This program allows you to monitor ipchains/iptables output in realtime. It supports both logging to a file/stdout and/or to tcpdump format capture logs. It also supports security features such as running non-root, and chrooting itself.
Current features:
Realtime firewall monitoring
Configurable via iptables and ipchains
Output of single line summaries
Output of full hex/ascii data dumps
Output to tcpdump (libpcap) files
Output to syslog
Can run chrooted and non-root
Configured entirely on the command line
Buffered output
Log to SQL
Firewall monitor runs only under Linux due to the fact that it takes advantage of a Linux kernel specific functionality.
