Another way that avoids the disk write could be something like:
iptables -t nat -L|grep [1]0.1.3.12 >/dev/null 2>&1
with the same check for the exit code. Not much of an effective
difference though. And if you have a lot of rules, it could get pretty
tedious calling each of them out.
On 4/7/16 01:25, Tino Hendricks wrote:
Mate,
I don’t think you can check it that way because iptables (I don’t know
bastille) isn’t a running program but a kind of toolbox to manage the kernel’s
internal firewall.
The question is: What do you want to check here?
If it is the state or the current rules the only thing that comes to my mind is
a custom script (containing something like „iptables-save | grep
'^what-you-want-to-check$‘“) .
The exit code is then checked by monit:
https://mmonit.com/monit/documentation/monit.html#PROGRAM-STATUS-TESTING
Take care,
Tino
Am 07.04.2016 um 10:00 schrieb Kalmár Máté <[email protected]>:
Hello!
I would like to know, if is there any way to monitor iptables and or
bastille-firewall.
I tried like like theese
#BASTILLE
check process bastille-firewall
matching "bastille-firewall"
#start program = "/etc/init.d/bastille-firewall start"
start program = "/usr/sbin/service bastille-firewall start"
#stop program = "/etc/init.d/bastille-firewall stop"
stop program = "/usr/sbin/service bastille-firewall start"
#IPTABLES
check process iptables
matching "iptables"
#start program = "/etc/init.d/iptables start"
#start program = "/usr/sbin/service iptables start"
start program = "/sbin/iptables start"
#stop program = "/etc/init.d/iptables stop"
#stop program = "/usr/sbin/service iptables start"
stop program = "/sbin/iptables stop"
but i cannot figure out, what the problem is.
Can you please help me?
Thanks:
Mate
--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general
--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general
--
Paul Theodoropoulos
www.anastrophe.com
--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general
