The Source

We hope the following tinkerings will be helpful to you. Please don't hesitate to send us patches, suggestions and feature requests.

IPv4/v6 IPTables Firewall Ruleset Generator

For a long time I've been working with complex linux firewalls; many interfaces, handling both IPv4 and IPv6, NAT, and spoof protection.

My preference is to work solely in the shell as I find that provides the most power and flexibility, building rules using a bash framework that handles all the dirtywork.

This is the result after almost 10 years of fettling. A single ruleset that builds both iptables and ip6tables rulesets from one set of shell snippets, two snippets per interface pair.

This is a constant work-in-progress, so please let me know what you think.


Apt/Up2date/Yum/Rug Nagios Monitoring Tools

Keeping Linux hosts patched up to date is an important task if you want to stay secure. Knowing when packages are available to be installed helps ensure patches are applied quickly and hosts dont get forgotten.

Here are tools for Nagios monitoring Debian, RHEL and Suse based hosts, downloading available packages and alerting that they're waiting for installation.


Aptcheck consists of 2 simple shell scripts, /usr/sbin/aptcheck and /usr/bin/aptcheck-snmp. aptcheck checks for and downloads (but does not install) any available package upgrades available. A cron.d entry runs aptcheck every night.

aptcheck-snmp is intended to be used with SNMPd and Nagios to report when packages are waiting to be installed.

If you have packages pinned/held that you do not want aptcheck-snmp to consider as "waiting", add them (one per line) to /etc/aptcheck-snmp-held.conf