On Fri, Jul 12, 2019 at 03:13:16PM -0700, Tom Eastep wrote: > On 7/12/19 10:49 AM, Justin Pryzby wrote: > > On Fri, Jul 12, 2019 at 07:31:19PM +0200, Damjan Hajsek wrote: > >> Hi > >> > >> I like to know how can I monitor shorewall with monit. > >> > >> So I like to use monit which check if software runs but shorewall have no > >> pid file. > > > > Shorewall isn't a resident daemon so there's no process nor PID. > > > >> Is there any other file created when shorewall is up? > > > > Creating a file isn't great since the file could exist if it wasn't removed > > on > > boot, maybe if there was some issue and root was readonly and fw wasn't > > started. > > > > Can't you just take the exit status of iptables -L |grep -m1 Shorewall ? > > > > Or the exit status of 'shorewall status' >
In my own case, I create a file called something like /etc/cron.d/shorewall-status with these entries: @hourly root /sbin/shorewall status >/dev/null ; [ $? -ne 0 ] && /sbin/shorewall status @hourly root /sbin/shorewall6 status >/dev/null ; [ $? -ne 0 ] && /sbin/shorewall6 status That protects against the two mistakes I am most likely to make with Shorewall: 1. Clearing or stopping the firewall and then forgetting to restart 2. Disabling Shorewall from starting on boot or making a configuration change (maybe I forget to restart right then) and on the next boot it fails to start Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
