From 326d9f4a7a1685d04d1f6b5fb3402bca2d23d4df Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Mon, 19 May 2025 13:09:24 -0700 Subject: Partially modernize iptables/nftables/5.10 procfs situation --- debian/control | 2 +- etc/cron.d/iptables-rrdtool | 1 + sbin/iptables-rrdtool | 4 +++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index c1ba8fa..7b896d8 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,7 @@ Standards-version: 3.9.1 Package: iptables-rrdtool Architecture: all Depends: ${misc:Depends}, bash (>= 4.0), rrdtool, moreutils, base-files (>= 6.2) | initscripts (>= 2.88dsf-13.3) -Recommends: cron +Recommends: cron, nftables, iptables Description: Cronjob to generate RRD files from all iptables rule counters Creates RRDs for every iptables rule every five munutes and optionally graphs them. diff --git a/etc/cron.d/iptables-rrdtool b/etc/cron.d/iptables-rrdtool index 49517a5..c0463ce 100644 --- a/etc/cron.d/iptables-rrdtool +++ b/etc/cron.d/iptables-rrdtool @@ -1,2 +1,3 @@ # generate and update RRDs from iptables rule counters every five minutes +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin */5 * * * * root /usr/bin/chronic /usr/sbin/iptables-rrdtool diff --git a/sbin/iptables-rrdtool b/sbin/iptables-rrdtool index 97dada3..95aaebc 100755 --- a/sbin/iptables-rrdtool +++ b/sbin/iptables-rrdtool @@ -42,7 +42,9 @@ update () { fi } -for table in $(cat /proc/net/ip_tables_names); do +# ~5.10 this procfs interface got removed. +#for table in $(cat /proc/net/ip_tables_names); do +for table in $( /usr/sbin/nft list tables | grep ' ip ' | cut -f 3 -d ' ' ); do for rule in $(/sbin/iptables-save -c -t ${table}); do # iptables-save has inconsistent output for no sane reason; we grab rematch # strings both before and after the counters, then hamfistedly combine them -- cgit v1.2.3