diff options
| author | cjc <cjc@FreeBSD.org> | 2001-12-07 23:57:39 +0000 |
|---|---|---|
| committer | cjc <cjc@FreeBSD.org> | 2001-12-07 23:57:39 +0000 |
| commit | ba1e7b85770ec4a614f79c25d579dcd341018bdd (patch) | |
| tree | a90b7b90f63cfbd9961c5d653c2f3a139806e2b1 /etc/periodic/security/550.ipfwlimit | |
| parent | be29456bc43b8c5ac3ee45ea4f345a65df0637ff (diff) | |
| download | FreeBSD-src-ba1e7b85770ec4a614f79c25d579dcd341018bdd.zip FreeBSD-src-ba1e7b85770ec4a614f79c25d579dcd341018bdd.tar.gz | |
Long ago, there was just /etc/daily. Then /etc/security was split out
of /etc/daily. Some time later, /etc/daily became a set of periodic(8)
scripts. Now, this evolution continues, and /etc/security has been
broken into periodic(8) scripts to make local customization easier and
more maintainable.
Reviewed by: ru
Approved by: ru
Diffstat (limited to 'etc/periodic/security/550.ipfwlimit')
| -rwxr-xr-x | etc/periodic/security/550.ipfwlimit | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/etc/periodic/security/550.ipfwlimit b/etc/periodic/security/550.ipfwlimit new file mode 100755 index 0000000..3bc13b8 --- /dev/null +++ b/etc/periodic/security/550.ipfwlimit @@ -0,0 +1,61 @@ +#!/bin/sh - +# +# Copyright (c) 2001 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# Show ipfw rules which have reached the log limit +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +TMP=/var/run/_secure.$$ +rc=0 + +case "$daily_status_security_ipfwlimit_enable" in + [Yy][Ee][Ss]) + IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` + if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then + ipfw -a l | grep " log " | perl -n -e \ + '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} + if [ -s "${TMP}" ]; then + rc=1 + echo "" + echo 'ipfw log limit reached:' + cat ${TMP} + fi + fi + rm -f ${TMP};; + *) rc=0;; +esac + +exit $rc |
