Hey folks,
I'm writing a Nagios plugin to verify whether PF is enabled on a
host, and I'm a bit stumped as to how to do it.
pfctl -d and pfctl -e will tell me if it's already enabled or
already disabled, but I don't want a setuid or sudo-enabled plugin
to be manipulating a host's firewall.
I could look at the last modification time of /var/log/pflog,
but what if the ruleset does not log?
I've been through the archives and through pfctl(8) a number of
times, but either I'm missing something or it's not as simple as I
would have expected.
I'm literate in shell scripts and/or perl, so those would probably
be my preferred methods. If it comes down to C, I can probably
muddle with some of the source from pfctl to get something working,
but I would appreciate any advice from the people that know much
better.
Thoughts, anyone?
Thanks!
Benny
--
"I can do for you is - what can not no girl!"
-- Spam email subject, 2010-01-15
