Hi there --
I am testing out a script that checks the status of iptables. The script is the following text:
Code:
#!/bin/bash
# IPT='/usr/sbin/iptables'
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
STAT=0
OUTPUT=''
CHAINS=`$IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'`
for CHAIN in $CHAINS ; do
if [ "$CHAIN" != 'FORWARD' ] && [ "$CHAIN" != 'OUTPUT' ] && [ `$EXPR substr $CHAIN 1 4` != "LOG_" ] ; then
CNT=`expr $($IPT -S $CHAIN | $WC -l) '-' 1`
if [ $CNT -eq 0 ] ; then
OUTPUT="<b>${OUTPUT}ERROR $CHAIN $CNT rules!</b><br>"
STAT=2
else
OUTPUT="${OUTPUT}OK $CHAIN $CNT rules<br>"
fi
fi
done
echo $OUTPUT
exit $STAT
The argument that I am unfamiliar with is the following:
Code:
$IPT -S $CHAIN | $WC -l
I have looked up the man page for iptables, and there is no reference to the -S argument. The version of iptables that is running on the server in question is version 1.3.8.
Is this argument available on another version of iptables, or should it be replaced by another one? Thanks.