PingdomWe’re big into monitoring for servers, networks, services and reporting, and we use Pingdom for a number of uptime and response monitoring services.

Pingdom have a number of servers around the world which perform their monitoring.  As we like to be as secure as possible, we usually implement a firewall on our Linux servers, and this means that the firewall rules must be updated when Pingdom (or any other service) brings a new monitoring server online.

We don’t like doing things manually, so we implemented a set of simple scripts to backup, generate and automatically update our firewall rules based on Pingdom’s RSS feed of their monitoring servers.  Hopefully these will help you, too.

We have a script which runs daily under cron, called :

# Update the pingdom firewall rules based on their feed
/usr/bin/wget -O /root/probe_servers.xml -o /dev/null
/bin/cat /root/probe_servers.xml | grep IP | sed -e 's/.*IP: //g' | sed -e 's/; Host.*//g' | grep -v IP > /root/pingdom_ips
/bin/rm /root/
for ip in `cat /root/pingdom_ips`
/bin/echo "iptables -D ufw-user-input -s $ip -p tcp --dport 25 -j ACCEPT" >> /root/
/bin/echo "iptables -A ufw-user-input -s $ip -p tcp --dport 25 -j ACCEPT" >> /root/
TODAY=`date +%a%d%b%Y`
iptables-save > /root/firewall.rules.$TODAY
find /root -type f -mtime +7 -name firewall.rules.\* -print | xargs rm -f
sh /root/

As you can see from the last line, we then execute which was generated from pingdom_ips and has the list of iptables commands to update the firewall in the ufw-user-input chain.  If there is every a problem we keep 7 days of firewall rule backups in /root so that previous versions of the rules can easily be restored.

Share this :
Facebook Twitter Email Linkedin Stumbleupon Digg Delicious Reddit Tumblr Posterous

Tagged on:             

3 thoughts on “Automatically update Pingdom firewall rules

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.