|
12 | 12 | iptables_packet_lines = [] |
13 | 13 | iptables_byte_lines = [] |
14 | 14 |
|
15 | | -for table in tables: |
16 | | - # Run iptables with the following options: |
17 | | - # -L: Listing all rules for chain |
18 | | - # -n: Numeric lookup |
19 | | - # -v: Verbose output |
20 | | - # -x: Exact values |
21 | | - # -t table: Specified table table |
22 | | - # --line-numbers: Show line numbers |
23 | | - cmd = ['/sbin/iptables', '-L', '-n', '-v', '-x', '-t', table, "--line-numbers"] |
24 | | - proc = subprocess.Popen(cmd, stdout=subprocess.PIPE) |
25 | | - for line in proc.stdout.readlines(): |
26 | | - line = line.decode('utf8') |
| 15 | +for ip_proto in ["iptables", "ip6tables"]: |
| 16 | + for table in tables: |
| 17 | + # Run iptables with the following options: |
| 18 | + # -L: Listing all rules for chain |
| 19 | + # -n: Numeric lookup |
| 20 | + # -v: Verbose output |
| 21 | + # -x: Exact values |
| 22 | + # -t table: Specified table table |
| 23 | + # --line-numbers: Show line numbers |
| 24 | + cmd = [f'/sbin/{ip_proto}', '-L', '-n', '-v', '-x', '-t', table, "--line-numbers"] |
| 25 | + proc = subprocess.Popen(cmd, stdout=subprocess.PIPE) |
| 26 | + for line in proc.stdout.readlines(): |
| 27 | + line = line.decode('utf8') |
27 | 28 |
|
28 | | - if re_blankline.match(str(line)): |
29 | | - continue |
| 29 | + if re_blankline.match(str(line)): |
| 30 | + continue |
30 | 31 |
|
31 | | - line_pieces = line.split() |
| 32 | + line_pieces = line.split() |
32 | 33 |
|
33 | | - # Check if line is the beginning of a chain |
34 | | - if re_chain.match(str(line_pieces[0])): |
35 | | - l_chain_name = line_pieces[1] |
36 | | - continue |
| 34 | + # Check if line is the beginning of a chain |
| 35 | + if re_chain.match(str(line_pieces[0])): |
| 36 | + l_chain_name = line_pieces[1] |
| 37 | + continue |
37 | 38 |
|
38 | | - # Check if the line is the header for the given chain |
39 | | - if re_header.match(str(line_pieces[0])): |
40 | | - continue |
| 39 | + # Check if the line is the header for the given chain |
| 40 | + if re_header.match(str(line_pieces[0])): |
| 41 | + continue |
41 | 42 |
|
42 | | - l_line_number = line_pieces[0] |
43 | | - l_packets = line_pieces[1] |
44 | | - l_bytes = line_pieces[2] |
45 | | - l_target = line_pieces[3] |
46 | | - l_prot = line_pieces[4] |
47 | | - l_in = line_pieces[6] |
48 | | - l_out = line_pieces[7] |
49 | | - l_src = line_pieces[8] |
50 | | - l_dest = line_pieces[9] |
51 | | - l_options = ' '.join(line_pieces[10:]).replace('"','\\"') |
| 43 | + l_line_number = line_pieces[0] |
| 44 | + l_packets = line_pieces[1] |
| 45 | + l_bytes = line_pieces[2] |
| 46 | + l_target = line_pieces[3] |
| 47 | + l_prot = line_pieces[4] |
| 48 | + l_in = line_pieces[6] |
| 49 | + l_out = line_pieces[7] |
| 50 | + l_src = line_pieces[8] |
| 51 | + l_dest = line_pieces[9] |
| 52 | + l_options = ' '.join(line_pieces[10:]).replace('"','\\"') |
52 | 53 |
|
53 | | - iptables_packet_lines.append('iptables_packets_total{table="%s",chain="%s",line_number=%s,target="%s",prot="%s",in="%s",out="%s",src="%s",dest="%s",opt="%s"} %s' % (table,l_chain_name,l_line_number,l_target,l_prot,l_in,l_out,l_src,l_dest,l_options,l_packets)) |
54 | | - iptables_byte_lines.append('iptables_bytes_total{table="%s",chain="%s",line_number=%s,target="%s",prot="%s",in="%s",out="%s",src="%s",dest="%s",opt="%s"} %s' % (table,l_chain_name,l_line_number,l_target,l_prot,l_in,l_out,l_src,l_dest,l_options,l_bytes)) |
| 54 | + # To the best of my knowledge, this can't be an fstring |
| 55 | + iptables_packet_lines.append('%s_packets_total{table="%s",chain="%s",line_number=%s,target="%s",prot="%s",in="%s",out="%s",src="%s",dest="%s",opt="%s"} %s' % (ip_proto,table,l_chain_name,l_line_number,l_target,l_prot,l_in,l_out,l_src,l_dest,l_options,l_packets)) |
| 56 | + iptables_byte_lines.append('%s_bytes_total{table="%s",chain="%s",line_number=%s,target="%s",prot="%s",in="%s",out="%s",src="%s",dest="%s",opt="%s"} %s' % (ip_proto,table,l_chain_name,l_line_number,l_target,l_prot,l_in,l_out,l_src,l_dest,l_options,l_bytes)) |
55 | 57 |
|
56 | | -print('# HELP iptables_packets_total packet counters for iptable rules.') |
57 | | -print('# TYPE iptables_packets_total counter') |
58 | | -for line in iptables_packet_lines: |
59 | | - print(line) |
| 58 | + print(f'# HELP {ip_proto}_packets_total packet counters for {ip_proto} rules.') |
| 59 | + print(f'# TYPE {ip_proto}_packets_total counter') |
| 60 | + for line in iptables_packet_lines: |
| 61 | + print(line) |
60 | 62 |
|
61 | | -print('# HELP iptables_bytes_total byte counters for iptable rules.') |
62 | | -print('# TYPE iptables_bytes_total counter') |
63 | | -for line in iptables_byte_lines: |
64 | | - print(line) |
| 63 | + print(f'# HELP {ip_proto}_bytes_total byte counters for {ip_proto} rules.') |
| 64 | + print(f'# TYPE {ip_proto}_bytes_total counter') |
| 65 | + for line in iptables_byte_lines: |
| 66 | + print(line) |
0 commit comments