+#!/bin/sh
+#
+# Marta Carbone
+# Copyright (C) 2009 Universita` di Pisa
+# $Id$
+#
+# This script parse the ipfw rules
+# and remove the old ones.
+#
+# The ipfw output is parsed and each time
+# value stored as comment is compared against
+# the current time.
+# If the time value is older than current,
+# the rules and related pipes will be deleted.
+#
+# $Id$
+
+RULE_LIST="ipfw show"
+# Get $NOW referred to UTC
+NOW=`date -u +%s`
+
+# check for module existence
+/sbin/lsmod | grep ipfw
+if [ x"$?" == x"1" ]; then
+ echo "ipfw module does not exist";
+ exit 0;
+fi
+
+${RULE_LIST} |
+awk '
+ BEGIN {
+ print now a "Start to clean rules ";
+ cleaned=0;
+ }
+
+ # delete rules and pipes
+ function delete_rule(rule_id) {
+ command="/sbin/ipfw delete " rule_id "; ipfw pipe delete " rule_id;
+ system(command);
+ }
+
+ # awk main body
+ /\/\/\ [0-9]*/ { # select timeout string
+
+ timeout=$13;
+
+ if (now > timeout) {
+ delete_rule($1);
+ cleaned++;
+ }
+ }
+
+ END { print " " cleaned " rules cleaned";
+ }
+' now=${NOW}