We had Cacti with standart-components and some plugins for Postfix, Bind and Apache already running for a few Servers, but we wanted to monitor the different  kind of Traffic that passes our Iptables-Firewall.
There was already a perl script on the Cacti Website to get the Values of the different rule-counters (but only for the first rule with the mentioned mark).
On the Cacti Forums i found an improved Version of this script that returns every counter seperate, if there are more than one iptables-rule with the same mark-name.
But i haven't found a description how that can be used via snmp on a remote-host...
After a few hours of headache and stuff... Here it is!:)

Remember, that it just displays the rule-counters and NOT the bandwith-usage!

I think it's very important to read my description below, as the downloadable-Files here are configured for our Setup. And i think you want to costumize it for yours:)

I modified the improved Forum-version of the script for our implementation just a little bit (removed the leading Rule[nr] from the output). So i was able to count them together without parsing Rule[nr] out first...:)
This is great, as you can now combine multible iptables-rules to one Graph or one line in a Graph!
You can now define in your iptables-script which rules are one mesure-point and so on.

Installation:
Assming that cacti via snmpd is already running, Iptables is also working with different marks, you can now copy my newiptables.pl on the Iptables-machine. It doesn't matter where, as long as the user that runs snmpd has execute rights for the script. This script should work out of the box and i hope you don't have to modify it in any way...

# perl newiptables.pl mark-name
 924 4972192 3852 0 0 0 0 0 0 898474

This should give you an output (the counter-state of the different rules with that mark-name).
If this works, you can edit your snmpd.conf and add the following lines, according to your Iptables-marks. One line for each Mark-name.

exec Input /path/to/newiptables.pl WWW1
exec Input /path/to/newiptables.pl WWW2
exec Input /path/to/newiptables.pl SSHA
exec Input /path/to/newiptables.pl FTP1
exec Input /path/to/newiptables.pl FTP2
exec Input /path/to/newiptables.pl DNS1
exec Input /path/to/newiptables.pl DNS2
exec Input /path/to/newiptables.pl SMTP1
exec Input /path/to/newiptables.pl WWWA
exec Input /path/to/newiptables.pl PINGA
exec Input /path/to/newiptables.pl POP1


After snmpd is restarted, you should be able to test this with an snmpwalk like this one.

# snmpwalk -c communityname -v 1 HOSTIP .1.3.6.1.4.1.2021.8.1.extOutput.4
UCD-SNMP-MIB::extOutput.4 = STRING:  924 4972192 3852 0 0 0 0 0 0 898474

On the Cacti Host, you have to place newiptables.sh into your cacti/scripts/ directory and make it executable for the Cacti-User.
You also have to adjust it to your setup according to your snmpd.conf! 

As i am not familiar with perl and not such a l33t bash-er, this script maybe needs to be redesigned by someone with better scripting skills...  Please let me know if you are the one with these skills! :)  But for now, my poor script does his job as expected.

This script makes an snmpwalk for every mark-category, parses the output and add the values from each rule together. The Output is a complete list of all mark-categories, with rules combined together. -i hope someone can follow! ;)
You can test the script with executing it with the ip from the Firewall-Host as parameter.

If this works, you can import the two XML-Files in Cacti, Rename/remove/add the marks in the "Data input Method" and in the "Graph Template" according to your marks in iptables.
Finally, you can create the Graph on the Firewall-Device.

I really hope that this is helpful for someone out there! If you have problems, additions or so, please let me know!


The Archive can be donwloaded HERE!