Pretty print iptables output. Align columns and strip out comments.

pp-iptables.py

#!/usr/bin/python3

import re
import sys
import os
from tabulate import tabulate

strip_comments = os.getenv('IPT_STRIP_COMMENTS') == '1'
comments_re = re.compile(r'/\*(.*?)\*/')

in_chain, eof = False, False
headers, table = [], []

while True:
    line = sys.stdin.readline()
    if len(line) == 0:
        eof = True
    line = line.strip()
    if line == '':
        if in_chain:
            headers.append('extra')
            if not strip_comments:
                headers.append('comment')
            print(tabulate(table, headers=headers))
            headers, table = [], []
            in_chain = False
        if eof:
            break
        continue
    if line.startswith('Chain'):
        print('\n{}'.format(line))
        continue
    if line.startswith('pkts') or line.startswith('target') or line.startswith('num'):
        headers = line.split()
        in_chain = True
        continue
    if in_chain:
        parts = line.split()
        begin = parts[:len(headers)]
        extra = ' '.join(parts[len(headers):])

        # comments are wide and sometimes in the middle of extra
        # remove them or put as a separate column
        if strip_comments:
            extra = comments_re.sub('', extra).strip()
            table.append(begin + [extra])
        else:
            comment_match = comments_re.search(extra)
            comment = comment_match.group(1).strip() if comment_match else ''
            extra = comments_re.sub('', extra).strip()
            table.append(begin + [extra, comment])

test-example.txt

$ sudo iptables -t nat -nL KUBE-NODEPORTS
Chain KUBE-NODEPORTS (1 references)
target     prot opt source               destination         
KUBE-MARK-MASQ  tcp  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/traefik:http */ tcp dpt:31922
KUBE-SVC-X3WUOHPTYIG7AA3Q  tcp  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/traefik:http */ tcp dpt:31922
KUBE-MARK-MASQ  tcp  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/traefik:https */ tcp dpt:31783
KUBE-SVC-IKNZCF5XJQBTG3KZ  tcp  --  0.0.0.0/0            0.0.0.0/0            /* kube-system/traefik:https */ tcp dpt:31783


# By default adds column with cleaned up comment
$ sudo iptables -t nat -nL KUBE-NODEPORTS | ./pp-iptables.py 
Chain KUBE-NODEPORTS (1 references)
target                     prot    opt    source     destination    extra          comment
-------------------------  ------  -----  ---------  -------------  -------------  -------------------------
KUBE-MARK-MASQ             tcp     --     0.0.0.0/0  0.0.0.0/0      tcp dpt:31922  kube-system/traefik:http
KUBE-SVC-X3WUOHPTYIG7AA3Q  tcp     --     0.0.0.0/0  0.0.0.0/0      tcp dpt:31922  kube-system/traefik:http
KUBE-MARK-MASQ             tcp     --     0.0.0.0/0  0.0.0.0/0      tcp dpt:31783  kube-system/traefik:https
KUBE-SVC-IKNZCF5XJQBTG3KZ  tcp     --     0.0.0.0/0  0.0.0.0/0      tcp dpt:31783  kube-system/traefik:https


# Comments can be stripped if not needed
$ sudo iptables -t nat -nL KUBE-NODEPORTS | IPT_STRIP_COMMENTS=1 ./pp-iptables.py 
Chain KUBE-NODEPORTS (1 references)
target                     prot    opt    source     destination    extra
-------------------------  ------  -----  ---------  -------------  -------------
KUBE-MARK-MASQ             tcp     --     0.0.0.0/0  0.0.0.0/0      tcp dpt:31922
KUBE-SVC-X3WUOHPTYIG7AA3Q  tcp     --     0.0.0.0/0  0.0.0.0/0      tcp dpt:31922
KUBE-MARK-MASQ             tcp     --     0.0.0.0/0  0.0.0.0/0      tcp dpt:31783
KUBE-SVC-IKNZCF5XJQBTG3KZ  tcp     --     0.0.0.0/0  0.0.0.0/0      tcp dpt:31783

This version improves on the fork by making comments removal conditional, they're often useful with many custom rules. By default it will add another column comment with cleaned-up comment extracted (sometimes from the middle of extra). When environment var IPT_STRIP_COMMENTS=1 is set the comment is discarded & extra is cleaned from extra spaces.