#
# Marta Carbone
# Copyright (C) 2009 Universita` di Pisa
-# $Id$
#
# This script parse the ipfw rules
# and remove the old ones.
# If the time value is older than current,
# the rules and related pipes will be deleted.
#
-# $Id$
+# $Id:$
+
+DEBUG=0 # 1 to enable debug messages
+LOG_FILE=/tmp/ipfw.log
+# variable shared with the vsys ipfw-be backend
+DBFILE=/tmp/ff
+
+debug() # $1 debug message
+{
+ if [ ! $DEBUG ]; then
+ echo "$1" >> $LOG_FILE
+ fi
+}
-RULE_LIST="ipfw show"
# Get $NOW referred to UTC
NOW=`date -u +%s`
# check for module existence
-/sbin/lsmod | grep ipfw
+/sbin/lsmod | grep ipfw >> /dev/null
if [ x"$?" == x"1" ]; then
- echo "ipfw module does not exist";
+ debug "ipfw module does not exist"
exit 0;
fi
-${RULE_LIST} |
+cat ${DBFILE} |
awk '
BEGIN {
- print now a "Start to clean rules ";
+ system("echo Start to clean rules >> /tmp/ipfw.log");
cleaned=0;
}
- # delete rules and pipes
- function delete_rule(rule_id) {
- command="/sbin/ipfw delete " rule_id "; ipfw pipe delete " rule_id;
- system(command);
- }
-
# awk main body
- /\/\/\ [0-9]*/ { # select timeout string
-
- timeout=$13;
-
- if (now > timeout) {
- delete_rule($1);
- cleaned++;
- }
+ {
+ slice_id=$1;
+ type=$2;
+ port=$3;
+ timeout=$6;
+ if (now > timeout) {
+ # call the backend script to cleanup expired rules
+ command="echo delete " type " " port " | /vsys/ipfw-be ";
+ # grep for the username
+ command=command "`grep :" slice_id ": /etc/passwd | cut -d ':' -f 1`";
+ system(command);
+ cleaned++;
+ }
}
- END { print " " cleaned " rules cleaned";
+ END { system("echo " cleaned " rules cleaned >> /tmp/ipfw.log");
}
' now=${NOW}