mirrors
/
Monitorix
mirror of https://github.com/mikaku/Monitorix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed in 'nginx' and 'port' graph to properly use 'conntrack' instead of 'state' in the iptables rules

This commit is contained in:
Jordi Sanfeliu 2013-03-04 16:22:11 +01:00
parent 0d9acd460c
commit 2a22bc9fa5
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/nginx.pm
View File

@ -84,8 +84,8 @@ sub nginx_init {
if($config->{os} eq "Linux") { if($config->{os} eq "Linux") {
system("iptables -N monitorix_nginx_IN 2>/dev/null"); system("iptables -N monitorix_nginx_IN 2>/dev/null");
system("iptables -I INPUT -p tcp --sport 1024:65535 --dport $nginx->{port} -m state --state NEW,ESTABLISHED,RELATED -j monitorix_nginx_IN -c 0 0"); system("iptables -I INPUT -p tcp --sport 1024:65535 --dport $nginx->{port} -m conntack --ctstate NEW,ESTABLISHED,RELATED -j monitorix_nginx_IN -c 0 0");
system("iptables -I OUTPUT -p tcp --sport $nginx->{port} --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j monitorix_nginx_IN -c 0 0"); system("iptables -I OUTPUT -p tcp --sport $nginx->{port} --dport 1024:65535 -m conntrack --ctstate ESTABLISHED,RELATED -j monitorix_nginx_IN -c 0 0");
} }
if(grep {$_ eq $config->{os}} ("FreeBSD", "OpenBSD", "NetBSD")) { if(grep {$_ eq $config->{os}} ("FreeBSD", "OpenBSD", "NetBSD")) {
system("ipfw delete $nginx->{rule} 2>/dev/null"); system("ipfw delete $nginx->{rule} 2>/dev/null");

8
lib/port.pm
View File

@ -110,13 +110,13 @@ sub port_init {
my $conn = lc((split(',', $port->{desc}->{$pl[$n]}))[2]); my $conn = lc((split(',', $port->{desc}->{$pl[$n]}))[2]);
if($conn =~ /in/ || $conn =~ /in\/out/) { if($conn =~ /in/ || $conn =~ /in\/out/) {
system("iptables -N monitorix_IN_$n 2>/dev/null"); system("iptables -N monitorix_IN_$n 2>/dev/null");
system("iptables -I INPUT -p $p --sport 1024:65535 --dport $pl[$n] -m state --state NEW,ESTABLISHED,RELATED -j monitorix_IN_$n -c 0 0"); system("iptables -I INPUT -p $p --sport 1024:65535 --dport $pl[$n] -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j monitorix_IN_$n -c 0 0");
system("iptables -I OUTPUT -p $p --sport $pl[$n] --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j monitorix_IN_$n -c 0 0"); system("iptables -I OUTPUT -p $p --sport $pl[$n] --dport 1024:65535 -m conntrack --ctstate ESTABLISHED,RELATED -j monitorix_IN_$n -c 0 0");
} }
if($conn =~ /out/ || $conn =~ /in\/out/) { if($conn =~ /out/ || $conn =~ /in\/out/) {
system("iptables -N monitorix_OUT_$n 2>/dev/null"); system("iptables -N monitorix_OUT_$n 2>/dev/null");
system("iptables -I INPUT -p $p --sport $pl[$n] --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j monitorix_OUT_$n -c 0 0"); system("iptables -I INPUT -p $p --sport $pl[$n] --dport 1024:65535 -m conntrack --ctstate ESTABLISHED,RELATED -j monitorix_OUT_$n -c 0 0");
system("iptables -I OUTPUT -p $p --sport 1024:65535 --dport $pl[$n] -m state --state NEW,ESTABLISHED,RELATED -j monitorix_OUT_$n -c 0 0"); system("iptables -I OUTPUT -p $p --sport 1024:65535 --dport $pl[$n] -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j monitorix_OUT_$n -c 0 0");
} }
if($conn !~ /in/ && $conn !~ /out/) { if($conn !~ /in/ && $conn !~ /out/) {
logger("$myself: Invalid connection type '$conn'; must be 'in', 'out' or 'in/out'."); logger("$myself: Invalid connection type '$conn'; must be 'in', 'out' or 'in/out'.");