-#!/bin/sh
-#
-# Marta Carbone
-# Copyright (C) 2009 Universita` di Pisa
-#
-# This script parse the ipfw rules
-# and remove the old ones.
-#
-# The ipfw output is parsed and each time
-# value stored as comment is compared against
-# the current time.
-# If the time value is older than current,
-# the rules and related pipes will be deleted.
-#
-# $Id:$
-
-DEBUG=0 # 1 to enable debug messages
-LOG_FILE=/tmp/ipfw.log
-# variable shared with the vsys ipfw-be backend
-DBFILE=/tmp/ff
-
-debug() # $1 debug message
-{
- if [ ! $DEBUG ]; then
- echo "$1" >> $LOG_FILE
- fi
-}
-
-# Get $NOW referred to UTC
-NOW=`date -u +%s`
-
-# check for module existence
-/sbin/lsmod | grep ipfw >> /dev/null
-if [ x"$?" == x"1" ]; then
- debug "ipfw module does not exist"
- exit 0;
-fi
-
-cat ${DBFILE} |
-awk '
- BEGIN {
- system("echo Start to clean rules >> /tmp/ipfw.log");
- cleaned=0;
- }
-
- # awk main body
- {
- slice_id=$1;
- type=$2;
- port=$3;
- timeout=$6;
- if (now > timeout) {
- # call the backend script to cleanup expired rules
- command="echo delete " type " " port " | /vsys/ipfw-be ";
- # grep for the username
- command=command "`grep :" slice_id ": /etc/passwd | cut -d ':' -f 1`";
- system(command);
- cleaned++;
- }
- }
-
- END { system("echo " cleaned " rules cleaned >> /tmp/ipfw.log");
- }
-' now=${NOW}