Anyone have a good solution for doing checks on iptables to ensure that the appropriate rules are applied (and the service is running)? I am using Zenoss to monitor my environment.
Also, some of the rules in my chain that I want to check block traffic from specific networks, and as my Zenoss monitor is in a trusted network, doing just port monitoring will give false positives. Ideally I need a solution that reads and interprets the iptables process, and also gives some flexibility to an environment when the exact rules in the chain may change.
Thanks
Make a script that will dump the rules to a file (
iptables -Loriptables-save) which it will then grep for the appropriate rules.Note that you can restrict the output to just one table. You could also take the hash of the resulting file to detect deviations without messy greps or regular expressions.
Save a known good output somewhere out the way as read only file.
Run a cron job daily to email you any non empty diff of the output of iptables -L and the saved output.
I use Webmin (http://www.webmin.com/) for checking iptables via a GUI. You can monitor quite a few things via webmin directly, including what rules are currently applied in iptables. In addition, you can add new rules with relative ease.
If you mean monitor which ports are open and closed as a result of iptables rules that are currently running, you could set up a Nagios box that queries specific ports to see if services are responding on opened ports.