From e5067d55c3287c93c340c4d0436ed76a93d2f8b2 Mon Sep 17 00:00:00 2001 From: antoine Date: Sun, 10 Aug 2008 18:11:24 +0000 Subject: Improve periodic/security/550.ipfwlimit a bit: - don't run it if net.inet.ip.fw.verbose = 0 as it is pointless - handle rules without logging limit correctly [1] (those rules show up without logamount in "ipfw -a list") PR: conf/126060 [1] MFC after: 1 month --- etc/periodic/security/550.ipfwlimit | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'etc') diff --git a/etc/periodic/security/550.ipfwlimit b/etc/periodic/security/550.ipfwlimit index 6c2e1a0..daa0f86 100755 --- a/etc/periodic/security/550.ipfwlimit +++ b/etc/periodic/security/550.ipfwlimit @@ -42,19 +42,16 @@ rc=0 case "$daily_status_security_ipfwlimit_enable" in [Yy][Ee][Ss]) - IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` - if [ $? -ne 0 ]; then + IPFW_VERBOSE=`sysctl -n net.inet.ip.fw.verbose 2> /dev/null` + if [ $? -ne 0 ] || [ "$IPFW_VERBOSE" -eq 0 ]; then exit 0 fi TMP=`mktemp -t security` ipfw -a list | grep " log " | \ grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ - awk -v limit="$IPFW_LOG_LIMIT" \ + awk \ '{if ($6 == "logamount") { if ($2 > $7) - {print $0} - } else { - if ($2 > limit) {print $0}} }' > ${TMP} -- cgit v1.1