#!/usr/bin/perl -w # nf_conntrack.pl - a simple web interface to the /proc/net/nf_conntrack system file # released under GPL by paul mansfield # # wack this in your firewall/router's web server cgi-bin directory and make it executable. # # add this to your /etc/sudoers file: # wwwrun ALL= NOPASSWD: /bin/cat /proc/net/nf_conntrack # wwwrun might need to be changed to nobody, httpd or whatever the username your # web server runs as use strict; use CGI; use FileHandle; my $TIMEOUT = 30; my $NFC='/proc/net/nf_conntrack'; my %tcpColours = ( 'CLOSE' => '#d0d0d0' , 'TIME_WAIT' => '#b0b0df' , 'ESTABLISHED' => '#d0d0ff' , 'SYN_SENT' => '#e0e0ef' ); # minimise delays writing to the browser $| = 1; STDERR->autoflush; # already unbuffered in stdio print "Content-type: text/html\n\nnf_conntrack\n\n\n\n"; my $cgiQuery = new CGI; my $filterString = ''; $filterString = $cgiQuery->param('filterString') if (defined $cgiQuery->param('filterString')); print "
\n\tFilter: \n
\n"; if (open(H, "/usr/bin/sudo cat $NFC|")) { print "\n\n\n\n"; # ipv4 2 udp 17 88 src=127.0.0.1 dst=127.0.0.1 sport=40157 dport=123 packets=6 bytes=240 src=127.0.0.1 dst=127.0.0.1 sport=123 dport=40157 packets=11 bytes=3504 [ASSURED] mark=0 secmark=0 use=1 my $outputLine = ''; while () { chomp; $outputLine = ''; # UDP unpacked if ($_ =~ /^ipv(\d+)\s+(\d+)\s+udp\s+(\d+)\s+(\d+)\s+src=(\d+\.\d+\.\d+\.\d+)\s+dst=(\d+\.\d+\.\d+\.\d+)\s+sport=(\d+)\s+dport=(\d+)\s+packets=(\d+)\s+bytes=(\d+)\s+(.*)$/) { $outputLine = "\n"; } # TCP unpacked elsif ($_ =~ /^ipv(\d+)\s+(\d+)\s+tcp\s+(\d+)\s+(\d+)\s+(\w+)\s+src=(\d+\.\d+\.\d+\.\d+)\s+dst=(\d+\.\d+\.\d+\.\d+)\s+sport=(\d+)\s+dport=(\d+)\s+packets=(\d+)\s+bytes=(\d+)\s+(.*)$/) { $outputLine = "\n"; } else { $outputLine = "\n"; } print $outputLine if (($outputLine ne '') && (! defined($filterString)) || ($filterString eq '') || ($outputLine =~ /$filterString/)); } print "
Ver?proto??tcp statesrc ip:portdst ip:portpacketsbytes
$1$2udp$3$4 $5:$7$6:$8$9$10
$1$2tcp$3$4$5$6:$8$7:$9$10$11
UF: $_
\n"; close(H); } else { print "

Error, failed to open $NFC for reading\n

\n"; } print "\n\n";