On Mon, 08 Jan 2018 01:52:03 +0100, Chris H <bsd-li...@bsdforge.com> wrote:
On Sun, 07 Jan 2018 14:13:01 +0100 "Ronald Klop" <ronald-li...@klop.ws>
said
On Sun, 17 Dec 2017 20:50:23 +0100, Chris H <bsd-li...@bsdforge.com>
wrote:
> I'm running on r326056, and periodic(8) doesn't seem to be working
> as expected;
> mail rejects:
>
> Checking for rejected mail hosts:
> usage: fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host]
> [--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file]
> [-i file] [--key=file] [-N file] [--no-passive]
[--no-proxy=list]
> [--no-sslv3] [--no-tlsv1] [--no-verify-hostname] >
[--no-verify-peer]
> [-o file] [--referer=URL] [-S bytes] [-T seconds]
> [--user-agent=agent-string] [-w seconds] URL ...
> fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host]
> [--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file]
> [-i file] [--key=file] [-N file] [--no-passive]
[--no-proxy=list]
> [--no-sslv3] [--no-tlsv1] [--no-verify-hostname] >
[--no-verify-peer]
> [-o file] [--referer=URL] [-S bytes] [-T seconds]
> [--user-agent=agent-string] [-w seconds] -h host -f file [-c
dir]
>
> Also, 520.pfdenied doesn't produce any output. In fact, it doesn't
appear
> to be run at all.
>
> Any thoughts, or advice on how to best proceed?
>
> Thanks!
>
> --Chris
This looks the same as what I experienced. It will be fixed by
upgrading until at least this commit:
http://www.secnetix.de/olli/FreeBSD/svnews/index.py?r=326343
It appears that you indicate anything past, or including r326343
resolves this
Indeed. That resolves the error about 'fetch'. Which came from the ntpd
leaptime file update periodic script in my case.
I'll look into it.
But FWIW I was able to get etc/periodic/security/520.pfdenied output
working
with the following diff(1):
I don't use pf, so I can't comment on this. I hope somebody else can, but
I guess it will attract more eyes if you repost with a subject about
520.pfdenied or something similar.
Regards,
Ronald.
--- /etc/periodic/security/520.pfdenied.orig 2017-11-21
06:57:04.000000000 -0800
+++ /etc/periodic/security/520.pfdenied 2017-03-29 16:22:50.000000000
-0700
@@ -24,7 +24,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD: head/etc/periodic/security/520.pfdenied 306696 2016-10-04
23:12:35Z lidl $
+# $FreeBSD: head/etc/periodic/security/520.pfdenied 290405 2015-11-05
17:37:14Z lidl $
#
# If there is a global system configuration file, suck it in.
@@ -44,13 +44,8 @@
if check_yesno_period security_status_pfdenied_enable
then
TMP=`mktemp -t security`
- for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null)
- do
- pfctl -a ${_a} -sr -v -z 2>/dev/null | \
- nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0)
print buf$0;} }' >> ${TMP}
- done
- if [ -s ${TMP} ]; then
- check_diff new_only pf ${TMP} "${host} pf denied packets:"
+ if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline;
gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then
+ check_diff new_only pf ${TMP} "${host} pf denied packets:"
fi
rc=$?
rm -f ${TMP}
Thanks for taking the time to reply, Ronald!
Ronald.
--Chris
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
