🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Security & Hardening

Firewall Rule Documentation with Python: Export iptables/nftables to Readable Formats (Free CLI Tool)

Dargslan Team | April 12, 2026 | 11 min read
Firewall Rule Documentation with Python: Export iptables/nftables to Readable Formats (Free CLI Tool)

Firewall rules are critical security infrastructure, but they are notoriously difficult to document and audit. A typical production server has dozens of iptables rules spread across multiple tables and chains. Understanding what all these rules do — and whether they are secure — requires systematic documentation.

dargslan-iptables-export is a free Python CLI tool that exports your iptables and nftables rules into readable, structured formats. It auto-detects your firewall backend, parses all rules, and generates human-readable documentation, JSON for automation, and CSV for spreadsheet analysis.

Quick Start

pip install dargslan-iptables-export

dargslan-iptexp report            # Full firewall report with audit
dargslan-iptexp readable          # Human-readable format
dargslan-iptexp json              # Structured JSON export
dargslan-iptexp csv               # CSV for spreadsheet analysis
dargslan-iptexp raw               # Raw iptables output
dargslan-iptexp stats             # Rule statistics
dargslan-iptexp readable -o firewall-rules.txt  # Export to file

Why Document Firewall Rules?

Firewall documentation is essential for several reasons:

  • Security auditing: Identify overly permissive rules that expose unnecessary services
  • Compliance: PCI-DSS, SOC 2, and ISO 27001 all require documented firewall policies
  • Incident response: During a security incident, you need to quickly understand what traffic is allowed
  • Change management: Track firewall changes over time by storing periodic exports
  • Team knowledge: New team members need to understand the firewall configuration

Readable Export Format

The readable format organizes rules by table and chain, showing source, destination, protocol, port, and action in a clear layout:

## Table: filter
==================================================

### Chain: INPUT (Policy: DROP)
----------------------------------------
  [ACCEPT  ] proto=tcp, dport=22
  [ACCEPT  ] proto=tcp, dport=80
  [ACCEPT  ] proto=tcp, dport=443
  [DROP    ] src=10.0.0.0/8, proto=tcp, dport=3306
  [ACCEPT  ] proto=icmp

JSON Export for Automation

The JSON export provides structured data that can be consumed by automation tools, monitoring systems, or custom scripts. Each rule is parsed into individual fields (source, destination, protocol, port, target) for easy programmatic access.

CSV Export for Compliance

The CSV export is perfect for compliance documentation. Import it into a spreadsheet, add justification columns, and you have a complete firewall rule matrix ready for auditors.

Security Audit Features

The built-in audit checks for common security issues:

  • Default ACCEPT policy on INPUT: The INPUT chain should default to DROP, only allowing explicitly permitted traffic
  • Overly permissive rules: Rules that accept all traffic from any source to any destination without protocol or port restrictions
  • No rules configured: A system with no firewall rules is completely exposed

Python API

from dargslan_iptables_export import IptablesExport

ie = IptablesExport()
print(f"Firewall backend: {ie.backend}")

# Parse all rules
rules = ie.parse_iptables_rules()
for rule in rules:
    if rule['type'] == 'rule':
        print(f"[{rule.get('target','N/A')}] {rule.get('protocol','')} "
              f"dport={rule.get('dport','')} src={rule.get('source','any')}")

# Export to file
with open('firewall-export.txt', 'w') as f:
    f.write(ie.export_readable())

# Security audit
for issue in ie.audit():
    print(f"[{issue['severity']}] {issue['message']}")

Change Tracking

By scheduling periodic exports, you can track firewall changes over time. Diff the exports to see exactly what rules were added, modified, or removed:

# Weekly export for change tracking
0 0 * * 0 dargslan-iptexp json -o /var/log/firewall/rules-$(date +%Y%m%d).json

iptables vs nftables

The tool auto-detects whether your system uses the legacy iptables or the newer nftables backend. On modern distributions (Debian 11+, Ubuntu 22.04+, RHEL 9+), nftables is the default. The tool handles both transparently.

Best Practices

  1. Export firewall rules before and after every change for audit trail
  2. Use the audit feature to catch security misconfigurations
  3. Store exports in version control (Git) for change tracking
  4. Generate readable documentation for team knowledge sharing
  5. Include firewall exports in your compliance documentation

Conclusion

Firewall documentation is a security requirement, not an option. dargslan-iptables-export makes it effortless to generate readable, auditable documentation of your firewall rules. Install it on every server and make firewall exports part of your security workflow.

For more security tools and cybersecurity guides, visit dargslan.com and explore our security eBook collection.

Share this article:
Dargslan Editorial Team (Dargslan)
About the Author

Dargslan Editorial Team (Dargslan)

Collective of Software Developers, System Administrators, DevOps Engineers, and IT Authors

Dargslan is an independent technology publishing collective formed by experienced software developers, system administrators, and IT specialists.

The Dargslan editorial team works collaboratively to create practical, hands-on technology books focused on real-world use cases. Each publication is developed, reviewed, and...

Programming Languages Linux Administration Web Development Cybersecurity Networking
View all books

Related Articles

Stay Updated

Subscribe to our newsletter for the latest tutorials, tips, and exclusive offers.