diff options
author | ume <ume@FreeBSD.org> | 2001-07-04 12:49:17 +0000 |
---|---|---|
committer | ume <ume@FreeBSD.org> | 2001-07-04 12:49:17 +0000 |
commit | 53b01bc71cc702ed3a886222afd9162fc7067c20 (patch) | |
tree | ebd65208ff3d67fa4ff621536b6e5361a7de6fee | |
parent | 8e7c49994c770423c158c9d5b9aa812e04db9879 (diff) | |
download | FreeBSD-src-53b01bc71cc702ed3a886222afd9162fc7067c20.zip FreeBSD-src-53b01bc71cc702ed3a886222afd9162fc7067c20.tar.gz |
Show IPv6 denied packets.
MFC after: 1 week
-rw-r--r-- | etc/security | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/etc/security b/etc/security index c26abeb..e7ebcb4 100644 --- a/etc/security +++ b/etc/security @@ -162,6 +162,40 @@ if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then fi fi +# Show IPv6 denied packets +# +if ip6fw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then + if [ ! -f ${LOG}/ip6fw.today ]; then + [ $rc -lt 1 ] && rc=1 + separator + echo "No ${LOG}/ip6fw.today" + cp ${TMP} ${LOG}/ip6fw.today || rc=3 + fi + + if ! cmp ${LOG}/ip6fw.today ${TMP} >/dev/null; then + [ $rc -lt 1 ] && rc=1 + separator + echo "${host} IPv6 denied packets:" + diff -b ${LOG}/ip6fw.today ${TMP} | egrep "^>" + mv ${LOG}/ip6fw.today ${LOG}/ip6fw.yesterday || rc=3 + mv ${TMP} ${LOG}/ip6fw.today || rc=3 + fi +fi + +# Show ip6fw rules which have reached the log limit +# +IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null` +if [ $? -eq 0 -a "${IP6FW_LOG_LIMIT}" -ne 0 ]; then + ip6fw -a l | grep " log " | perl -n -e \ + '/^\d+\s+(\d+)/; print if ($1 >= '$IP6FW_LOG_LIMIT')' > ${TMP} + if [ -s "${TMP}" ]; then + [ $rc -lt 1 ] && rc=1 + separator + echo 'ip6fw log limit reached:' + cat ${TMP} + fi +fi + # Show kernel log messages # if dmesg -a 2>/dev/null > ${TMP}; then |