From owner-freebsd-bugs  Thu Jan  9 19:20: 4 2003
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3BC6837B401
	for <freebsd-bugs@hub.freebsd.org>; Thu,  9 Jan 2003 19:20:02 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 720FB43F5F
	for <freebsd-bugs@hub.freebsd.org>; Thu,  9 Jan 2003 19:20:01 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h0A3K1NS024388
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 9 Jan 2003 19:20:01 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h0A3K1I0024387;
	Thu, 9 Jan 2003 19:20:01 -0800 (PST)
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 13D9B37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  9 Jan 2003 19:16:00 -0800 (PST)
Received: from the.rusunix.org (the.rusunix.org [195.162.58.254])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8384E43F13
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  9 Jan 2003 19:15:59 -0800 (PST)
	(envelope-from vampiro@the.rusunix.org)
Received: by the.rusunix.org (Sendmail for UK-NC RT11-SJ, from userid 1111)
	id 5469E1CD662; Fri, 10 Jan 2003 09:13:39 +0600 (OMST)
Message-Id: <20030110031339.5469E1CD662@the.rusunix.org>
Date: Fri, 10 Jan 2003 09:13:39 +0600 (OMST)
From: El Vampiro <vampiro@rusunix.org>
Reply-To: El Vampiro <vampiro@rusunix.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Subject: conf/46913: ipf denied packets of security run output contains nonmatched rules
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         46913
>Category:       conf
>Synopsis:       ipf denied packets of security run output contains nonmatched rules
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 09 19:20:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     El Vampiro
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
rusunix (https://the.rusunix.org)
>Environment:
System: FreeBSD the.rusunix.org 4.7-STABLE FreeBSD 4.7-STABLE #0: Sat Jan 4 19:11:18 OMST 2003 vampiro@vampiro.rsb.local:/build/usr/src/sys/NEWMONSTER i386

>Description:
	Periodic script 510.ipfdenied prints all of the "block" rules instead
	of rules that blocked packets only.
>How-To-Repeat:
	run /etc/periodic/security/510.ipfdenied
>Fix:

--- 510.ipfdenied.orig	Sat Jan  4 11:36:54 2003
+++ 510.ipfdenied	Fri Jan 10 08:46:48 2003
@@ -42,7 +42,7 @@
 case "$daily_status_security_ipfdenied_enable" in
     [Yy][Ee][Ss])
 	TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
-	if ipfstat -nhio 2>/dev/null | grep block > ${TMP}; then
+	if ipfstat -nhio 2>/dev/null | grep block | grep -v ^0 > ${TMP}; then
 	  check_diff new_only ipf ${TMP} "${host} ipf denied packets:"
 	fi
 	rc=$?

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message