Page MenuHomeFreeBSD
Differential D9681

improve ipfw rule creation for blacklist-helper script
ClosedPublic
Actions

Authored by lidl on Feb 20 2017, 1:13 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Dec 27, 12:11 AM
Unknown Object (File)
Sun, Dec 8, 12:48 PM
Unknown Object (File)
Dec 3 2024, 12:14 AM
Unknown Object (File)
Oct 24 2024, 9:49 PM
Unknown Object (File)
Oct 3 2024, 10:04 AM
Unknown Object (File)
Oct 2 2024, 9:37 PM
Unknown Object (File)
Oct 2 2024, 3:19 PM
Unknown Object (File)
Sep 30 2024, 3:54 AM
View All 78 Files
Subscribers
allanjude
imp

Details

Reviewers
emaste
allanjude
Commits
rS314324: MFC r314111: Improve ipfw rule creation for blacklist-helper script
rS314111: Improve ipfw rule creation for blacklist-helper script
Summary

The current blacklist-helper script adds a rule using 'ipfw add -q ...'
when a ipaddress/port needs to be blocked. The 'ipfw' command,
when using '-q', it not only suppresses output messages, changes the
behaviour so that it allows duplicate rules!

So, probe for an existing rule first, and if that probe fails, only then add
the rule.

Test Plan

Tested in a virtual machine, seems to work for me, but I am not an ipfw expert.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 7573

Event Timeline

lidl updated this revision to Diff 25401.Feb 20 2017, 1:13 AM
lidl retitled this revision from to improve ipfw rule creation for blacklist-helper script.
lidl updated this object.
lidl edited the test plan for this revision. (Show Details)
lidl added a reviewer: emaste.
lidl set the repository for this revision to rS FreeBSD src repository - subversion.
Herald added a subscriber: imp. · View Herald TranscriptFeb 20 2017, 1:13 AM
allanjude added a subscriber: allanjude.Feb 20 2017, 1:16 AM
allanjude added inline comments.
contrib/blacklist/libexec/blacklistd-helper
68

did you intend to drop the -q here?

allanjude added a reviewer: allanjude.Feb 20 2017, 1:19 AM
lidl added inline comments.Feb 20 2017, 2:06 AM
contrib/blacklist/libexec/blacklistd-helper
68

I thought about this a lot, and decided that I don't need it, since I'm redirecting away stdout.

emaste accepted this revision.Feb 22 2017, 4:56 PM
emaste edited edge metadata.

OK

This revision is now accepted and ready to land.Feb 22 2017, 4:56 PM
Closed by commit rS314111: Improve ipfw rule creation for blacklist-helper script (authored by lidl). · Explain WhyFeb 22 2017, 9:50 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
contrib/
blacklist/
libexec/
7 lines

Diff 25401

View Options

contrib/blacklist/libexec/blacklistd-helper

Loading...