From fe05c321858efb261e4b0cd2301112b6cecc3516 Mon Sep 17 00:00:00 2001 From: Jordi Sanfeliu Date: Thu, 21 Nov 2019 09:51:31 +0100 Subject: [PATCH] make the option 'use_external_firewall' global #262 --- lib/port.pm | 2 +- man/man5/monitorix.conf.5 | 18 +++++++++--------- monitorix | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/port.pm b/lib/port.pm index 6f545b3..7e75557 100644 --- a/lib/port.pm +++ b/lib/port.pm @@ -129,7 +129,7 @@ sub port_init { logger("$myself: WARNING: 'max' option indicates less ports than really defined in 'list'."); } - if(lc($port->{use_external_firewall} || "") eq "n") { + if(lc($config->{use_external_firewall} || "") eq "n") { if($config->{os} eq "Linux") { my $num; my @line; diff --git a/man/man5/monitorix.conf.5 b/man/man5/monitorix.conf.5 index 1236045..655a1e9 100644 --- a/man/man5/monitorix.conf.5 +++ b/man/man5/monitorix.conf.5 @@ -235,6 +235,15 @@ An example would be: rrdtool_extra_options = "--grid-dash=1:0, --no-legend" .RE .P +.BI use_external_firewall +.RS +By default, Monitorix creates a set of iptables rules to collect the amount of network activity that some graphs (\fIport.pm\fP and \fInginx.pm\fP) need. This might be a problem for people using an external firewall that could eventually remove such iptables rules created by Monitorix. In these cases, you may want to set this option as \fIy\fP to tell Monitorix to not create such iptables rules, but expect that they will be already created by an external software. +.P +Keep in mind that the rule names created in your firewall must coincide with the names that Monitorix expects to find for each case. Familiarize yourself with the iptables rules created automatically by Monitorix before enabling this option. +.P +Default value: \fIn\fP +.RE +.P .BI base_dir .RS This is the absolute path to the directory where all the web elements are located: @@ -2023,15 +2032,6 @@ This is the rule number that Monitorix will use when using the \fIipfw\fP comman Default value: \fI24000\fP .RE .P -.BI use_external_firewall -.RS -By default, Monitorix creates a set of iptables rules to collect the amount of network activity that generates each port defined. This might be a problem for people using an external firewall that could eventually remove such iptables rules created by Monitorix. In these cases, you may want to set this option as \fIy\fP to tell Monitorix to not create such iptables rules, but expect that they will be already created by an external software. -.P -Keep in mind that the rule names created in your Firewall must coincide with the names that Monitorix expect to find for each network port. Familiarize yourself with the iptables rules created automatically by Monitorix before enabling this option. -.P -Default value: \fIn\fP -.RE -.P .BI list .RS You may define here up to \fBmax\fP network port numbers. If you need to monitor the same network port with TCP and UDP protocols, you can add your own suffix to the port number (e.g: 443t and 443u) in order to distinguish it from the double definition in the block. It also support port ranges (e.g: 49152:65534) to be able to monitor the traffic of a number of consecutive ports summarized on a unique graph. diff --git a/monitorix b/monitorix index 35e6edd..b43b83e 100755 --- a/monitorix +++ b/monitorix @@ -671,8 +671,8 @@ if(!$config{multihost}->{default_option_when_all}) { logger("WARNING: the 'default_option_when_all' option is not valid or doesn't exist. Please consider upgrading your configuration file."); $config{multihost}->{default_option_when_all} = "System load"; } -if(!$config{port}->{use_external_firewall}) { # initialize to 'n' by default - $config{port}->{use_external_firewall} = "n"; +if(!$config{use_external_firewall}) { + $config{use_external_firewall} = "n"; } # make sure that there aren't residual Monitorix iptables rules