Iptables exporter

A Prometheus exporter that collects traffic data from iptables rules.


pip install iptables-exporter


Test run:

iptables-exporter --dump-data

Run iptables-exporter:

iptables-exporter --port 9119

Point your browser to http://localhost:9119/metrics


docker run --net=host --cap-add=NET_ADMIN madron/iptables-exporter

Configure iptables

Optionally you can monitor specific rules by adding a comment starting with iptables-exporter:

iptables -A INPUT --dport ssh -j ACCEPT -m comment --comment "iptables-exporter ssh traffic"

collects packets and bytes counter:

iptables_packets{ip_version="4",table="filter",chain="input",rule="ssh traffic"} 347.0
iptables_bytes{ip_version="4",table="filter",chain="input",rule="ssh traffic"} 44512.0

More rules with same name:

iptables -A INPUT -s     --dport ssh -j ACCEPT -m comment --comment "iptables-exporter ssh traffic"
iptables -A INPUT -s  --dport ssh -j ACCEPT -m comment --comment "iptables-exporter ssh traffic"
iptables -A INPUT -s --dport ssh -j ACCEPT -m comment --comment "iptables-exporter ssh traffic"

exports total packets and bytes for the 3 rules as they have same ip_version, table, chain and name.

