On Mon, 08 Jan 2018 01:52:03 +0100, Chris H <bsd-lists_at_bsdforge.com> wrote: > On Sun, 07 Jan 2018 14:13:01 +0100 "Ronald Klop" <ronald-lists_at_klop.ws> > said > >> On Sun, 17 Dec 2017 20:50:23 +0100, Chris H <bsd-lists_at_bsdforge.com> >> wrote: >> > I'm running on r326056, and periodic(8) doesn't seem to be working >> > as expected; >> > mail rejects: >> > >> > Checking for rejected mail hosts: >> > usage: fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host] >> > [--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file] >> > [-i file] [--key=file] [-N file] [--no-passive] >> [--no-proxy=list] >> > [--no-sslv3] [--no-tlsv1] [--no-verify-hostname] > >> [--no-verify-peer] >> > [-o file] [--referer=URL] [-S bytes] [-T seconds] >> > [--user-agent=agent-string] [-w seconds] URL ... >> > fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host] >> > [--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file] >> > [-i file] [--key=file] [-N file] [--no-passive] >> [--no-proxy=list] >> > [--no-sslv3] [--no-tlsv1] [--no-verify-hostname] > >> [--no-verify-peer] >> > [-o file] [--referer=URL] [-S bytes] [-T seconds] >> > [--user-agent=agent-string] [-w seconds] -h host -f file [-c >> dir] >> > >> > Also, 520.pfdenied doesn't produce any output. In fact, it doesn't >> appear >> > to be run at all. >> > >> > Any thoughts, or advice on how to best proceed? >> > >> > Thanks! >> > >> > --Chris >> This looks the same as what I experienced. It will be fixed by >> upgrading until at least this commit: >> http://www.secnetix.de/olli/FreeBSD/svnews/index.py?r=326343 > It appears that you indicate anything past, or including r326343 > resolves this Indeed. That resolves the error about 'fetch'. Which came from the ntpd leaptime file update periodic script in my case. > I'll look into it. > But FWIW I was able to get etc/periodic/security/520.pfdenied output > working > with the following diff(1): I don't use pf, so I can't comment on this. I hope somebody else can, but I guess it will attract more eyes if you repost with a subject about 520.pfdenied or something similar. Regards, Ronald. > --- /etc/periodic/security/520.pfdenied.orig 2017-11-21 > 06:57:04.000000000 -0800 > +++ /etc/periodic/security/520.pfdenied 2017-03-29 16:22:50.000000000 > -0700 > _at__at_ -24,7 +24,7 _at__at_ > # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF > # SUCH DAMAGE. > # > -# $FreeBSD: head/etc/periodic/security/520.pfdenied 306696 2016-10-04 > 23:12:35Z lidl $ > +# $FreeBSD: head/etc/periodic/security/520.pfdenied 290405 2015-11-05 > 17:37:14Z lidl $ > # > # If there is a global system configuration file, suck it in. > _at__at_ -44,13 +44,8 _at__at_ > if check_yesno_period security_status_pfdenied_enable > then > TMP=`mktemp -t security` > - for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null) > - do > - pfctl -a ${_a} -sr -v -z 2>/dev/null | \ > - nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) > print buf$0;} }' >> ${TMP} > - done > - if [ -s ${TMP} ]; then > - check_diff new_only pf ${TMP} "${host} pf denied packets:" > + if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; > gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then > + check_diff new_only pf ${TMP} "${host} pf denied packets:" > fi > rc=$? > rm -f ${TMP} > > Thanks for taking the time to reply, Ronald! >> Ronald. >> > --Chris >Received on Wed Jan 10 2018 - 20:23:02 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:14 UTC