Here's a Perl script to extract relevan lines from iptables -L.
The script's output is something like the following:

     397 conntrack drop (INPUT)
      10 conntrack drop (FORWARD)
      21 conntrack rejects (OUTPUT)
    3752 marked rejects (OUTPUT)

You have to modify the %watches static hash according to your iptables 
configuration, and write the regular expressions and the explanation 
for the lines that you want to capture from iptables output.

-----8<-----cut-and-save-as-read-iptable-list.pl-----8<-----
#! /usr/bin/perl

=head1 NAME

read-iptables-list.pl - number of packets rejected by specific rules

=head1 USAGE

Usage:

   iptables -L -Z -vnx | read-iptables-list.pl > todays-report

Note that -Z zeroes iptables counters, so use this daily.

=cut

use strict;

# current chain
my $chain = "";

sub log_packets
{
	my ($line, $rule, $explain) = @_;
	
	printf("%8d %s (%s)\n", $1, $explain, $chain)
		if ($line =~ $rule and $` =~ /\s*(\d+)\s+/ and $1 > 0);
}

# static hash of hashes
# each subhash key must be TARGET..any.further, matching before counters
my %watches =
(
	'OUTPUT' =>
		[
			qr/REJECT\s+.*mark match 0x4/,                    'marked rejects',
			qr/REJECT\s+.*ctstate NEW tcp flags:!0x17\/0x02/, 'conntrack rejects'
		],
	'INPUT' =>
		[
			qr/DROP\s+.*ctstate NEW tcp flags:!0x17\/0x02/,   'conntrack drop'
		],
	'FORWARD' =>
		[
			qr/DROP\s+.*ctstate NEW tcp flags:!0x17\/0x02/,   'conntrack drop'
		],
);

my $curwatch;

while (<>)
{
	chomp;
	if (/^Chain *(\w+)/)
	{
		$chain = $1;
		$curwatch = $watches{$chain};
	}
	elsif (defined(@$curwatch) and scalar(@$curwatch))
	{
		my $line = $_;
		my $i;
		for ($i = 0; $i < scalar(@$curwatch); $i += 2)
		{
			log_packets($line, $curwatch->[$i], $curwatch->[$i + 1]);
		}
	}
}

