Page MenuHomeFreeBSD

Make 502.pfdenied find blacklistd/* filter names dynamically
ClosedPublic

Authored by lidl on Sep 29 2016, 8:52 PM.

Details

Reviewers
emaste
kp
Summary

This change is needed to make the 520.pfdenied script find the new blacklistd/* anchor
points for reporting blocked traffic.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Lint Skipped
Unit
Unit Tests Skipped
Build Status
Buildable 5451
Build 5661: CI src buildJenkins

Event Timeline

lidl updated this revision to Diff 20828.Sep 29 2016, 8:52 PM
lidl retitled this revision from to Make 502.pfdenied find blacklistd/* filter names dynamically.
lidl updated this object.
lidl edited the test plan for this revision. (Show Details)
lidl added a reviewer: emaste.
lidl set the repository for this revision to rS FreeBSD src repository.
lidl added a reviewer: kp.Sep 29 2016, 9:30 PM
kp added inline comments.Oct 4 2016, 8:14 PM
etc/periodic/security/520.pfdenied
47
# echo $(pfctl -a "blacklistd" -sA)
pfctl: DIOCGETRULESETS: No such file or directory

So if there are no blacklistd anchors we end up with errors in the log, right?

lidl marked an inline comment as done.Oct 4 2016, 8:39 PM
lidl added inline comments.
etc/periodic/security/520.pfdenied
47

Good catch. I will upload a new diff momentarily.

lidl updated this revision to Diff 21045.Oct 4 2016, 8:41 PM
lidl marked an inline comment as done.

Address review comment about error messages when the pf anchor isn't defined.

kp accepted this revision.Oct 4 2016, 9:06 PM
kp edited edge metadata.
This revision is now accepted and ready to land.Oct 4 2016, 9:06 PM
lidl closed this revision.Oct 4 2016, 11:13 PM

I forgot to put the Phabricator review URL in the commit message. Manually closing.