[Bug 580] New: iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Thu Feb 26 01:44:23 CET 2009


http://bugzilla.netfilter.org/show_bug.cgi?id=580

           Summary: iptables-restore and iptables-save lack comparison of a
                    saved ruleset against the currently deployed rules
           Product: iptables
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P1
         Component: iptables-save
        AssignedTo: laforge at netfilter.org
        ReportedBy: linus at hadiko.de


For monitoring, debugging and testing apllications, the capability to compare a
saved ruleset (via iptables-save) to the currently active (deployed) set would
be great.

An implementation that gives exit code 0 for no differences and 1 for
everything else would suffice.

I am trying to monitor some basic routers/firewalls using iptables-save &
-restore scripts in Nagios. Comparing the currently deployed ruleset to a saved
state from iptables-save turns out to be a bitch, because iptables-save does
not always write tables in the same order and always includes comments and
counters for chains..


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the netfilter-buglog mailing list