diff --git a/cli.c b/cli.c
index bfbae29..b0049ac 100644
--- a/cli.c
+++ b/cli.c
@@ -18,6 +18,7 @@
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <signal.h>
+#include <dirent.h>
 #include <dlfcn.h>
 #include <netdb.h>
 #include <libcli.h>
@@ -316,6 +317,36 @@ void cli_do(int sockfd)
 	socklen_t l = sizeof(addr);
 
 	if (fork_and_close()) return;
+
+	/* Check that fork_and_close has closed everything but std* and the socket */
+	int fdfd = open("/dev/fd", O_RDONLY|O_DIRECTORY);
+	if (fdfd >= 0)
+	{
+		DIR *fds = fdopendir(fdfd);
+		if (fds)
+		{
+			struct dirent *ent;
+			while ((ent = readdir(fds)))
+			{
+				if (!strcmp(ent->d_name, ".")
+				 || !strcmp(ent->d_name, ".."))
+					continue;
+
+				int fd = atoi(ent->d_name);
+				if (fd <= STDERR_FILENO)
+					continue;
+				if (fd == fdfd || fd == sockfd)
+					continue;
+				if (log_stream && fd == fileno(log_stream))
+					continue;
+
+				LOG(0, 0, 0, "Warning: fd %d is still open within cli. This may interfere with operations.\n", fd);
+			}
+			closedir(fds);
+		}
+		close(fdfd);
+	}
+
 	if (getpeername(sockfd, (struct sockaddr *) &addr, &l) == 0)
 	{
 		require_auth = addr.sin_addr.s_addr != inet_addr("127.0.0.1");
diff --git a/l2tpns.c b/l2tpns.c
index aa9f06f..43c6413 100644
--- a/l2tpns.c
+++ b/l2tpns.c
@@ -81,7 +81,7 @@ static int tunidx;		// ifr_ifindex of tun device
 int nlseqnum = 0;		// netlink sequence number
 int min_initok_nlseqnum = 0;	// minimun seq number for messages after init is ok
 static int syslog_log = 0;	// are we logging to syslog
-static FILE *log_stream = 0;	// file handle for direct logging (i.e. direct into file, not via syslog).
+FILE *log_stream = 0;		// file handle for direct logging (i.e. direct into file, not via syslog).
 uint32_t last_id = 0;		// Unique ID for radius accounting
 // Guest change
 char guest_users[10][32];       // Array of guest users
diff --git a/l2tpns.h b/l2tpns.h
index 53ace04..6d815ff 100644
--- a/l2tpns.h
+++ b/l2tpns.h
@@ -1037,7 +1037,9 @@ extern uint32_t last_id;
 extern struct Tstats *_statistics;
 extern in_addr_t my_address;
 extern int clifd;
+extern int nlfd;
 extern int epollfd;
+extern FILE *log_stream;
 
 struct event_data {
 	enum {
diff --git a/util.c b/util.c
index d3b352a..c6a51c8 100644
--- a/util.c
+++ b/util.c
@@ -108,12 +108,8 @@ pid_t fork_and_close()
 		if (udpfd[i] != -1)	close(udpfd[i]);
 	}
 
-	if (pppoediscfd != -1)	close(pppoediscfd);
 	if (controlfd != -1)	close(controlfd);
 	if (daefd != -1)	close(daefd);
-	if (snoopfd != -1)	close(snoopfd);
-	if (rand_fd != -1)	close(rand_fd);
-	if (epollfd != -1)	close(epollfd);
 
 	for (i = 0; radfds && i < RADIUS_FDS; i++)
 		close(radfds[i]);
@@ -124,6 +120,14 @@ pid_t fork_and_close()
 			close(bgp_peers[i].sock);
 #endif /* BGP */
 
+	if (nlfd != -1)	close(nlfd);
+	if (pppoediscfd != -1)	close(pppoediscfd);
+	if (pppoesessfd != -1)	close(pppoesessfd);
+
+	if (snoopfd != -1)	close(snoopfd);
+	if (rand_fd != -1)	close(rand_fd);
+	if (epollfd != -1)	close(epollfd);
+
     return pid;
 }