Dieses kleine Script zeigt den Unterschied zwischen einer abgespeicherten Version von iptables-save
und den aktuellen Regeln an:
Code: Alles auswählen
#!/bin/bash
# iptables-diff
#
# compare saved iptables file with current active ipv4 rules
#
# Usage: iptables-diff [file-with-iptables-save-output]
#
readonly IPT_SAVE=/sbin/iptables-save
readonly IPT_FILE=/etc/iptables/rules.v4
export IPT_SAVE IPT_FILE
decomment() { grep -vE "^[[:space:]]*#" ; }
zero_counters() { sed -r -e 's/\[[0-9]+:[0-9]+\]/[0:0]/g' ; }
filter_f2b() { grep -vE "(f2b|fail2ban)" ; }
filter() { decomment | zero_counters | filter_f2b ; }
get_clean_iptables_dump() { $IPT_SAVE | filter ; }
get_clean_ipt_dump_from_file() { [ -f "$1" ] && filter <"$1" ; }
diff -Nru <(get_clean_ipt_dump_from_file "${1:-$IPT_FILE}") <(get_clean_iptables_dump)