This is from Sean Covel: -------------------------------------------------------------------------- parsefw is a C program to parse Shorewall (netfilter) logfiles and display them in a pretty format similar to the old ipchains format. Some text is added about certain well-known destination ports, and they are linked to a FIREWALL FAQ website for further explaination. The original parsefw.c was written by jml@redwoodtech.com. I can''t seem to contact him about his original app. I did an almost complete rewrite of it for newer Shorewall (netfilter) logs. The app uses the standard stdin/stdout mechanism. This makes it simple to use in a cgi-bin situation. I (re)wrote the application with the Bering/LEAF (leaf.sourceforge.net) firewall in mind, and I have included the scripts needed to incorporate parsefw into the Bering Weblet application. (weblet.lrp) I also had newbies in mind, so I included text descriptions next to most of the currently exploited ports, and it created HTML links to the "Firewall Forensics" "Firewall FAQ" destination port section. (www.robertgraham.com/pubs/firewall-seen.html) The parser looks for lines having the text Shorewall in it, so it is possible to run this against a general syslog style logfile, or a Shorewall specific logfile. I''m using ulogd to make my life easier, but you may not have that available to you. I feel no strong attachment to the code/scripts/README, so feel free to use/reuse whatever you like. BTW, I used the excellent Anjuta [DevStudio] IDE to do my C/C++ development under Linux. I''m normally a windows guy (by trade, not choice) but Anjuta made me feel right at home! (http://anjuta.org/) -------------------------------------------------------------------------- The original author of this code was John Lord who also wrote the original Webmin Shorewall module. You can find Sean''s code at your favorite mirror in the shorewall/parsefw directory. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net