log entry 2012-10-20

iptables-converter startup

It's boring to wait for a linux machine loading some thousands of iptables. It's more boring on a slow machine, and so the idea came up to speed up the process. Recently I got to know, the netfilter-architects mentioned not to change the iptables-restore format. The ususal suspects were asked to find a tool. Looking around for some converter outside the kernel wasn't successful. Nothing was found, probably because of using the wrong keywords. So the idea came up to write one. Pyhton and me should be able to do it.

My sspe tool (http://sspe.sourceforge.net) generates the iptables in a shellscript from a common set of firewall rules for many machines. It is written in perl, it is ugly but useful. No tests at all, only controlled by viewing with own eyes.

A converter could speed up loading time, the benefit would be more time to spend on the machines.

Initial commit is dated to 2012-11-20 and it is pushed to https://github.com/sl0/conv

It's not complicated. Read in the shellscript, write out the iptables a little bit modified. That's all.

Have fun!

social