https://github.com/bandie91/iptables-trace-utility
Automatically exported from code.google.com/p/iptables-trace-utility
https://github.com/bandie91/iptables-trace-utility
debug firewall iptables spa trace web-app
Last synced: about 1 month ago
JSON representation
Automatically exported from code.google.com/p/iptables-trace-utility
- Host: GitHub
- URL: https://github.com/bandie91/iptables-trace-utility
- Owner: bAndie91
- Created: 2015-03-13T07:59:30.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2025-01-21T06:30:53.000Z (5 months ago)
- Last Synced: 2025-04-19T12:44:28.742Z (about 2 months ago)
- Topics: debug, firewall, iptables, spa, trace, web-app
- Language: JavaScript
- Size: 32.2 KB
- Stars: 5
- Watchers: 1
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# iptables-trace-utility
## Requirements
* `modprobe ipt_LOG`
* `sysctl net.netfilter.nf_log.2 = ipt_LOG`
* sudoers rules:USER ALL=(root) NOPASSWD: /sbin/iptables-save ""
USER ALL=(root) NOPASSWD: /sbin/iptables -t raw -F *
USER ALL=(root) NOPASSWD: /sbin/iptables -t raw -A * -j TRACE
USER ALL=(root) NOPASSWD: /sbin/sysctl net.netfilter.nf_log.2=ipt_LOGWhere *USER* is unix user running **ajax.php** script (eg. www-data when using apache)
* backend component:
* webserver
* you need a php-enabled webserver to run ajax.php, or
* use php 5.4 embeded webserver by invoking this command in folder where you have unpacked files:
`sudo -u `*`USER`*` php -S localhost:8080 -t .`
* configure `$logfile` in **ajax.php** to point to file iptables is logging in (eg. /var/log/kern.log)
* you can setup rsyslog to separate iptables' log messages:```
:msg, regex, "^\[[ ]*[0-9]*\.[0-9]*\] Firewall: " -/var/log/iptables.log
& ~
:msg, regex, "^\[[ ]*[0-9]*\.[0-9]*\] TRACE: " -/var/log/iptables.log
& ~
```
* read access to `$logfile` for *USER* (eg. `chmod +r $logfile`)
* frontend component:
* point AJAXURL variable to the right URL in JS code
* jquery.js
* jquery-ui.js
* do not modify firewall while tracing## Usage
* Specity filter options in Filter box or leave empty to trace all packets.
* Pay attention to limit parameter, too high limit may lead to high load on target system!
* Press TRACE! to start tracing and Stop to finish it.
* The programm polls server every 1.5 sec for new trace results, you can press Refresh to poll them manually.
* Messages box: status and error messages from server
* Packet IDs will appear in Packets box during trace. Click on a packet ID to display steps in Trace box, whiches the packet has met in its way through the firewall.
* Firewall box: iptables-save output hilighting rules with which the selected packet has met.## Screenshot

# Similar projects
- https://github.com/commonism/iptables-trace
# Project issues, bugs, feature requests, ideas
1. clone the repo
2. use [git-bug](https://github.com/git-bug/git-bug) to open a new ticket in this repo
3. find one or more person in the commit history to make contact with, then either
4.a. send your newly created `git-bug` ticket (or patch if you already propose a code change) via email, or
4.b. send the URL of your git clone to a contributor (via email or other channel), and request them to pull (`git-bug` issues and/or branches as well) from you.