conf/77932: pf and ipfw periodic scripts not working

Matteo Riondato rionda at
Tue Feb 22 18:20:19 GMT 2005

>Number:         77932
>Category:       conf
>Synopsis:       pf and ipfw periodic scripts not working
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 22 18:20:18 GMT 2005
>Originator:     Matteo Riondato
>Release:        FreeBSD 6-CURRENT i386
System: FreeBSD 6.0-CURRENT FreeBSD 6.0-CURRENT #2: Sun Feb 20 21:19:06 CET 2005     rionda at  i386

I think there's a little mistake
in /etc/periodic/security/security.functions:

if check_diff() is called whith "new_only" as its first argument, as it
is in /etc/periodic/security/520.pfdenied (and 500.ipfwdenied), it will
use "grep '^>'" as a filter to grep only the different lines between the
ouput of "pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0;
getline; gsub(" +"," ",$0); print buf$0;} }'" and /var/log/ .

The diff between the output and the file is done with 
diff {daily_status_security_diff_flags} /var/log/ $OUTPUT
and the filter is "piped" after this command, so we have:

diff {daily_status_security_diff_flags} /var/log/ $OUTPUT | grep

but daily_status_security_diff_flags is set to "-b -u"
in /etc/defaults/periodic.conf so there aren't lines beginning with ">",
because we are doing an unified diff. The filter then gives no output
and the only output of /etc/periodic/security/520.pfdenied is 

$HOSTNAME pf denied packets:

This can be solved changing $filter from "grep '^>'" to "grep '^+'"
in /etc/periodic/security/security.functions, line 46. 	
I would not change daily_status_security_diff_flags as I remember that 
having unified diff in periodic mails was disscussed and approved in the MLs



More information about the freebsd-bugs mailing list