conf/77929: periodic/security/550.ipfwlimit ignores logamount
Andriy Gapon
avg at icyb.net.ua
Mon Mar 14 01:50:05 PST 2005
The following reply was made to PR conf/77929; it has been noted by GNATS.
From: Andriy Gapon <avg at icyb.net.ua>
To: freebsd-gnats-submit at FreeBSD.org, pbl at tsua.net
Cc:
Subject: Re: conf/77929: periodic/security/550.ipfwlimit ignores logamount
Date: Mon, 14 Mar 2005 11:41:39 +0200
This is a multi-part message in MIME format.
--------------020905030404010501000907
Content-Type: text/plain; charset=KOI8-U
Content-Transfer-Encoding: 7bit
Attached is the patch based on idea in
http://lists.freebsd.org/pipermail/freebsd-security/2005-February/002703.html
but unlike the patch there, this patch in known to work (at least on
FreeBSD 5.2.1).
--
Andriy Gapon
--------------020905030404010501000907
Content-Type: text/plain;
name="periodic-ipfw.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="periodic-ipfw.patch"
--- 550.ipfwlimit Wed Feb 23 18:54:35 2005
+++ 550.ipfwlimit Wed Feb 23 19:19:19 2005
@@ -45,10 +45,10 @@
TMP=`mktemp -t security`
IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
ipfw -a l | grep " log " | \
grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
awk -v limit="$IPFW_LOG_LIMIT" \
- '{if ($2 > limit) {print $0}}' > ${TMP}
+ '{if ($6 == "logamount") {if ($2 > $7) {print $0}} else {if ($2 > limit) {print $0}}}' > ${TMP}
if [ -s "${TMP}" ]; then
rc=1
echo ""
--------------020905030404010501000907--
More information about the freebsd-bugs
mailing list