pfdenied: support reporting on additional anchors
The security/520-pfdenied script only reports blocked packets from the main ruleset or any blocklistd(8) anchor. Add an option to periodic.conf(5) to make it possible to specify additional anchors to report. PR: 262446 Reviewed by: kp
This commit is contained in:
parent
afd4f7fa25
commit
0784121c96
@ -25,7 +25,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd March 7, 2022
|
||||
.Dd March 9, 2022
|
||||
.Dt PERIODIC.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -960,6 +960,13 @@ Set to
|
||||
to show log entries for packets denied by
|
||||
.Xr pf 4
|
||||
since yesterday's check.
|
||||
.It Va security_status_pfdenied_additionalanchors
|
||||
.Pq Vt str
|
||||
Space-separated list of additional anchors whose denied packets log entries to
|
||||
show.
|
||||
The main ruleset (i.e., the empty-string anchor) and any
|
||||
.Xr blacklistd 8
|
||||
anchors, if present, are always shown.
|
||||
.It Va security_status_pfdenied_period
|
||||
.Pq Vt str
|
||||
Set to either
|
||||
|
@ -44,7 +44,7 @@ rc=0
|
||||
if check_yesno_period security_status_pfdenied_enable
|
||||
then
|
||||
TMP=`mktemp -t security`
|
||||
for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null)
|
||||
for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null) ${security_status_pfdenied_anchors}
|
||||
do
|
||||
pfctl -a "${_a}" -sr -v -z 2>/dev/null | \
|
||||
nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' >> ${TMP}
|
||||
|
@ -298,6 +298,7 @@ security_status_ipfdenied_period="daily"
|
||||
# 520.pfdenied
|
||||
security_status_pfdenied_enable="YES"
|
||||
security_status_pfdenied_period="daily"
|
||||
security_status_pfdenied_additionalanchors=""
|
||||
|
||||
# 550.ipfwlimit
|
||||
security_status_ipfwlimit_enable="YES"
|
||||
|
Loading…
Reference in New Issue
Block a user