diff options
author | lidl <lidl@FreeBSD.org> | 2016-02-09 21:00:38 +0000 |
---|---|---|
committer | lidl <lidl@FreeBSD.org> | 2016-02-09 21:00:38 +0000 |
commit | 654d94fdaa5dccc1cc93c1ae4cb8bfcb04007182 (patch) | |
tree | 87d32f096bf33d7988cea0f602ba262ab682c412 /etc/periodic | |
parent | b3c4f0ddbf7454fa0fadf3225bb6b722d4fbbc4a (diff) | |
download | FreeBSD-src-654d94fdaa5dccc1cc93c1ae4cb8bfcb04007182.zip FreeBSD-src-654d94fdaa5dccc1cc93c1ae4cb8bfcb04007182.tar.gz |
Zero pf rule counters so daily reports make sense
Zero pf rule counters so that each daily report lists an absolute
number of rejected packets, not the total since the last time the
machine rebooted (or the counters were manually cleared).
PR: 206467
Submitted by: Rick Adams
Approved by: rpaulo (mentor)
Differential Revision: https://reviews.freebsd.org/D5172
Diffstat (limited to 'etc/periodic')
-rwxr-xr-x | etc/periodic/security/520.pfdenied | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/periodic/security/520.pfdenied b/etc/periodic/security/520.pfdenied index 3fea360..f2f9e8a 100755 --- a/etc/periodic/security/520.pfdenied +++ b/etc/periodic/security/520.pfdenied @@ -44,7 +44,7 @@ rc=0 if check_yesno_period security_status_pfdenied_enable then TMP=`mktemp -t security` - if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' > ${TMP}; then + if pfctl -sr -v -z 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' > ${TMP}; then check_diff new_only pf ${TMP} "${host} pf denied packets:" fi rc=$? |