diff options
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | etc/cron.d/iptables-rrdtool | 1 | ||||
| -rwxr-xr-x | sbin/iptables-rrdtool | 4 |
3 files changed, 5 insertions, 2 deletions
diff --git a/debian/control b/debian/control index c1ba8fa..7b896d8 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,7 @@ Standards-version: 3.9.1 Package: iptables-rrdtool Architecture: all Depends: ${misc:Depends}, bash (>= 4.0), rrdtool, moreutils, base-files (>= 6.2) | initscripts (>= 2.88dsf-13.3) -Recommends: cron +Recommends: cron, nftables, iptables Description: Cronjob to generate RRD files from all iptables rule counters Creates RRDs for every iptables rule every five munutes and optionally graphs them. diff --git a/etc/cron.d/iptables-rrdtool b/etc/cron.d/iptables-rrdtool index 49517a5..c0463ce 100644 --- a/etc/cron.d/iptables-rrdtool +++ b/etc/cron.d/iptables-rrdtool @@ -1,2 +1,3 @@ # generate and update RRDs from iptables rule counters every five minutes +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin */5 * * * * root /usr/bin/chronic /usr/sbin/iptables-rrdtool diff --git a/sbin/iptables-rrdtool b/sbin/iptables-rrdtool index 97dada3..95aaebc 100755 --- a/sbin/iptables-rrdtool +++ b/sbin/iptables-rrdtool @@ -42,7 +42,9 @@ update () { fi } -for table in $(cat /proc/net/ip_tables_names); do +# ~5.10 this procfs interface got removed. +#for table in $(cat /proc/net/ip_tables_names); do +for table in $( /usr/sbin/nft list tables | grep ' ip ' | cut -f 3 -d ' ' ); do for rule in $(/sbin/iptables-save -c -t ${table}); do # iptables-save has inconsistent output for no sane reason; we grab rematch # strings both before and after the counters, then hamfistedly combine them |