Date: Wed, 23 Feb 2005 19:27:33 +0200 From: Peter Lavee <pbl@tsua.net> To: Alexander Leidinger <Alexander@Leidinger.net>, Bill Moran <wmoran@potentialtech.com>, freebsd-security@freebsd.org Subject: Re: periodic/security/550.ipfwlimit - diff for RELENG-5 Message-ID: <20050223172733.GB24603@tsua.net> In-Reply-To: <20050223155951.of0vuu1ngggog44g@netchild.homeip.net> References: <421AEF1B.6000707@icyb.net.ua> <20050222152059.GB11631@tsua.net> <20050222110227.77fcbab0.wmoran@potentialtech.com> <20050223155951.of0vuu1ngggog44g@netchild.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 23, 2005 at 03:59:51PM +0100, Alexander Leidinger wrote:
Better version then previos, it will not break order of rules.
awk version, it will work on all 4 and 5 releases, at least those, where IPFW enabled ;-)
Also i removed check for digit+space+digit - it can break things if ipfw output will be significally changed.
diff -u 550.ipfwlimit 550.ipfwlimit.new
=============================>8==============================================================================================
--- 550.ipfwlimit Wed Feb 23 18:54:35 2005
+++ 550.ipfwlimit.new Wed Feb 23 19:19:19 2005
@@ -45,10 +45,10 @@
TMP=`mktemp -t security`
IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
- ipfw -a l | grep " log " | \
- grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
- awk -v limit="$IPFW_LOG_LIMIT" \
- '{if ($2 > limit) {print $0}}' > ${TMP}
+ ipfw -a l | grep " log " \
+ | \
+ awk -v limit="$IPFW_LOG_LIMIT" -v logamount=$6 \
+ '{if ($5 == "logamount") {if ($2 > logamount) {print $0} } else { if ($2 > limit) {print $0} } }' > ${TMP}
if [ -s "${TMP}" ]; then
rc=1
echo ""
=============================>8==============================================================================================
> Bill Moran <wmoran@potentialtech.com> wrote:
>
> >
> >This is great.
> >
> >However, because of the size of the FreeBSD project, it's likely that this
> >will get lost. To ensure that it doesn't, please submit it as a PR
> >(problem report).
>
> While this may work on 4.x, this will not be able to go into 5.x or into
> -current (and it first has to find it's way into -current, else there will
> be no merge to 5.x or 4.x) since we don't have perl in the base system on
> 5.x and -current. I suggest to rewrite this in awk (in the -current version
> of this periodic script) and submit it as a diff.
--
WBR,
Peter Lavee
Hostmaster
Technological Systems
CJVC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050223172733.GB24603>