svn commit: r187031 - in stable/7/etc: . periodic/security
Antoine Brodin
antoine at FreeBSD.org
Sat Jan 10 11:00:20 PST 2009
Author: antoine
Date: Sat Jan 10 19:00:17 2009
New Revision: 187031
URL: http://svn.freebsd.org/changeset/base/187031
Log:
MFC r181531 to stable/7:
Improve periodic/security/550.ipfwlimit a bit:
- don't run it if net.inet.ip.fw.verbose = 0 as it is pointless
- handle rules without logging limit correctly [1]
(those rules show up without logamount in "ipfw -a list")
PR: conf/126060 [1]
MFC after: 1 month
Modified:
stable/7/etc/ (props changed)
stable/7/etc/periodic/security/550.ipfwlimit
Modified: stable/7/etc/periodic/security/550.ipfwlimit
==============================================================================
--- stable/7/etc/periodic/security/550.ipfwlimit Sat Jan 10 18:19:22 2009 (r187030)
+++ stable/7/etc/periodic/security/550.ipfwlimit Sat Jan 10 19:00:17 2009 (r187031)
@@ -42,19 +42,16 @@ rc=0
case "$daily_status_security_ipfwlimit_enable" in
[Yy][Ee][Ss])
- IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
- if [ $? -ne 0 ]; then
+ IPFW_VERBOSE=`sysctl -n net.inet.ip.fw.verbose 2> /dev/null`
+ if [ $? -ne 0 ] || [ "$IPFW_VERBOSE" -eq 0 ]; then
exit 0
fi
TMP=`mktemp -t security`
ipfw -a list | grep " log " | \
grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
- awk -v limit="$IPFW_LOG_LIMIT" \
+ awk \
'{if ($6 == "logamount") {
if ($2 > $7)
- {print $0}
- } else {
- if ($2 > limit)
{print $0}}
}' > ${TMP}
More information about the svn-src-stable
mailing list