From fc2a346048a79ea41f8fa5ac2325e4cec0e440c9 Mon Sep 17 00:00:00 2001
From: Martin Zobel-Helas <zobel@debian.org>
Date: Sat, 1 Nov 2014 12:17:43 +0100
Subject: [PATCH] write out a hash of the actually online firewall rules

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
---
 dsa-nagios-checks/debian/cron.d | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dsa-nagios-checks/debian/cron.d b/dsa-nagios-checks/debian/cron.d
index 8536e02..0707def 100644
--- a/dsa-nagios-checks/debian/cron.d
+++ b/dsa-nagios-checks/debian/cron.d
@@ -1,4 +1,6 @@
 @hourly  root [ -x /usr/sbin/dsa-update-apt-status ] && /usr/sbin/dsa-update-apt-status 2>&1 | logger -t dsa-update-apt-status
+@hourly  root [ -x /sbin/iptables-save ] && umask 0177; iptables-save | sed -e 's/\[.*//' -e 's/^#.*//' | sha256sum > /var/run/iptables-online.checksum
+@hourly  root [ -x /sbin/ip6tables-save ] && umask 0177; ip6tables-save | sed -e 's/\[.*//' -e 's/^#.*//' | sha256sum > /var/run/ip6tables-online.checksum
 13 */4 * * * root [ -x /usr/sbin/dsa-update-samhain-status ] && /usr/sbin/dsa-update-samhain-status
 
 SHELL=/bin/bash
-- 
2.20.1