diff options
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/iptables-rrdtool | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/sbin/iptables-rrdtool b/sbin/iptables-rrdtool new file mode 100644 index 0000000..b45fe59 --- /dev/null +++ b/sbin/iptables-rrdtool @@ -0,0 +1,51 @@ +#!/bin/bash +# requires bash 4.0+ regexes, substring manipulation + +# make sure we're running flocked against the PID file +if ! grep -q /usr/bin/lckdo /proc/$PPID/cmdline; then + exec /usr/bin/lckdo /run/iptables-rrdtool.pid "$0" "$@"; +fi + +[ -s /etc/default/iptables-rrdtool ] && . /etc/default/iptables-rrdtool +RRDDIR="${RRDDIR:-/var/lib/iptables-rrdtools}" +PNGDIR="${PNGDIR:-$RRDDIR}" + +set -e +#set -x + +# "Internal Field Separator" for composing arguments from command substitution, among other things +IFS=$'\n' + +for table in $(cat /proc/net/ip_tables_names); do + for rule in $(/sbin/iptables-save -c -t ${table}); do +# iptables-save has inconsistent output for no sane reason; we grab rematch +# strings both before and after the counters, then hamfistedly combine them +# under the generally safe assumption that one is blank + if [[ "${rule}" =~ ^(.*)\[[0-9]+:([0-9]+)\](.*)$ ]]; then + name="${BASH_REMATCH[1]}${BASH_REMATCH[3]}" + name="${name//\/32/}" # remove extraneous POSIX-unsafe '/32' string + name="${name//\//slash}" # replace all other instances of POSIX-unsafe '/' + name="${name/#:/ -P }" # normalize iptables-save's dumb policy rule output + name="${name//:/colon}" # remove colon because rrdtool can't deal with POSIX filenames + name="${name% }" # remove trailing whitespace + name="iptables -t ${table}${name}" + counter="${BASH_REMATCH[2]}" + + if ! [ -s "${RRDDIR}/${name}.rrd" ]; then + rrdtool create "${RRDDIR}/${name}.rrd" \ + DS:rule:DERIVE:600:0:U \ + RRA:AVERAGE:0.5:1:576 \ + RRA:AVERAGE:0.5:6:720 \ + RRA:AVERAGE:0.5:24:720 \ + RRA:AVERAGE:0.5:288:730 + fi + + rrdtool update "${RRDDIR}/${name}.rrd" "N:${counter}" + + if [ "${GENPNG}" = "1" ]; then + rrdtool graph "${PNGDIR}/${name}.png" --start -2d DEF:rule="${RRDDIR}/${name}.rrd":rule:AVERAGE LINE1:rule#0080ff:rule + fi + fi + done +done + |