+++ /dev/null
-#!/bin/sh
-#
-# Marta Carbone
-# Copyright (C) 2009 Universita` di Pisa
-#
-# This script parse the ipfw rules
-# and remove the old ones.
-#
-# The ipfw output is parsed and each time
-# value stored as comment is compared against
-# the current time.
-# If the time value is older than current,
-# the rules and related pipes will be deleted.
-#
-# $Id:$
-
-DEBUG=0 # 1 to enable debug messages
-LOG_FILE=/tmp/ipfw.log
-# variable shared with the vsys ipfw-be backend
-DBFILE=/tmp/ff
-
-debug() # $1 debug message
-{
- if [ ! $DEBUG ]; then
- echo "$1" >> $LOG_FILE
- fi
-}
-
-# Get $NOW referred to UTC
-NOW=`date -u +%s`
-
-# check for module existence
-/sbin/lsmod | grep ipfw >> /dev/null
-if [ x"$?" == x"1" ]; then
- debug "ipfw module does not exist"
- exit 0;
-fi
-
-cat ${DBFILE} |
-awk '
- BEGIN {
- system("echo Start to clean rules >> /tmp/ipfw.log");
- cleaned=0;
- }
-
- # awk main body
- {
- slice_id=$1;
- type=$2;
- port=$3;
- timeout=$6;
- if (now > timeout) {
- # call the backend script to cleanup expired rules
- command="echo delete " type " " port " | /vsys/ipfw-be ";
- # grep for the username
- command=command "`grep :" slice_id ": /etc/passwd | cut -d ':' -f 1`";
- system(command);
- cleaned++;
- }
- }
-
- END { system("echo " cleaned " rules cleaned >> /tmp/ipfw.log");
- }
-' now=${NOW}
%install
install -D -m 755 dummynet2/ipfw_mod.ko $RPM_BUILD_ROOT/lib/modules/%{kernel_id}/net/netfilter/ipfw_mod.ko
install -D -m 755 ipfw/ipfw $RPM_BUILD_ROOT/sbin/ipfw
-install -D -m 755 planetlab/ipfw-cleanup $RPM_BUILD_ROOT/usr/bin/ipfw-cleanup
install -D -m 644 planetlab/ipfw.cron $RPM_BUILD_ROOT/%{_sysconfdir}/cron.d/ipfw.cron
%post
# load the module
-##modprobe ipfw_mod
##depmod -a
+##modprobe ipfw_mod
# clean the old database and initialize the firewall
##echo "super dbcleanup" | /vsys/ipfw-be 0
##echo "super init" | /vsys/ipfw-be 0
LOADED=`cat /proc/modules | grep ^ipfw_mod`; if [ -n "$LOADED" ] ; then rmmod ipfw_mod; fi
%changelog
+* Mon Jan 11 2010 Marta Carbone <marta.carbone@iet.unipi.it>
+- Integrated the ipfw rules cleanup into the backend
+
* Sat Jan 09 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - ipfw-0.9-8
- builds on 2.6.22 & 2.6.27 - for 32 and 64 bits