On Tue, Sep 23, 2003 at 02:40:39AM -0600, jared r r spiegel wrote:
> tack a unique label on each one.
One could use (non-unique) labels like "matched_20030923", where the
prefix is used to find all rules that should be handled automatically,
and the second part is the date when the rule was matched the last time.
When you insert a rule, use the current date in the label.
Then, once a day, run a script that does the following
Traverse all rules (pfctl -vsr), generating a new ruleset
into a temporary file (pfctl -sr output is valid pfctl -f input)
If the rule has a label that starts with "matched_"
If the packet counter is > 0
Replace label with 'matched_$(date "+%C%y%m%d")'
Else
If date in label is smaller than current date - 30 days
Don't copy rule
Else
Copy rule verbatim
Else
Copy rule verbatim
Reload ruleset from temporary file, resets all counters to 0
You could probably do all of this in a single line, piping pfctl -vsr
into awk(1), piping output back into pfctl -f - ;)
Daniel
