[sysmon-help] Testing if firewall is up (maybe using reverse)
Jared Mauch
jared at sysmon.org
Mon Apr 16 22:25:46 EDT 2007
On Tue, Apr 03, 2007 at 02:03:01PM -0500, John Gateley wrote:
> Hi,
>
> I'd like to do a test that ensures my firewall is up and blocking.
>
> I made a test from a sysmon machine outside the firewall
>
> object zap-firewall {
> ip "1.1.1.1"; # ip address of an IMAP server inside the firewall
> type tcp;
> reverse;
> port 993;
> desc "zap firewall";
> dep "sysmon-host";
> contact "alert at jriver.com";
> };
>
> I tried configuring the firewall both to drop the packet
> and to refuse the packet. In both cases, "reverse" doesn't
> do anything, the test shows on the web page as down.
I need to recheck the logic, but this may be the intended operation
that it would list the object as down. any object that "depends" on this
zap-firewall object should get monitored whenever this test fails.
- Jared
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the Sysmon-help
mailing list