FW Monitor

Navigate: Status | TCP | UDP | ICMP | Other


i have released the components to this. its unfinished, unsupported, and you have to do some work to make it work on your system. you can download it from my software page. it's nothing special, but i hope you get some use out of it.

                        fw-mon README version: 0.0a             16 july 2002


fw-mon is a collection of scripts i use to monitor my OpenBSD PF based
firewall. i am releasing it here as such because a few people have
asked for the whole set of pieces in one package.

i run it every five minutes from cron as root (so pfctl can view stats).
the entry i use is below:

0,25,30,35,40,45,50,55 * * * * cd /var/www/htdocs/run/ && /bin/sh /var/www/htdocs/run
/build-info.sh

note that you will want to redirect stderr to stdout and then to /dev/null.
otherwise you may wind up with an email every five minutes with stderr
in it. annoying.

requirements:
        gnuplot      used in graphing
        png          library for manipulating PNG images
        arpwatch     monitor arp & rarp requests

all of these are available in OpenBSD ports.

i have made no real attempt to make this portable, that's for you to do.
it suits my needs, i can view my firewall stats and info with a simple
website.

the directory structure i use for fw-mon is the following:

        /var/www/htdocs/run
                where *.p and build-info.sh live
        /home/jose/fw-mon
                where the scripts log-process.awk and genarp.awk live

you will want to modify these scripts for your paths and system variables.
i have three interfaces on my firewall: dc0 (external), sis0 and sis1
(internal). you will want to modify the script for your needs. perhaps stick
them in /usr/local/bin, or even ~/bin.

for security concerns, you will want to ensure that your firewall's
web server is up to date with the latest patches, maybe enable SSL, and
i run it on a high port so it can run unprivilidged. i highly reccomend you
check out -current's approach to the chroot() Apache system. also, note
that arpwatch is another security risk for you. you should seriously
consider systrace for your firewall.

this software is entirely unsupported and comes with no warranty. don't ask
me for updates, don't ask me for much of anything about it. i'm treading
into an area in which i work for pay, and i am bound by my contract to
not compete with them. its a stretch, but i'm not going to risk it. please
don't ask me for advice or any of the ideas i have had about this project.

all of this software is under a BSD style license:

# Copyright 2002 Jose Nazario 
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

in closing, i wish you well with it and i hope its inspiring and useful.
i encourage you to share your work with the other folks on the Internet.

MD5 sums:

MD5 (build-info.sh) = 2018503fa5e51617d98700a8ed2234b3
MD5 (genall.sh) = da3b1ec4f64f74b7d02b6ee5b110d56e
MD5 (genarp.awk) = 2cf15ef1208ec4559cc145569a6512ea
MD5 (plotme-routes.p) = 9ecddf63d100b6cb1dd6265022ce961c
MD5 (plotme-sis0.p) = 1ef59bc2104395975ae6c570151a9c19
MD5 (plotme-sis1.p) = f490ac17768f5f8643b1d7e9425d3e4e
MD5 (plotme.p) = 1b3457594c985a480d6c971148b703d6
MD5 (process.awk) = fab2d9915f2ba1195b930d8d5342c433