From owner-freebsd-bugs@FreeBSD.ORG  Mon Mar 14 09:50:05 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C1B9616A4CE
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 14 Mar 2005 09:50:05 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8590643D53
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 14 Mar 2005 09:50:05 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j2E9o5JY081755
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 14 Mar 2005 09:50:05 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j2E9o5Gp081754;
	Mon, 14 Mar 2005 09:50:05 GMT
	(envelope-from gnats)
Date: Mon, 14 Mar 2005 09:50:05 GMT
Message-Id: <200503140950.j2E9o5Gp081754@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Andriy Gapon <avg@icyb.net.ua>
Subject: Re: conf/77929: periodic/security/550.ipfwlimit ignores logamount
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Andriy Gapon <avg@icyb.net.ua>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Mar 2005 09:50:05 -0000

The following reply was made to PR conf/77929; it has been noted by GNATS.

From: Andriy Gapon <avg@icyb.net.ua>
To: freebsd-gnats-submit@FreeBSD.org, pbl@tsua.net
Cc:  
Subject: Re: conf/77929: periodic/security/550.ipfwlimit ignores logamount
Date: Mon, 14 Mar 2005 11:41:39 +0200

 This is a multi-part message in MIME format.
 --------------020905030404010501000907
 Content-Type: text/plain; charset=KOI8-U
 Content-Transfer-Encoding: 7bit
 
 
 Attached is the patch based on idea in
 http://lists.freebsd.org/pipermail/freebsd-security/2005-February/002703.html
 but unlike the patch there, this patch in known to work (at least on
 FreeBSD 5.2.1).
 
 -- 
 Andriy Gapon
 
 --------------020905030404010501000907
 Content-Type: text/plain;
  name="periodic-ipfw.patch"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="periodic-ipfw.patch"
 
 --- 550.ipfwlimit	Wed Feb 23 18:54:35 2005
 +++ 550.ipfwlimit	Wed Feb 23 19:19:19 2005
 @@ -45,10 +45,10 @@
  	TMP=`mktemp -t security`
  	IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
  	if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
  	    ipfw -a l | grep " log " | \
  	    grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
  	    awk -v limit="$IPFW_LOG_LIMIT" \
 -		'{if ($2 > limit) {print $0}}' > ${TMP}
 +		'{if ($6 == "logamount") {if ($2 > $7) {print $0}} else {if ($2 > limit) {print $0}}}' > ${TMP}
  	    if [ -s "${TMP}" ]; then
  		rc=1
  		echo ""
 
 --------------020905030404010501000907--