Pingdom

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search

Pingdom is a service that tracks uptime of online systems. Sometimes it's desirable to allow only their probe server access certain resources. If so, follow this guide.

Begin by enabling root access. Then create a file such as /cfg/pingdom.sh (for example using vi) with the content

touch /tmp/pingdom
while true
do
	ftp -S dont -o /tmp/pingdomxml  https://my.pingdom.com/probes/feed &&
		grep "pingdom:ip" /tmp/pingdomxml |
		sed -e 's|</.*||' -e 's|.*>||' > /tmp/pingdom &&
		pfctl -t pingdom -T replace -f /tmp/pingdom
	sleep 3600
done

and make sure it's started during boot by adding the following text into /cfg/skel/rc.local

sh /cfg/pingdom.sh &

You can then use that file when creating firewalling rules. You need to add a table called pingdom. Below is a complete example

firewall {
	table <pingdom> persist
	pass in quick proto tcp from <pingdom> to (self) port 22
	...

You can check what IP addresses are included in this table at any time by running the following command

 pfctl -t pingdom -T show