picoIRV

picoIRV - Tested on Debian and SuSE Linux

linux-logo

FEATURES
picoIRV is a small (as the prefix 'pico' implies) tool, allowing to view the rules you have set for the firewall based on iptables (IRV=IptablesRulesViewer).
Basically, it converts the output of the command iptables -L -v into an easier to read web-page.
If you have installed the picoFIREWALL, it creates an additional webpage containing information of your configuration files.

EXAMPLE
The output of the command iptables -L -v looks as follows (only a part of the output is given): 

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
15046  786K ACCEPT     all  --  lo     any     anywhere             anywhere
    0     0 ACCEPT     all  --  vmnet8 any     anywhere             anywhere
57191   10M ACCEPT     all  --  eth0   any     anywhere             anywhere           state RELATED,ESTABLISHED
    0     0 DROP       udp  --  eth0   any     anywhere             anywhere           udp dpt:6970 state INVALID,NEW,RELATED,ESTABLISHED
    0     0 DROP       tcp  --  eth0   any     anywhere             anywhere           tcp dpt:4662 state INVALID,NEW,RELATED,ESTABLISHED
    0     0 LOG        all  --  eth0   any     129.132.40.56        anywhere           state NEW limit: avg 1/day burst 1 LOG level warning tcp-options ip-options prefix `P-Fw-DROP-noise_log-in: '
    0     0 DROP       all  --  eth0   any     129.132.40.56        anywhere           state NEW
    0     0 DROP       all  --  eth0   any     129.132.40.56        anywhere           state RELATED,ESTABLISHED
    0     0 LOG        all  --  eth0   any     vpn-1-outside.ethz.ch  anywhere           state NEW limit: avg 1/day burst 1 LOG level warning tcp-options ip-options prefix `P-Fw-ACCEPT-open_log-in: '
    0     0 ACCEPT     all  --  eth0   any     vpn-1-outside.ethz.ch  anywhere           state NEW
    0     0 ACCEPT     all  --  eth0   any     vpn-1-outside.ethz.ch  anywhere           state RELATED,ESTABLISHED
-----------> This output is translated by picoIRV into the following format: 
Host: kavo - picoirv Version: V0.4 

Last Update: Mar 27 01:00:47 2004


List all rules of all chains - Output of the command:        iptables -L -v 


picoIRV stands for pico-Iptables-Rules-Viewer - view the rules and verify critical entries

Rules in the INPUT chain, accepting packets from anywhere or to anywhere
with no state or state=NEW should be verified


Rules in the INPUT chain, accepting packets from anywhere to anywhere
with no state or state=NEW should be carefully verified

-------------------

Chain INPUT  (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

14292  747K ACCEPT     all  --  lo     any     anywhere             anywhere


    0     0 ACCEPT     all  --  vmnet8 any     anywhere             anywhere

54961 9739K ACCEPT     all  --  eth0   any     anywhere             anywhere           state RELATED,ESTABLISHED
    0     0 DROP       udp  --  eth0   any     anywhere             anywhere           udp dpt:6970 state INVALID,NEW,RELATED,ESTABLISHED
    0     0 DROP       tcp  --  eth0   any     anywhere             anywhere           tcp dpt:4662 state INVALID,NEW,RELATED,ESTABLISHED
    0     0 LOG        all  --  eth0   any     129.132.40.56        anywhere           state NEW limit: avg 1/day burst 1 LOG level warning tcp-options ip-options prefix `P-Fw-DROP-noise_log-in: '
    0     0 DROP       all  --  eth0   any     129.132.40.56        anywhere           state NEW
    0     0 DROP       all  --  eth0   any     129.132.40.56        anywhere           state RELATED,ESTABLISHED
    0     0 LOG        all  --  eth0   any     vpn-1-outside.ethz.ch  anywhere           state NEW limit: avg 1/day burst 1 LOG level warning tcp-options ip-options prefix `P-Fw-ACCEPT-open_log-in: '

    0     0 ACCEPT     all  --  eth0   any     vpn-1-outside.ethz.ch  anywhere           state NEW

    0     0 ACCEPT     all  --  eth0   any     vpn-1-outside.ethz.ch  anywhere           state RELATED,ESTABLISHED
As shown above, the HTML-output is much better readable and helps to identify 'weak' or possibly dangerous definitions using iptables (such as leaving a port open for any host). picoIRV produces this output in the file picoirv.html.

Users having picoFIREWALL installed, also get an additional file picofirewall_config.html, where the essential part of picoFIREWALL's configuration files are nicely displayed. However, picoIRV also works, if you use any other firewall based on iptables.

PART OF THE CHANGELOG

V0.4   25Mar2004 If picofirewall is installed, create a file
       picofirewall_config.html with the configuration in /etc/picofirewall
V0.3   22Mar2004 Modified to run also on Debian
V0.2   21Mar2004 Added some comments about picoIRV on the resulting webpage
V0.1   20Mar2004 First version if picoirv - tested under Linux SuSE 9.0

DOWNLOAD
Download and save picoirv.tar.gz to your computer.

INSTALLATION
Go to your directory, below which picoIRV should be installed (e.g. /app ) and enter the following:
You have to enter the commands (as root, in order to be able to run iptables):

su -
(enter root-password)
gunzip picoirv.tar.gz
tar xvf picoirv.tar
cd picoirv
./install
(enter the command appearing on the screen - varies between SuSE and Debian)

The program will then be run every full hour as cron-job.

And: let me know, if you like the program (and also, if you do not like it...).

Last Update: 01Aug2004 uk --- Created: 26Mar2004 uk