1138061Smlaier#!/bin/sh - 2138061Smlaier# 3138061Smlaier# Copyright (c) 2004 The FreeBSD Project 4138061Smlaier# All rights reserved. 5138061Smlaier# 6138061Smlaier# Redistribution and use in source and binary forms, with or without 7138061Smlaier# modification, are permitted provided that the following conditions 8138061Smlaier# are met: 9138061Smlaier# 1. Redistributions of source code must retain the above copyright 10138061Smlaier# notice, this list of conditions and the following disclaimer. 11138061Smlaier# 2. Redistributions in binary form must reproduce the above copyright 12138061Smlaier# notice, this list of conditions and the following disclaimer in the 13138061Smlaier# documentation and/or other materials provided with the distribution. 14138061Smlaier# 15138061Smlaier# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16138061Smlaier# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17138061Smlaier# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18138061Smlaier# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19138061Smlaier# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20138061Smlaier# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21138061Smlaier# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22138061Smlaier# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23138061Smlaier# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24138061Smlaier# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25138061Smlaier# SUCH DAMAGE. 26138061Smlaier# 27138061Smlaier# $FreeBSD: releng/11.0/etc/periodic/security/520.pfdenied 301226 2016-06-02 19:06:04Z lidl $ 28138061Smlaier# 29138061Smlaier 30138061Smlaier# If there is a global system configuration file, suck it in. 31138061Smlaier# 32138061Smlaierif [ -r /etc/defaults/periodic.conf ] 33138061Smlaierthen 34138061Smlaier . /etc/defaults/periodic.conf 35138061Smlaier source_periodic_confs 36138061Smlaierfi 37138061Smlaier 38138061Smlaier. /etc/periodic/security/security.functions 39138061Smlaier 40254974Sjlhsecurity_daily_compat_var security_status_pfdenied_enable 41254974Sjlh 42138061Smlaierrc=0 43138061Smlaier 44254974Sjlhif check_yesno_period security_status_pfdenied_enable 45254974Sjlhthen 46138061Smlaier TMP=`mktemp -t security` 47301226Slidl touch ${TMP} 48301226Slidl for _a in "" blacklistd 49301226Slidl do 50301226Slidl pfctl -a ${_a} -sr -v -z 2>/dev/null | \ 51301226Slidl nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' >> ${TMP} 52301226Slidl done 53301226Slidl if [ -s ${TMP} ]; then 54301226Slidl check_diff new_only pf ${TMP} "${host} pf denied packets:" 55138061Smlaier fi 56138061Smlaier rc=$? 57254974Sjlh rm -f ${TMP} 58254974Sjlhfi 59138061Smlaier 60138061Smlaierexit $rc 61