From 02af593780427be8a8109517bab3450859425e49 Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Sat, 3 Mar 2018 10:58:59 +0800
Subject: Add security role: PF firewall, sshlockout

---
 roles/security/files/600.clean-pf | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 roles/security/files/600.clean-pf

(limited to 'roles/security/files')

diff --git a/roles/security/files/600.clean-pf b/roles/security/files/600.clean-pf
new file mode 100644
index 0000000..d7ab0e6
--- /dev/null
+++ b/roles/security/files/600.clean-pf
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Clean up PF tables ...
+#
+
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+case "$daily_clean_pf_enable" in
+    [Yy][Ee][Ss])
+	echo ""
+	echo "PF tables cleanup:"
+        : ${daily_clean_pf_expire:=86400}
+        for table in $daily_clean_pf_tables; do
+            echo "Cleanup table $table ..."
+	    pfctl -t $table -T expire $daily_clean_pf_expire
+            rc=$?
+        done
+        ;;
+    *)
+        rc=0
+        ;;
+esac
+
+exit $rc
-- 
cgit v1.2.2