550.ipfwlimit revision 87852
1198090Srdivacky#!/bin/sh - 2198090Srdivacky# 3198090Srdivacky# Copyright (c) 2001 The FreeBSD Project 4198090Srdivacky# All rights reserved. 5198090Srdivacky# 6198090Srdivacky# Redistribution and use in source and binary forms, with or without 7198090Srdivacky# modification, are permitted provided that the following conditions 8198090Srdivacky# are met: 9198090Srdivacky# 1. Redistributions of source code must retain the above copyright 10226633Sdim# notice, this list of conditions and the following disclaimer. 11226633Sdim# 2. Redistributions in binary form must reproduce the above copyright 12226633Sdim# notice, this list of conditions and the following disclaimer in the 13202878Srdivacky# documentation and/or other materials provided with the distribution. 14202878Srdivacky# 15202878Srdivacky# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16223017Sdim# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17218893Sdim# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18198090Srdivacky# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19198090Srdivacky# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20198090Srdivacky# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21226633Sdim# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22226633Sdim# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23224145Sdim# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24226633Sdim# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25226633Sdim# SUCH DAMAGE. 26198090Srdivacky# 27226633Sdim# $FreeBSD: head/etc/periodic/security/550.ipfwlimit 87852 2001-12-14 08:58:21Z ru $ 28212904Sdim# 29226633Sdim 30224145Sdim# Show ipfw rules which have reached the log limit 31226633Sdim# 32202878Srdivacky 33212904Sdim# If there is a global system configuration file, suck it in. 34202878Srdivacky# 35224145Sdimif [ -r /etc/defaults/periodic.conf ] 36198090Srdivackythen 37198090Srdivacky . /etc/defaults/periodic.conf 38218893Sdim source_periodic_confs 39218893Sdimfi 40218893Sdim 41218893SdimTMP=/var/run/_secure.$$ 42234353Sdimrc=0 43234353Sdim 44226633Sdimcase "$daily_status_security_ipfwlimit_enable" in 45224145Sdim [Yy][Ee][Ss]) 46198090Srdivacky IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` 47234353Sdim if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then 48198090Srdivacky ipfw -a l | grep " log " | perl -n -e \ 49234353Sdim '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} 50234353Sdim if [ -s "${TMP}" ]; then 51234353Sdim rc=1 52226633Sdim echo "" 53226633Sdim echo 'ipfw log limit reached:' 54226633Sdim cat ${TMP} 55226633Sdim fi 56226633Sdim fi 57226633Sdim rm -f ${TMP};; 58226633Sdim *) rc=0;; 59226633Sdimesac 60226633Sdim 61226633Sdimexit $rc 62226633Sdim