diff options
| author | Aaron LI <aly@aaronly.me> | 2018-03-03 10:58:59 +0800 |
|---|---|---|
| committer | Aaron LI <aly@aaronly.me> | 2018-03-14 11:35:07 +0800 |
| commit | 02af593780427be8a8109517bab3450859425e49 (patch) | |
| tree | d542184e5c362e62aad61c7c90f5ee2142782d56 /roles/security/files | |
| parent | 252cab20ab941ea3c2ee7e954ef0e0d943f63b75 (diff) | |
| download | ansible-dfly-vps-02af593780427be8a8109517bab3450859425e49.tar.bz2 | |
Add security role: PF firewall, sshlockout
Diffstat (limited to 'roles/security/files')
| -rw-r--r-- | roles/security/files/600.clean-pf | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/roles/security/files/600.clean-pf b/roles/security/files/600.clean-pf new file mode 100644 index 0000000..d7ab0e6 --- /dev/null +++ b/roles/security/files/600.clean-pf @@ -0,0 +1,28 @@ +#!/bin/sh +# +# Clean up PF tables ... +# + +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_clean_pf_enable" in + [Yy][Ee][Ss]) + echo "" + echo "PF tables cleanup:" + : ${daily_clean_pf_expire:=86400} + for table in $daily_clean_pf_tables; do + echo "Cleanup table $table ..." + pfctl -t $table -T expire $daily_clean_pf_expire + rc=$? + done + ;; + *) + rc=0 + ;; +esac + +exit $rc |