Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
Directory
stephan
bystephan, April 15, 2012
Thanks for the check.
I like to be able to check both IPv6 and IPv4, so that is what the edit below does:
(Paths used in this script are adapted for Debian/ Ubuntu based systems.)
#!/bin/bash
case $# in
1)
case $1 in
-4)
IPT='/sbin/iptables'
;;
-6)
IPT='/sbin/ip6tables'
;;
*)
;;
esac
GREP='/bin/grep'
AWK='/usr/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
STAT=0
OUTPUT=''
CHAINS=`$IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'`
for CHAIN in $CHAINS ; do
if [ "$CHAIN" != 'FORWARD' ] && [ "$CHAIN" != 'OUTPUT' ] && [ `$EXPR substr $CHAIN 1 4` != "LOG_" ] ; then
CNT=`expr $($IPT -S $CHAIN | $WC -l) '-' 1`
if [ $CNT -eq 0 ] ; then
OUTPUT="${OUTPUT}ERROR $CHAIN $CNT rules!"
STAT=2
else
OUTPUT="${OUTPUT}OK $CHAIN $CNT rules"
fi
fi
done
echo $OUTPUT
exit $STAT
;;
*)
echo "Usage: $0 [-4][-6]"
exit 1
;;
esac
I like to be able to check both IPv6 and IPv4, so that is what the edit below does:
(Paths used in this script are adapted for Debian/ Ubuntu based systems.)
#!/bin/bash
case $# in
1)
case $1 in
-4)
IPT='/sbin/iptables'
;;
-6)
IPT='/sbin/ip6tables'
;;
*)
;;
esac
GREP='/bin/grep'
AWK='/usr/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
STAT=0
OUTPUT=''
CHAINS=`$IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'`
for CHAIN in $CHAINS ; do
if [ "$CHAIN" != 'FORWARD' ] && [ "$CHAIN" != 'OUTPUT' ] && [ `$EXPR substr $CHAIN 1 4` != "LOG_" ] ; then
CNT=`expr $($IPT -S $CHAIN | $WC -l) '-' 1`
if [ $CNT -eq 0 ] ; then
OUTPUT="${OUTPUT}ERROR $CHAIN $CNT rules!"
STAT=2
else
OUTPUT="${OUTPUT}OK $CHAIN $CNT rules"
fi
fi
done
echo $OUTPUT
exit $STAT
;;
*)
echo "Usage: $0 [-4][-6]"
exit 1
;;
esac