* bugfix: Make sure outputfiles are removed beforehand to prevent permission errors writing to them. * Add optional parameter "-x" to have iptables report exact numbers * Add optional parameter "-f <output_filename>" to save iptables filters table output to an alternate filename * Add optional parameter "-n <output_filename>" to save iptables nat table output to an alternate filename * Add optional parameter "-m <output_filename>" to save iptables mangle table output to an alternate filename
Signed-off-by: Robin Roevens robin.roevens@disroot.org --- src/misc-progs/getipstat.c | 74 +++++++++++++++++++++++++++++++++++--- 1 file changed, 69 insertions(+), 5 deletions(-)
diff --git a/src/misc-progs/getipstat.c b/src/misc-progs/getipstat.c index c806d54a9..57ad81d46 100644 --- a/src/misc-progs/getipstat.c +++ b/src/misc-progs/getipstat.c @@ -2,6 +2,15 @@ * * Get the list from IPTABLES -L * + * Optional commandline parameters: + * -x + * instruct iptables to expand numbers + * -f <filter_rules_output_filename> + * output filter table to alternative filename in /var/tmp/ + * -n <nat_rules_output_filename> + * output nat table to alternative filename in /var/tmp/ + * -m <mangle_rules_output_filename> + * output mangle table to alternative filename in /var/tmp/ */
#include <stdio.h> @@ -12,16 +21,71 @@ #include <fcntl.h> #include "setuid.h"
+int cmdOutputToFile(char *cmd, char *filename) { + FILE *file; + char command[STRING_SIZE];
-int main(void) + // remove file if it already exist to prevent permission denied errors + // if we have no explicit write permission on it. + if ((file = fopen(filename, "r"))) { + fclose(file); + if (remove(filename) != 0) { + fprintf(stderr, "\n%s could not be overwritten.\n", filename); + return 1; + } + } + + // Execute command and redirect output to file + snprintf(command, STRING_SIZE - 1, "%s > %s", cmd, filename); + return safe_system(command); +} + +int main(int argc, char** argv) { + // Set defaults + char params[STRING_SIZE] = "-L -v -n"; + char out_file_filter[STRING_SIZE] = "/var/tmp/iptables.txt"; + char out_file_nat[STRING_SIZE] = "/var/tmp/iptablesnat.txt"; + char out_file_mangle[STRING_SIZE] = "/var/tmp/iptablesmangle.txt"; + + int opt; + char command[STRING_SIZE]; + if (!(initsetuid())) exit(1);
- safe_system("/sbin/iptables -L -v -n > /var/tmp/iptables.txt"); - safe_system("/sbin/iptables -L -v -n -t nat > /var/tmp/iptablesnat.txt"); - safe_system("/sbin/iptables -t mangle -L -v -n > /var/tmp/iptablesmangle.txt"); - safe_system("chown nobody.nobody /var/tmp/iptables.txt /var/tmp/iptablesnat.txt /var/tmp/iptablesmangle.txt"); + // Parse command line params + if (argc > 1) { + while ((opt = getopt(argc, argv, "xf:n:m:")) != -1) { + switch(opt) { + case 'x': + strcat(params, " -x"); + break; + case 'f': + snprintf(out_file_filter, STRING_SIZE - 1, "/var/tmp/%s", optarg); + break; + case 'n': + snprintf(out_file_nat, STRING_SIZE - 1, "/var/tmp/%s", optarg); + break; + case 'm': + snprintf(out_file_mangle, STRING_SIZE - 1, "/var/tmp/%s", optarg); + break; + default: + fprintf(stderr, "\nBad argument given.\n\ngetipstat [-x][-f <filter_rules_output_filename>][-n <nat_rules_output_filename>][-m <mangle_rules_output_filename>]\n"); + exit(1); + } + } + } + + // Generate ipstat files + snprintf(command, STRING_SIZE - 1, "/sbin/iptables %s", params); + cmdOutputToFile(command, out_file_filter); + snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t nat %s", params); + cmdOutputToFile(command, out_file_nat); + snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t mangle %s", params); + cmdOutputToFile(command, out_file_mangle); + snprintf(command, STRING_SIZE - 1, "chown nobody.nobody %s %s %s", out_file_filter, out_file_nat, out_file_mangle); + safe_system(command); return 0; }