Previous page: CPU Graph - More Detail
Next page: iptfilter.cgi

Iptables GUI

I was keen to look under the hood of ipcop and see the nitty gritty of the iptables trafic and rules.   So I wrote the mod below to allow me to do it.   I have subsequently found an alternative package that provides the same. Get it at BAN Solms website. I retain my instructions below if you wish to do it that way!

Tested on 1.4.18

There are some great modifications for ipcop and smoothwall, but I couldn't see this one anywhere and it is a feature I wanted.   So I did it myself and offer it here for you to.

What I wanted was three pages where I could see the state of my firewall. This is done by displaying the output of 3 iptables list commands.   Here's a sample of the output:

gui

The aim of this mod is to provide three GUI (Graphical User Interface) pages that show the iptables nformation relating to the filter, nat and mangle tables. Because of the restrictions in running commands from the GUI this mod uses cron to generate the output each minute and these files are then displayed on the GUI once selected off the menu. A better (?) solution would be to find a way to generate them on the fly once selected)

  1. First of all create the three scripts and copy them to /home/httpd/cgi-bin (make sure they are
    executable with chmod 755).   These scripts: iptmangle.cgi, iptnat.cgi and iptfilter.cgi take care of displaying the information on the GUI. See (or get and use!)   the scripts here: my files
  2. Add a cron job to generate the information each minute.   Edit /var/spool/cron/root.orig and add:
    # Run iptables list commands
    * * * * * /sbin/iptables -L -v -n > /home/httpd/html/iptables/filter.txt
    * * * * * /sbin/iptables -t nat -L -v -n > /home/httpd/html/iptables/nat.txt
    * * * * * /sbin/iptables -t mangle -L -v -n > /home/httpd/html/iptables/mangle.txt
  3. Run the command: fcrontab -u root -z
  4. Add directory /home/httpd/html/iptables to store the files
  5. In your (or an appropriate) /var/ipcop/addon-lang/<file> add:
    'iptfilter' => 'Filter Table',
    'iptnat' => 'NAT Table',
    'iptmangle' => 'Mangle Table',
    and dont forget to initialise the changes with
    language
  6. Next we edit /var/ipcop/header.pl to allow us to see the results! Amend menu 5 section of genmenu to read as per the following:

    %{$menu{'5.firewall'}}=(
    'contents' => $Lang::tr{'firewall'},
    'uri' => '',
    'statusText' => "IPCop $Lang::tr{'firewall'}",
    'subMenu' => [[ $Lang::tr{'ssport forwarding'} , '/cgi-bin/portfw.cgi', "IPCop $Lang::tr{'port forwarding configuration'}" ],
    [ $Lang::tr{'external access'} , '/cgi-bin/xtaccess.cgi', "IPCop $Lang::tr{'external access configuration'}" ],
    [ $Lang::tr{'ssdmz pinholes'} , '/cgi-bin/dmzholes.cgi', "IPCop $Lang::tr{'dmz pinhole configuration'}" ],
    [ $Lang::tr{'blue access'} , '/cgi-bin/wireless.cgi', "IPCop $Lang::tr{'blue access'}" ],
    # EAK - >
    # Iptables GUI entries (note the closing ] from the line above has been removed).
    [ $Lang::tr{'iptfilter'} , '/cgi-bin/iptfilter.cgi', "IPCop $Lang::tr{'iptfilter'}" ],
    [ $Lang::tr{'iptnat'} , '/cgi-bin/iptnat.cgi', "IPCop $Lang::tr{'iptnat'}" ],
    [ $Lang::tr{'iptmangle'} , '/cgi-bin/iptmangle.cgi', "IPCop $Lang::tr{'iptmangle'}" ]]
    # < - EAK
    );

That's it