diff options
| author | Gleb Smirnoff <glebius@FreeBSD.org> | 2005-09-02 14:13:16 +0000 |
|---|---|---|
| committer | Gleb Smirnoff <glebius@FreeBSD.org> | 2005-09-02 14:13:16 +0000 |
| commit | 19704ecf7e474798deea2168089e5ca4ffc67fa3 (patch) | |
| tree | 5178db57c83f75873cbdaa5117e4cd4cfb240f0b /etc | |
| parent | 7e20345f519d9364189505ff23a8b2984d70f48a (diff) | |
Notes
Diffstat (limited to 'etc')
| -rwxr-xr-x | etc/periodic/security/550.ipfwlimit | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/etc/periodic/security/550.ipfwlimit b/etc/periodic/security/550.ipfwlimit index 912d009ccc90..4e5d89e2e59d 100755 --- a/etc/periodic/security/550.ipfwlimit +++ b/etc/periodic/security/550.ipfwlimit @@ -44,17 +44,25 @@ case "$daily_status_security_ipfwlimit_enable" in [Yy][Ee][Ss]) TMP=`mktemp -t security` IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` - if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then - ipfw -a list | grep " log " | \ - grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ - awk -v limit="$IPFW_LOG_LIMIT" \ - '{if ($2 > limit) {print $0}}' > ${TMP} - if [ -s "${TMP}" ]; then + if [ $? -ne 0 ]; then + exit 0 + fi + ipfw -a list | grep " log " | \ + grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ + awk -v limit="$IPFW_LOG_LIMIT" \ + '{if ($6 == "logamount") { + if ($2 > $7) + {print $0} + } else { + if ($2 > limit) + {print $0}} + }' > ${TMP} + + if [ -s "${TMP}" ]; then rc=1 echo "" echo 'ipfw log limit reached:' cat ${TMP} - fi fi rm -f ${TMP};; *) rc=0;; |