Skip to content

Instantly share code, notes, and snippets.

@mickm
Created November 21, 2012 20:21
Show Gist options
  • Save mickm/4127409 to your computer and use it in GitHub Desktop.
Save mickm/4127409 to your computer and use it in GitHub Desktop.
Whitelist Pingdom probe-servers in iptables.
#!/bin/bash
#
# Whitelist Pingdom probe-servers in iptables.
#
# Create a chain called "PINGDOM" and jump to it somewhere before
# the final REJECT/DROP, e.g.
#
# # New chain for Pingdom rules
# :PINGDOM - [0:0]
#
# # Existing rules
# # ...
#
# # Jump to Pingdom chain before rejecting
# -A INPUT -j PINGDOM
# -A INPUT -j REJECT
#
# Run this script from cron. It will only modify the firewall when
# the Pingdom feed request succeeds and its response contains at
# least one IP address.
# Configuration
IPTABLES=/sbin/iptables
CHAIN=PINGDOM
PORT=80
FEED_URL=https://my.pingdom.com/probes/feed
# Dry-run?
[ "$1" = "-n" ] && IPTABLES="echo $IPTABLES"
IPS=$(curl -s $FEED_URL |grep '<pingdom:ip>' |sed 's/[^0-9\.]//g')
if [ "$IPS" != "" ]; then
$IPTABLES -F $CHAIN
echo $IPS |xargs -n1 $IPTABLES -A $CHAIN -p tcp --dport $PORT -j ACCEPT -s
fi
@AlekseyKorzun
Copy link

For CentOS, you willl have to use $IPTABLES -N $CHAIN.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment