Changeset View
Changeset View
Standalone View
Standalone View
etc/periodic/security/520.pfdenied
Show All 38 Lines | |||||
security_daily_compat_var security_status_pfdenied_enable | security_daily_compat_var security_status_pfdenied_enable | ||||
rc=0 | rc=0 | ||||
if check_yesno_period security_status_pfdenied_enable | if check_yesno_period security_status_pfdenied_enable | ||||
then | then | ||||
TMP=`mktemp -t security` | TMP=`mktemp -t security` | ||||
touch ${TMP} | for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null) | ||||
kp: ```
# echo $(pfctl -a "blacklistd" -sA)
pfctl: DIOCGETRULESETS: No such file or directory
```… | |||||
Not Done Inline ActionsGood catch. I will upload a new diff momentarily. lidl: Good catch. I will upload a new diff momentarily.
| |||||
for _a in "" blacklistd | |||||
do | do | ||||
pfctl -a ${_a} -sr -v -z 2>/dev/null | \ | pfctl -a ${_a} -sr -v -z 2>/dev/null | \ | ||||
nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' >> ${TMP} | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' >> ${TMP} | ||||
done | done | ||||
if [ -s ${TMP} ]; then | if [ -s ${TMP} ]; then | ||||
check_diff new_only pf ${TMP} "${host} pf denied packets:" | check_diff new_only pf ${TMP} "${host} pf denied packets:" | ||||
fi | fi | ||||
rc=$? | rc=$? | ||||
rm -f ${TMP} | rm -f ${TMP} | ||||
fi | fi | ||||
exit $rc | exit $rc |
So if there are no blacklistd anchors we end up with errors in the log, right?