[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: iptables? bastille?

From: Paul Theodoropoulos
Subject: Re: iptables? bastille?
Date: Thu, 7 Apr 2016 09:46:08 -0700
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.0

Another way that avoids the disk write could be something like:

iptables -t nat -L|grep [1] >/dev/null 2>&1

with the same check for the exit code. Not much of an effective difference though. And if you have a lot of rules, it could get pretty tedious calling each of them out.

On 4/7/16 01:25, Tino Hendricks wrote:

I don’t think you can check it that way because iptables (I don’t know bastille) isn’t a running program but a kind of toolbox to manage the kernel’s internal firewall.
The question is: What do you want to check here?
If it is the state or the current rules the only thing that comes to my mind is a custom script (containing something like „iptables-save | grep '^what-you-want-to-check$‘“) .
The exit code is then checked by monit:

Take care,

Am 07.04.2016 um 10:00 schrieb Kalmár Máté <address@hidden>:


I would like to know, if is there any way to monitor iptables and or bastille-firewall.
I tried like like theese

check process bastille-firewall
        matching "bastille-firewall"
        #start program = "/etc/init.d/bastille-firewall start"
        start program = "/usr/sbin/service bastille-firewall start"
        #stop program = "/etc/init.d/bastille-firewall stop"
        stop program = "/usr/sbin/service bastille-firewall start"
check process iptables
        matching "iptables"
        #start program = "/etc/init.d/iptables start"
        #start program = "/usr/sbin/service iptables start"
        start program = "/sbin/iptables start"
        #stop program = "/etc/init.d/iptables stop"
        #stop program = "/usr/sbin/service iptables start"
        stop program = "/sbin/iptables stop"

but i cannot figure out, what the problem is.
Can you please help me?

To unsubscribe:

To unsubscribe:

Paul Theodoropoulos

reply via email to

[Prev in Thread] Current Thread [Next in Thread]