From deskpot@bit.flexpro.ru  Thu Dec  1 09:34:29 2005
Return-Path: <deskpot@bit.flexpro.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A358616A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  1 Dec 2005 09:34:29 +0000 (GMT)
	(envelope-from deskpot@bit.flexpro.ru)
Received: from hub.flexpro.ru (flex-pro.rmt.ru [81.13.75.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C6A5B43D4C
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  1 Dec 2005 09:34:28 +0000 (GMT)
	(envelope-from deskpot@bit.flexpro.ru)
Received: from bit.flexpro.ru ([192.168.0.220])
	by hub.flexpro.ru (8.13.4/8.13.4) with ESMTP id jB19YQHa033424
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 1 Dec 2005 12:34:26 +0300 (MSK)
	(envelope-from deskpot@bit.flexpro.ru)
Received: from bit.flexpro.ru (smmsp@localhost [127.0.0.1])
	by bit.flexpro.ru (8.13.4/8.13.3) with ESMTP id jB19Y8GE000762
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 1 Dec 2005 12:34:08 +0300 (MSK)
	(envelope-from deskpot@bit.flexpro.ru)
Received: (from root@localhost)
	by bit.flexpro.ru (8.13.4/8.13.3/Submit) id jB19Y7Xg000761;
	Thu, 1 Dec 2005 12:34:07 +0300 (MSK)
	(envelope-from deskpot)
Message-Id: <200511300754.jAU7s3Pd029304@bit.flexpro.ru>
Date: Wed, 30 Nov 2005 10:54:03 +0300 (MSK)
From: Vasily Korytov <deskpot@dot.aerodome.ru>
Reply-To: Vasily Korytov <deskpot@dot.aerodome.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] 500.ipfwdenied uses deprecated syntax of ipfw
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         89789
>Category:       conf
>Synopsis:       [patch] 500.ipfwdenied uses deprecated syntax of ipfw
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 01 09:40:02 GMT 2005
>Closed-Date:    Wed Dec 07 15:49:19 GMT 2005
>Last-Modified:  Wed Dec 07 15:49:19 GMT 2005
>Originator:     Vasily Korytov
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
Good morning, Jah!
>Environment:
System: FreeBSD bit.flexpro.ru 6.0-STABLE FreeBSD 6.0-STABLE #0: Mon Nov 28 13:52:35 MSK 2005 root@bit.flexpro.ru:/usr/src/sys/i386/compile/HUB i386


	FreeBSD 6-STABLE on i386 since 6.0-RELEASE up to the 27-11-05 snapshot.
>Description:
	/etc/periodic/security/500.ipfwdenied issues a warning:
	ipfw: DEPRECATED: 'l' matched 'list' as a sub-string
>How-To-Repeat:
	Install a 6.0 system, enable ipfw and don't set the
	daily_status_security_ipfwdenied_enable="NO" in /etc/periodic.conf.

	In the first root security output, you'll see the warning.
>Fix:

	Patch is included:

--- /etc/periodic/security/500.ipfwdenied~	Sun May  8 11:05:12 2005
+++ /etc/periodic/security/500.ipfwdenied	Wed Nov 30 10:41:32 2005
@@ -42,7 +42,7 @@
 case "$daily_status_security_ipfwdenied_enable" in
     [Yy][Ee][Ss])
 	TMP=`mktemp -t security`
-	if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
+	if ipfw -a list 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
 	  check_diff new_only ipfw ${TMP} "${host} ipfw denied packets:"
 	fi
 	rc=$?
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Dec 1 09:57:39 GMT 2005 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=89789 
State-Changed-From-To: open->feedback 
State-Changed-By: oleg 
State-Changed-When: Tue Dec 6 20:53:24 GMT 2005 
State-Changed-Why:  

What is CVS id of your /etc/periodic/security/500.ipfwdenied file? The issue 
you are talking about was fixed in rev 1.6 almost year ago. It looks like your 
system was partially upgraded to RELENG_6_0 (did you ever run mergemaster?). 


http://www.freebsd.org/cgi/query-pr.cgi?pr=89789 

From: deskpot@dot.aerodome.ru (Vasily Korytov)
To: Oleg Bulyzhin <oleg@freebsd.org>
Cc: freebsd-ipfw@freebsd.org
Subject: Re: conf/89789: [patch] 500.ipfwdenied uses deprecated syntax of ipfw
Date: Wed, 07 Dec 2005 08:40:12 +0300

 On Tue, 6 Dec 2005 21:01:05 GMT, Oleg Bulyzhin wrote:
 
 > What is CVS id of your /etc/periodic/security/500.ipfwdenied file?
 
 1.5
 
 > The issue you are talking about was fixed in rev 1.6 almost year ago.
 > It looks like your system was partially upgraded to RELENG_6_0 (did
 > you ever run mergemaster?).
 
 Oops, indeed I did run it -- but only with -p option.
 Running it without this option helped. Thanks. =)
 
 -- 
    Oops! I sent it again.
State-Changed-From-To: feedback->closed 
State-Changed-By: oleg 
State-Changed-When: Wed Dec 7 15:48:31 GMT 2005 
State-Changed-Why:  
Nothing to do. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=89789 
>Unformatted:
