Last active
August 28, 2016 04:20
-
-
Save cdsalmons/4e5ff29c6baf9f3dac7da02dc7da5202 to your computer and use it in GitHub Desktop.
Whitelist Pingdom probe-servers in iptables
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Whitelist Pingdom probe-servers in iptables. | |
| # | |
| # Create a chain called "PINGDOM" and jump to it somewhere before | |
| # the final REJECT/DROP, e.g. | |
| # | |
| # # New chain for Pingdom rules | |
| # :PINGDOM - [0:0] | |
| # | |
| # # Existing rules | |
| # # ... | |
| # | |
| # # Jump to Pingdom chain before rejecting | |
| # -A INPUT -j PINGDOM | |
| # -A INPUT -j REJECT | |
| # | |
| # Run this script from cron. It will only modify the firewall when | |
| # the Pingdom feed request succeeds and its response contains at | |
| # least one IP address. | |
| # Configuration | |
| IPTABLES=/sbin/iptables | |
| CHAIN=PINGDOM | |
| PORT=80 | |
| FEED_URL=https://my.pingdom.com/probes/feed | |
| # Dry-run? | |
| [ "$1" = "-n" ] && IPTABLES="echo $IPTABLES" | |
| IPS=$(curl -s $FEED_URL |grep '<pingdom:ip>' |sed 's/[^0-9\.]//g') | |
| if [ "$IPS" != "" ]; then | |
| $IPTABLES -F $CHAIN | |
| echo $IPS |xargs -n1 $IPTABLES -N $CHAIN -p tcp --dport $PORT -j ACCEPT -s | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
wget https://gist.githubusercontent.com/cdsalmons/4e5ff29c6baf9f3dac7da02dc7da5202/raw/72229f3acb2486384796e8490ba6bc6a39efad60/whitelist-pingdom-iptables.sh -P /usr/local/src --no-check-certificate
sh /usr/local/src/whitelist-pingdom-iptables.sh