1#!/bin/sh - 2# 3# Copyright (c) 2001 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27# $FreeBSD: src/etc/periodic/security/650.ip6fwlimit,v 1.6 2003/06/30 22:06:26 mtm Exp $ 28# $DragonFly: src/etc/periodic/security/650.ip6fwlimit,v 1.3 2004/11/15 08:11:59 joerg Exp $ 29# 30 31# Show ip6fw rules which have reached the log limit 32# 33 34# If there is a global system configuration file, suck it in. 35# 36if [ -r /etc/defaults/periodic.conf ] 37then 38 . /etc/defaults/periodic.conf 39 source_periodic_confs 40fi 41 42rc=0 43 44case "$daily_status_security_ip6fwlimit_enable" in 45 [Yy][Ee][Ss]) 46 TMP=`mktemp -t security` 47 IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null` 48 if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then 49 ip6fw -a l | grep " log " | \ 50 grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ 51 awk -v limit="$IPFW_LOG_LIMIT" \ 52 '{if ($2 > limit) {print $0}}' > ${TMP} 53 if [ -s "${TMP}" ]; then 54 rc=1 55 echo "" 56 echo 'ip6fw log limit reached:' 57 cat ${TMP} 58 fi 59 fi 60 rm -f ${TMP};; 61 *) rc=0;; 62esac 63 64exit $rc 65