550.ipfwlimit revision 107674
1198090Srdivacky#!/bin/sh - 2198090Srdivacky# 3198090Srdivacky# Copyright (c) 2001 The FreeBSD Project 4198090Srdivacky# All rights reserved. 5198090Srdivacky# 6198090Srdivacky# Redistribution and use in source and binary forms, with or without 7198090Srdivacky# modification, are permitted provided that the following conditions 8198090Srdivacky# are met: 9198090Srdivacky# 1. Redistributions of source code must retain the above copyright 10198090Srdivacky# notice, this list of conditions and the following disclaimer. 11198090Srdivacky# 2. Redistributions in binary form must reproduce the above copyright 12198090Srdivacky# notice, this list of conditions and the following disclaimer in the 13198090Srdivacky# documentation and/or other materials provided with the distribution. 14198090Srdivacky# 15198090Srdivacky# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16198090Srdivacky# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17288943Sdim# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18288943Sdim# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19198090Srdivacky# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20200581Srdivacky# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21198090Srdivacky# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22198090Srdivacky# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23198090Srdivacky# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24198090Srdivacky# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25198090Srdivacky# SUCH DAMAGE. 26198090Srdivacky# 27198090Srdivacky# $FreeBSD: head/etc/periodic/security/550.ipfwlimit 107674 2002-12-07 23:37:44Z keramida $ 28198090Srdivacky# 29198090Srdivacky 30198090Srdivacky# Show ipfw rules which have reached the log limit 31198090Srdivacky# 32198090Srdivacky 33198090Srdivacky# If there is a global system configuration file, suck it in. 34198090Srdivacky# 35198090Srdivackyif [ -r /etc/defaults/periodic.conf ] 36243830Sdimthen 37198090Srdivacky . /etc/defaults/periodic.conf 38198090Srdivacky source_periodic_confs 39198090Srdivackyfi 40198090Srdivacky 41243830Sdimrc=0 42198090Srdivacky 43198090Srdivackycase "$daily_status_security_ipfwlimit_enable" in 44198090Srdivacky [Yy][Ee][Ss]) 45198090Srdivacky TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` 46198090Srdivacky IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` 47198090Srdivacky if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then 48198090Srdivacky ipfw -a l | grep " log " | \ 49198090Srdivacky grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ 50198090Srdivacky awk -v limit="$IPFW_LOG_LIMIT" \ 51198090Srdivacky '{if ($2 > limit) {print $0}}' > ${TMP} 52198090Srdivacky if [ -s "${TMP}" ]; then 53198090Srdivacky rc=1 54198090Srdivacky echo "" 55198090Srdivacky echo 'ipfw log limit reached:' 56226633Sdim cat ${TMP} 57198090Srdivacky fi 58198090Srdivacky fi 59198090Srdivacky rm -f ${TMP};; 60198090Srdivacky *) rc=0;; 61198090Srdivackyesac 62198090Srdivacky 63198090Srdivackyexit $rc 64234353Sdim