1

Under linux, at least centos and I think also debian, there is a "iptables" listed in the daemons. But it is really a script to load and save them, it doesn' start a process, neither write a pidfile.

How can I check iptables up and running with monit ?

Massimo
  • 260
  • 3
  • 13

1 Answers1

2

For CentOS 6 and earlier you're correct about it using iptables. CentOS 7 uses firewalld.

To monitor either using Monit you can use PROGRAM-STATUS-TEST. There are several methods to ascertain the status of iptables.

One method to get the status of iptables in CentOS 6 is to use

$ sudo /etc/init.d/iptables status

If iptables is not running you'll get the following response:

$ sudo /etc/init.d/iptables status
iptables: Firewall is not running.

If iptables is running it will look similar to this:

$ sudo /etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Write a script to check the status and grep for Firewall is not running and provide an return code for the script then use monit to run the script.

I didn't test it but it would look something like this:

check program iptables with path "/etc/init.d/iptables status"
    if status != 0 then alert
slm
  • 7,355
  • 16
  • 54
  • 72
kenlukas
  • 2,886
  • 2
  • 14
  • 25