iptables-xml is an add-on module for iptables that exports the current ruleset in well-formed XML. XML provides the perfect conduit for this information, as both Stevegraph and Stevesieve fit well as targets for XML processing.
We might also want to support those that do not have iptables-xml on their system, so I will consider writing a parser for the output of iptables -L.
I've yet to investigate the form of the iptables-xml output, but I will assume for now that its schema will be acceptable for internal use in Firewall Steve.
Stevegraph should be a command-line program that can be run by an administrator that will dump out an image file of the flow graph. Do we have Stevegraph pull the rules directly from iptables (requiring root access), or expect the rules to exist in a file (requiring an extra step on the part of the user), or both? Should there also be a web-based method for retrieving the flow graph? A PHP script could do both, perhaps.
Additionally, the same PHP script could be used from the command line to provide a non-browser method of testing different scenarios.