Open main menu, an OpenBSD-based firewall β


Pingdom is a service that tracks uptime of online systems. Sometimes it's desirable to allow only their probe server access certain resources. If so, follow this guide.

Begin by enabling root access. Then create a file such as /cfg/ (for example using vi) with the content

touch /tmp/pingdom
while true
	ftp -S dont -o /tmp/pingdomxml &&
		grep "pingdom:ip" /tmp/pingdomxml |
		sed -e 's|</.*||' -e 's|.*>||' > /tmp/pingdom &&
		pfctl -t pingdom -T replace -f /tmp/pingdom
	sleep 3600

and make sure it's started during boot by adding the following text into /cfg/skel/rc.local

sh /cfg/ &

You can then use that file when creating firewalling rules. You need to add a table called pingdom. Below is a complete example

firewall {
	table <pingdom> persist
	pass in quick proto tcp from <pingdom> to (self) port 22

You can check what IP addresses are included in this table at any time by running the following command

 pfctl -t pingdom -T show