Date: Sun, 07 Jan 2018 16:52:03 -0800 From: "Chris H" <bsd-lists@BSDforge.com> To: "Ronald Klop" <ronald-lists@klop.ws> Cc: "FreeBSD Current" <freebsd-current@freebsd.org> Subject: Re: status-mail-rejects: appears to be broken Message-ID: <b8d27b6eb04049a465e4d862cb8ae892@udns.ultimatedns.net> In-Reply-To: <op.zcg2z4dhkndu52@joepie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 07 Jan 2018 14:13:01 +0100 "Ronald Klop" <ronald-lists@klop=2Ews> sai= d > On Sun, 17 Dec 2017 20:50:23 +0100, Chris H <bsd-lists@bsdforge=2Ecom> wrot= e: >=20 > > I'm running on r326056, and periodic(8) doesn't seem to be working > > as expected; > > mail rejects: > > > > Checking for rejected mail hosts: > > usage: fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=3Dhost] > > [--ca-cert=3Dfile] [--ca-path=3Ddir] [--cert=3Dfile] [--crl=3Dfi= le] > > [-i file] [--key=3Dfile] [-N file] [--no-passive] [--no-proxy=3D= list] > > [--no-sslv3] [--no-tlsv1] [--no-verify-hostname] =20 > > [--no-verify-peer] > > [-o file] [--referer=3DURL] [-S bytes] [-T seconds] > > [--user-agent=3Dagent-string] [-w seconds] URL =2E=2E=2E > > fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=3Dhost] > > [--ca-cert=3Dfile] [--ca-path=3Ddir] [--cert=3Dfile] [--crl=3Dfi= le] > > [-i file] [--key=3Dfile] [-N file] [--no-passive] [--no-proxy=3D= list] > > [--no-sslv3] [--no-tlsv1] [--no-verify-hostname] =20 > > [--no-verify-peer] > > [-o file] [--referer=3DURL] [-S bytes] [-T seconds] > > [--user-agent=3Dagent-string] [-w seconds] -h host -f file [-c d= ir] > > > > Also, 520=2Epfdenied doesn't produce any output=2E In fact, it doesn't appe= ar > > to be run at all=2E > > > > Any thoughts, or advice on how to best proceed? > > > > Thanks! > > > > --Chris >=20 > This looks the same as what I experienced=2E It will be fixed by upgrading = =20 > until at least this commit: >=20 > http://www=2Esecnetix=2Ede/olli/FreeBSD/svnews/index=2Epy?r=3D326343 It appears that you indicate anything past, or including r326343 resolves t= his I'll look into it=2E But FWIW I was able to get etc/periodic/security/520=2Epfdenied output workin= g with the following diff(1): --- /etc/periodic/security/520=2Epfdenied=2Eorig=092017-11-21 06:57:04=2E00000000= 0 -0800 +++ /etc/periodic/security/520=2Epfdenied=092017-03-29 16:22:50=2E000000000 -07= 00 @@ -24,7 +24,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE=2E # -# $FreeBSD: head/etc/periodic/security/520=2Epfdenied 306696 2016-10-04 23:1= 2:35Z lidl $ +# $FreeBSD: head/etc/periodic/security/520=2Epfdenied 290405 2015-11-05 17:3= 7:14Z lidl $ # =20 # If there is a global system configuration file, suck it in=2E @@ -44,13 +44,8 @@ if check_yesno_period security_status_pfdenied_enable then =09TMP=3D`mktemp -t security` -=09for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null) -=09do -=09=09pfctl -a ${_a} -sr -v -z 2>/dev/null | \ -=09=09nawk '{if (/^block/) {buf=3D$0; getline; gsub(" +"," ",$0); if ($5 >= 0) print buf$0;} }' >> ${TMP} -=09done -=09if [ -s ${TMP} ]; then -=09=09check_diff new_only pf ${TMP} "${host} pf denied packets:" +=09if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=3D$0; getline; = gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then +=09 check_diff new_only pf ${TMP} "${host} pf denied packets:" =09fi =09rc=3D$? =09rm -f ${TMP} Thanks for taking the time to reply, Ronald! >=20 > Ronald=2E >=20 >=20 --Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b8d27b6eb04049a465e4d862cb8ae892>