On Sun, 07 Jan 2018 14:13:01 +0100 "Ronald Klop" <ronald-li...@klop.ws> said
On Sun, 17 Dec 2017 20:50:23 +0100, Chris H <bsd-li...@bsdforge.com> wrote:
> I'm running on r326056, and periodic(8) doesn't seem to be working
> as expected;
> mail rejects:
>
> Checking for rejected mail hosts:
> usage: fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host]
> [--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file]
> [-i file] [--key=file] [-N file] [--no-passive] [--no-proxy=list]
> [--no-sslv3] [--no-tlsv1] [--no-verify-hostname]
> [--no-verify-peer]
> [-o file] [--referer=URL] [-S bytes] [-T seconds]
> [--user-agent=agent-string] [-w seconds] URL ...
> fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host]
> [--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file]
> [-i file] [--key=file] [-N file] [--no-passive] [--no-proxy=list]
> [--no-sslv3] [--no-tlsv1] [--no-verify-hostname]
> [--no-verify-peer]
> [-o file] [--referer=URL] [-S bytes] [-T seconds]
> [--user-agent=agent-string] [-w seconds] -h host -f file [-c dir]
>
> Also, 520.pfdenied doesn't produce any output. In fact, it doesn't appear
> to be run at all.
>
> Any thoughts, or advice on how to best proceed?
>
> Thanks!
>
> --Chris
This looks the same as what I experienced. It will be fixed by upgrading
until at least this commit:
http://www.secnetix.de/olli/FreeBSD/svnews/index.py?r=326343
It appears that you indicate anything past, or including r326343 resolves this
I'll look into it.
But FWIW I was able to get etc/periodic/security/520.pfdenied output working
with the following diff(1):
--- /etc/periodic/security/520.pfdenied.orig 2017-11-21 06:57:04.000000000
-0800
+++ /etc/periodic/security/520.pfdenied 2017-03-29 16:22:50.000000000 -0700
@@ -24,7 +24,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD: head/etc/periodic/security/520.pfdenied 306696 2016-10-04
23:12:35Z lidl $
+# $FreeBSD: head/etc/periodic/security/520.pfdenied 290405 2015-11-05
17:37:14Z lidl $
#
# If there is a global system configuration file, suck it in.
@@ -44,13 +44,8 @@
if check_yesno_period security_status_pfdenied_enable
then
TMP=`mktemp -t security`
- for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null)
- do
- pfctl -a ${_a} -sr -v -z 2>/dev/null | \
- nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0)
print buf$0;} }' >> ${TMP}
- done
- if [ -s ${TMP} ]; then
- check_diff new_only pf ${TMP} "${host} pf denied packets:"
+ if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub("
+"," ",$0); print buf$0;} }' > ${TMP}; then
+ check_diff new_only pf ${TMP} "${host} pf denied packets:"
fi
rc=$?
rm -f ${TMP}
Thanks for taking the time to reply, Ronald!
Ronald.
--Chris
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
