[sysmon-help] Testing if firewall is up (maybe using reverse)

Jared Mauch jared at sysmon.org
Mon Apr 16 22:25:46 EDT 2007

On Tue, Apr 03, 2007 at 02:03:01PM -0500, John Gateley wrote:
> Hi,
> I'd like to do a test that ensures my firewall is up and blocking.
> I made a test from a sysmon machine outside the firewall
> object zap-firewall {
>         ip ""; # ip address of an IMAP server inside the firewall
>         type tcp;
>         reverse;
>         port 993;
>         desc "zap firewall";
>         dep "sysmon-host";
>         contact "alert at jriver.com";
> };
> I tried configuring the firewall both to drop the packet
> and to refuse the packet. In both cases, "reverse" doesn't
> do anything, the test shows on the web page as down.

	I need to recheck the logic, but this may be the intended operation
that it would list the object as down.  any object that "depends" on this
zap-firewall object should get monitored whenever this test fails.

	- Jared

Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

More information about the Sysmon-help mailing list