b00ea47 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
lint: fix E302 and E305 violations
2c8d7b8 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
lint: fix E231 violation for options
977010a 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
Readd source label
e9853cb 
By extent, this fixes an F841 violation

Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
lint: fix E111 violation
a848a6a 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
@TotallyMonica
output now as expected after refactoring
a76bb14 
Signed-off-by: Monica Hanson <mhanson@monicarose.tech>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TotallyMonica