NAME

App::Iptables2Dot - turn iptables-save output into graphs for GraphViz

VERSION

This document describes App::Iptables2Dot version v0.3.3

SYNOPSIS

    use App::Iptables2Dot;

    App::IpTables2Dot::add_optdef('unknown-opt=s');

    my $i2d = new App::Iptables2Dot()
    
    $i2d->read_iptables(\*STDIN);
    $i2d->read_iptables_file($fname);

    print $i2d->dot_graph( {showrules => 1} , @tables);

DESCRIPTION

INTERFACE

new()

Create a new App::Iptables2Dot object.

dot_graph( $opt, @tables )

Returns a description suitable for the dot program of the iptables rules from the given tables according to the options given in $opt.

Arguments:

$opt

A hash reference with the following options:

edgelabel => 0,

With a true value edges may be labeled with the interface that determines the matching rule for the jump.

omittargets => '',

The given targets will be suppressed in the dot graph. This only works together with option showrules.

Multiple targets are separated with comma (,). For instance:

 { omittargets => 'SNAT,DNAT',
   showrules   => 1,
 }

showrules => 0,

With a true value all rules of a chain will be added to the node representing that chain.

showunusednodes => 0,

Usually chains with no jumps to other chains or targets will not be shown. With a true value these chains show up in the graph.

use-numbered-nodes => 0

With a true value the nodes in the dot file will be named node0 .. noden and provided with a label showing their name from iptables-save output.

This option can help if the filter rules contain chains with a dash (-) in their name, which is not allowed as input for dot.

@tables

An array containing the table names we are interested in. Namely filter, mangle, nat and raw.

read_iptables( $input )

Reads the output from iptables-save from the given input stream.

read_iptables_file( $fname )

Reads the saved output from iptables-save from the file with name $fname.

App::Iptables2Dot::add_optdef( $optdef )

This function is not bound to an App::Iptables2Dot object.

You usually want to use this to extend the rule parser with the given option definition if you find that the iptables-save output you analyze uses an option that the rule parser didn't know.

DIAGNOSTICS

can't open file '%s' to read iptables-save output

Method read_iptables_file will die with this message if it could not open the file given with $fname.

unknown argument in rule: %s

The rule parser will die with this message showing the rule for iptables-save that contained an unknown parameter.

Since the rules are parsed by GetOptionsFromString() from module Getopt::Long, you may workaround this by adding the unknown option to the array @optdefs at the top of Apt/Iptables2Dot.pm. After that please file a bug at https://rt.cpan.org/ or send me a notice at mamawe@cpan.org to have it fixed in one of the next releases of this distribution.

Alternatively you may want to use App::Iptables2Dot::add_optdef() like this

 App::Iptables2Dot::add_optdef('unknown-opt=s');

if the rule parser dies with message unknown argument in rule: --unknown-opt arg ... and you don't want to touch the library file Apt/Iptables2Dot.pm.

unrecognized line: %s

The function that read in the output from iptables-save found a line that it could not interpret and died in grief and despair. If you think the line ist valid output from iptables-save, please file a bug at https://rt.cpan.org/ or send me a notice at mamawe@cpan.org.

CONFIGURATION AND ENVIRONMENT

App::Iptables2Dot requires no configuration files or environment variables.

DEPENDENCIES

Getopt::Long
Pod::Usage

INCOMPATIBILITIES

None reported.

BUGS AND LIMITATIONS

No bugs have been reported.

Please report any bugs or feature requests to bug-app-iptables2dot@rt.cpan.org, or through the web interface at http://rt.cpan.org.

AUTHOR

Mathias Weidner <mamawe@cpan.org>

LICENCE AND COPYRIGHT

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic.

DISCLAIMER OF WARRANTY

BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

To install App::Iptables2Dot, copy and paste the appropriate command in to your terminal.

cpanm

cpanm App::Iptables2Dot

CPAN shell

perl -MCPAN -e shell
install App::Iptables2Dot

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)