Index: contrib/blacklist/libexec/blacklistd-helper
===================================================================
--- contrib/blacklist/libexec/blacklistd-helper
+++ contrib/blacklist/libexec/blacklistd-helper
@@ -10,7 +10,7 @@
 # $7 id
 
 pf=
-for f in npf pf; do
+for f in ipfw npf pf; do
 	if [ -f "/etc/$f.conf" ]; then
 		pf="$f"
 		break
@@ -22,6 +22,11 @@
 	exit 1
 fi
 
+if [ "$pf" = "ipfw" ]; then
+	. /etc/ipfw.conf
+	ipfw_offset=${ipfw_offset:-2000}
+fi
+
 if [ -n "$3" ]; then
 	proto="proto $3"
 fi
@@ -43,6 +48,13 @@
 case "$1" in
 add)
 	case "$pf" in
+	ipfw)
+		rule=$(( $ipfw_offset + $6 )) # use $ipfw_offset+$port for rule number
+		tname="port$6"
+		/sbin/ipfw table $tname create type addr 2>/dev/null
+		/sbin/ipfw -q table $tname add "$addr/$mask"
+		/sbin/ipfw -q add $rule drop ip from "table("$tname")" to any $6
+		;;
 	npf)
 		/sbin/npfctl rule "$2" add block in final $proto from \
 		    "$addr/$mask" to any $port
@@ -57,6 +69,9 @@
 	;;
 rem)
 	case "$pf" in
+	ipfw)
+		/sbin/ipfw table "port$6" delete "$addr/$mask" 2>/dev/null
+		;;
 	npf)
 		/sbin/npfctl rule "$2" rem-id "$7"
 		;;
@@ -67,6 +82,10 @@
 	;;
 flush)
 	case "$pf" in 
+	ipfw)
+		# XXX might not be the right thing to do...
+		/sbin/ipfw table "port$6" flush 2>/dev/null
+		;;
 	npf)
 		/sbin/npfctl rule "$2" flush
 		;;