misc/89789: [patch] 500.ipfwdenied uses deprecated syntax of ipfw

Vasily Korytov deskpot at dot.aerodome.ru
Thu Dec 1 09:40:04 GMT 2005

>Number:         89789
>Category:       misc
>Synopsis:       500.ipfwdenied uses deprecated syntax of ipfw
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 01 09:40:02 GMT 2005
>Originator:     Vasily Korytov
>Release:        FreeBSD 6.0-STABLE i386
Good morning, Jah!
System: FreeBSD bit.flexpro.ru 6.0-STABLE FreeBSD 6.0-STABLE #0: Mon Nov 28 13:52:35 MSK 2005 root at bit.flexpro.ru:/usr/src/sys/i386/compile/HUB i386

	FreeBSD 6-STABLE on i386 since 6.0-RELEASE up to the 27-11-05 snapshot.
	/etc/periodic/security/500.ipfwdenied issues a warning:
	ipfw: DEPRECATED: 'l' matched 'list' as a sub-string
	Install a 6.0 system, enable ipfw and don't set the
	daily_status_security_ipfwdenied_enable="NO" in /etc/periodic.conf.

	In the first root security output, you'll see the warning.

	Patch is included:

--- /etc/periodic/security/500.ipfwdenied~	Sun May  8 11:05:12 2005
+++ /etc/periodic/security/500.ipfwdenied	Wed Nov 30 10:41:32 2005
@@ -42,7 +42,7 @@
 case "$daily_status_security_ipfwdenied_enable" in
 	TMP=`mktemp -t security`
-	if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
+	if ipfw -a list 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
 	  check_diff new_only ipfw ${TMP} "${host} ipfw denied packets:"

More information about the freebsd-bugs mailing list