svn commit: r187033 - in stable/6/etc: . periodic/security
Antoine Brodin
antoine at FreeBSD.org
Sat Jan 10 11:03:36 PST 2009
Author: antoine
Date: Sat Jan 10 19:03:35 2009
New Revision: 187033
URL: http://svn.freebsd.org/changeset/base/187033
Log:
MFC r181531 to stable/6:
Improve periodic/security/550.ipfwlimit a bit:
- don't run it if net.inet.ip.fw.verbose = 0 as it is pointless
- handle rules without logging limit correctly [1]
(those rules show up without logamount in "ipfw -a list")
PR: conf/126060 [1]
MFC after: 1 month
Modified:
stable/6/etc/ (props changed)
stable/6/etc/periodic/security/550.ipfwlimit
Modified: stable/6/etc/periodic/security/550.ipfwlimit
==============================================================================
--- stable/6/etc/periodic/security/550.ipfwlimit Sat Jan 10 19:01:29 2009 (r187032)
+++ stable/6/etc/periodic/security/550.ipfwlimit Sat Jan 10 19:03:35 2009 (r187033)
@@ -42,19 +42,16 @@ rc=0
case "$daily_status_security_ipfwlimit_enable" in
[Yy][Ee][Ss])
- IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
- if [ $? -ne 0 ]; then
+ IPFW_VERBOSE=`sysctl -n net.inet.ip.fw.verbose 2> /dev/null`
+ if [ $? -ne 0 ] || [ "$IPFW_VERBOSE" -eq 0 ]; then
exit 0
fi
TMP=`mktemp -t security`
ipfw -a list | grep " log " | \
grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
- awk -v limit="$IPFW_LOG_LIMIT" \
+ awk \
'{if ($6 == "logamount") {
if ($2 > $7)
- {print $0}
- } else {
- if ($2 > limit)
{print $0}}
}' > ${TMP}
More information about the svn-src-stable-6
mailing list