shorewall-monitor for Xymon is an extension to monitor a locally running shorewall (or shorewall-lite) firewall.
Shorewall is a high-level tool for configuring
Netfilter, the firewall system used on GNU/Linux.
It can be used standalone but also allows to deploy firewall rulesets from a
central system (that has installed
shorewall like in the standalone case) to
satellite systems (running
shorewall-monitor was created for a large setup with many satellites but can also be used for a single/standalone installation.
shorewall-monitor reports the following information:
status of shorewall(-lite):
started / stopped / cleared: green / yellow / red
execution problem (red). If no shorewall-installation is found (or executing shorewall fails) this is reported with a “red” status.
In addition to the decoded/interpreted state of the shorewall-firewall the full output of
shorewall[-lite] statusis reported too (possibly saving a login to the machine for diagnosing).
metrics to identify the current ruleset:
the full ruleset (output of
shorewall[-lite] show) if desired (can be disabled in
the number of lines of the currently running ruleset
ruleset recently reloaded: If the ruleset was (re-) loaded less than 1800 seconds ago a yellow status is reported.
metrics on the
firewall-script generated by shorewall(-lite):
the “version” of the compiled firewall-script (the header written to the file)
md5-hash of the compiled firewall-script
Should work with any Xymon or Hobbit version (v4.2+) and shorewall v4.4+.
- Debian Wheezy (7.x), Jessie (8.x), Stretch (9.x) with
xymon-clientfrom the offical repository.
- shorewall and shorewall-lite version 4.5.x, 4.6.x.
Copying and distribution of this package (shorewall-monitor), with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This package is offered as-is, without any warranty.