Bug 187224 - [patch] /etc/periodic/security/520.pfdenied enhancement
Summary: [patch] /etc/periodic/security/520.pfdenied enhancement
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: Unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-03 16:00 UTC by Kurt Lidl
Modified: 2015-11-05 17:39 UTC (History)
0 users

See Also:

Attachments
file.diff (357 bytes, patch)
2014-03-03 16:00 UTC, Kurt Lidl 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kurt Lidl freebsd_committer freebsd_triage 2014-03-03 16:00:00 UTC 
The /etc/periodic/security/520.pfdenied script produces a line of output
for all lines in the PF file, not just those that cause a deny to happen.

Fix: Basically, only print the line if the 5th field isn't empty.
Comment 1 commit-hook freebsd_committer freebsd_triage 2015-11-05 17:38:09 UTC 
A commit references this bug:

Author: lidl
Date: Thu Nov  5 17:37:15 UTC 2015
New revision: 290405
URL: https://svnweb.freebsd.org/changeset/base/290405

Log:
  Restrict 520.pfdenied to only list rules that blocked traffic.
  Before this change, the 520.pfdenied script listed all rules that
  matched /^block/ in the rule. Restrict the printed output to only
  those rules that result in packets being dropped.

  PR:		conf/187224
  Approved by:	rpaulo (mentor)
  Differential Revision:	https://reviews.freebsd.org/D4068

Changes:
  head/etc/periodic/security/520.pfdenied