iptabels规则生成工具

功能简述

iptables开启日志记录后，会让数据包记录到/var/log/messages，本次通过python脚本将数据包日志分析，生成iptables规则。

准备工作

必须要开启iptabels日志功能，并将/var/log/messages日志保存为log.txt

iptables  -A INPUT -j LOG  --log-prefix="iptables-in"
iptables  -A OUTPUT -j LOG  --log-prefix="iptables-out"

脚本

#!/usr/bin/env python

commant_list = []
with open("log.txt","r") as f:
    l = f.readlines()
    for i in l:
        a = (i.split(" "))  # 分割成列表
        if len(a) > 18:     # 提高准确度
            for _ in a:     # 每个字段判断是否为关键字
                if "iptables-out" in _:TODO = "OUTPUT"
                if "iptables-in" in _:TODO = "INPUT"
                if "SRC" in _:SRC = _.split('=')[1]
                if "DST" in _:DST = _.split('=')[1]
                if "PROTO" in _:PROTO = _.split('=')[1]
                if "SPT" in _:SPT = _.split('=')[1]
                if "DPT" in _:DPT = _.split('=')[1]
            commant = "iptables -I %s -s %s -d %s -p %s --sport %s --dport %s -j ACCEPT" %(TODO,SRC,DST,PROTO,SPT,DPT)
            if commant not in commant_list:    #去重复
                commant_list.append(commant)
commant_list.sort()
for n in commant_list:
    print(n)

result

# › python script.py
iptables -I INPUT -s 192.168.1.1 -d 192.168.0.3 -p TCP --sport 8709 --dport 58823 -j ACCEPT
iptables -I OUTPUT -s 192.168.1.1 -d 192.168.0.3 -p TCP --sport 40098 --dport 8701 -j ACCEPT
iptables -I OUTPUT -s 192.168.1.1 -d 192.168.0.3 -p TCP --sport 40102 --dport 8701 -j ACCEPT
iptables -I OUTPUT -s 1192.168.1.1-d 192.168.0.3 -p TCP --sport 40106 --dport 8701 -j ACCEPT
iptables -I OUTPUT -s 192.168.1.1 -d 192.168..0.3 -p TCP --sport 40240 --dport 4005 -j ACCEPT
iptables -I OUTPUT -s 192.168.1.1 -d 192.168..0.3 -p TCP --sport 40664 --dport 8701 -j ACCEPT