D6753.id17393.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D6753.id17393.diff
View Options

	Index: contrib/blacklist/libexec/blacklistd-helper
	===================================================================
	--- contrib/blacklist/libexec/blacklistd-helper
	+++ contrib/blacklist/libexec/blacklistd-helper
	@@ -10,7 +10,7 @@
	# $7 id

	pf=
	-for f in npf pf; do
	+for f in ipfw npf pf; do
	if [ -f "/etc/$f.conf" ]; then
	pf="$f"
	break
	@@ -22,6 +22,11 @@
	exit 1
	fi

	+if [ "$pf" = "ipfw" ]; then
	+ . /etc/ipfw.conf
	+ ipfw_offset=${ipfw_offset:-2000}
	+fi
	+
	if [ -n "$3" ]; then
	proto="proto $3"
	fi
	@@ -43,6 +48,13 @@
	case "$1" in
	add)
	case "$pf" in
	+ ipfw)
	+ rule=$(( $ipfw_offset + $6 )) # use $ipfw_offset+$port for rule number
	+ tname="port$6"
	+ /sbin/ipfw table $tname create type addr 2>/dev/null
	+ /sbin/ipfw -q table $tname add "$addr/$mask"
	+ /sbin/ipfw -q add $rule drop ip from "table("$tname")" to any $6
	+ ;;
	npf)
	/sbin/npfctl rule "$2" add block in final $proto from \
	"$addr/$mask" to any $port
	@@ -57,6 +69,9 @@
	;;
	rem)
	case "$pf" in
	+ ipfw)
	+ /sbin/ipfw table "port$6" delete "$addr/$mask" 2>/dev/null
	+ ;;
	npf)
	/sbin/npfctl rule "$2" rem-id "$7"
	;;
	@@ -67,6 +82,10 @@
	;;
	flush)
	case "$pf" in
	+ ipfw)
	+ # XXX might not be the right thing to do...
	+ /sbin/ipfw table "port$6" flush 2>/dev/null
	+ ;;
	npf)
	/sbin/npfctl rule "$2" flush
	;;