diff --git a/check_firewall_active/check_firewall_active.sh b/check_firewall_active/check_firewall_active.sh
new file mode 100755
index 0000000..4b6fd50
--- /dev/null
+++ b/check_firewall_active/check_firewall_active.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+EXIT_OK=0
+EXIT_WARN=1
+EXIT_CRIT=2
+
+PATH=/sbin:/usr/sbin:$PATH
+
+if [ "$(id -u)" != "0" ]; then
+	echo "This script must be run as root" 1>&2
+	exit $EXIT_CRIT
+fi
+
+blocks=$(iptables -L -v -n | egrep 'REJECT|DROP' | wc -l)
+
+if [ $blocks -eq 0 ]; then
+	echo "CRITICAL: No firewall detected"
+	exit $EXIT_CRIT
+fi
+
+echo "OK: Firewall is active"
+exit $EXIT_OK
+
diff --git a/check_firewall_active/nrpe.d/check_firewall_active.cfg b/check_firewall_active/nrpe.d/check_firewall_active.cfg
new file mode 100644
index 0000000..44a13bc
--- /dev/null
+++ b/check_firewall_active/nrpe.d/check_firewall_active.cfg
@@ -0,0 +1,3 @@
+
+
+command[check_firewall_active]=sudo /usr/lib/nagios/plugins/check_firewall_active.sh
diff --git a/check_firewall_active/sudoers.d/check_firewall_active b/check_firewall_active/sudoers.d/check_firewall_active
new file mode 100644
index 0000000..6e5008a
--- /dev/null
+++ b/check_firewall_active/sudoers.d/check_firewall_active
@@ -0,0 +1,2 @@
+Defaults:nrpe	!requiretty
+nrpe		ALL = (root) NOPASSWD: /usr/lib/nagios/plugins/check_firewall_active.sh