Date: Tue, 9 Feb 2016 21:00:39 +0000 (UTC) From: Kurt Lidl <lidl@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r295452 - head/etc/periodic/security Message-ID: <201602092100.u19L0dBK061114@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lidl Date: Tue Feb 9 21:00:38 2016 New Revision: 295452 URL: https://svnweb.freebsd.org/changeset/base/295452 Log: Zero pf rule counters so daily reports make sense Zero pf rule counters so that each daily report lists an absolute number of rejected packets, not the total since the last time the machine rebooted (or the counters were manually cleared). PR: 206467 Submitted by: Rick Adams Approved by: rpaulo (mentor) Differential Revision: https://reviews.freebsd.org/D5172 Modified: head/etc/periodic/security/520.pfdenied Modified: head/etc/periodic/security/520.pfdenied ============================================================================== --- head/etc/periodic/security/520.pfdenied Tue Feb 9 20:22:35 2016 (r295451) +++ head/etc/periodic/security/520.pfdenied Tue Feb 9 21:00:38 2016 (r295452) @@ -44,7 +44,7 @@ rc=0 if check_yesno_period security_status_pfdenied_enable then TMP=`mktemp -t security` - if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' > ${TMP}; then + if pfctl -sr -v -z 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' > ${TMP}; then check_diff new_only pf ${TMP} "${host} pf denied packets:" fi rc=$?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201602092100.u19L0dBK061114>