This is from Sean Covel:
--------------------------------------------------------------------------
parsefw is a C program to parse Shorewall (netfilter) logfiles and display
them in a pretty format similar to the old ipchains format. Some text is
added about certain well-known destination ports, and they are linked to a
FIREWALL FAQ website for further explaination.
The original parsefw.c was written by jml@redwoodtech.com. I can''t
seem
to contact him about his original app.
I did an almost complete rewrite of it for newer Shorewall (netfilter)
logs.
The app uses the standard stdin/stdout mechanism. This makes it simple to
use in a cgi-bin situation.
I (re)wrote the application with the Bering/LEAF (leaf.sourceforge.net)
firewall in mind, and I have included the scripts needed to incorporate
parsefw into the Bering Weblet application. (weblet.lrp) I also had
newbies in mind, so I included text descriptions next to most of the
currently exploited ports, and it created HTML links to the "Firewall
Forensics" "Firewall FAQ" destination port section.
(www.robertgraham.com/pubs/firewall-seen.html)
The parser looks for lines having the text Shorewall in it, so it is
possible to run this against a general syslog style logfile, or a
Shorewall specific logfile. I''m using ulogd to make my life easier,
but
you may not have that available to you.
I feel no strong attachment to the code/scripts/README, so feel free to
use/reuse whatever you like.
BTW, I used the excellent Anjuta [DevStudio] IDE to do my C/C++
development under Linux. I''m normally a windows guy (by trade, not
choice) but Anjuta made me feel right at home! (http://anjuta.org/)
--------------------------------------------------------------------------
The original author of this code was John Lord who also wrote the original
Webmin Shorewall module.
You can find Sean''s code at your favorite mirror in the
shorewall/parsefw
directory.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net
