[src/trunk]: src/external/bsd/blacklist/libexec Sort filters alphabetically; ...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/48125c17f430
branches:  trunk
changeset: 344046:48125c17f430
user:      christos <christos%NetBSD.org@localhost>
date:      Fri Mar 11 17:01:59 2016 +0000

description:
Sort filters alphabetically; make it easier to add ipf.

diffstat:

 external/bsd/blacklist/libexec/blacklistd-helper |  36 +++++++++++++----------
 1 files changed, 20 insertions(+), 16 deletions(-)

diffs (79 lines):

diff -r 8a0ee2d6be68 -r 48125c17f430 external/bsd/blacklist/libexec/blacklistd-helper
--- a/external/bsd/blacklist/libexec/blacklistd-helper  Fri Mar 11 15:35:28 2016 +0000
+++ b/external/bsd/blacklist/libexec/blacklistd-helper  Fri Mar 11 17:01:59 2016 +0000
@@ -9,11 +9,15 @@
 # $6 port
 # $7 id
 
-if [ -f /etc/pf.conf ]; then
-       pf="pf"
-elif [ -f /etc/npf.conf ]; then
-       pf="npf"
-else
+pf=
+for f in npf pf; do
+       if [ -f "/etc/$f.conf" ]; then
+               pf="$f"
+               break
+       fi
+done
+
+if [ -z "$pf" ]; then
        echo "$0: Unsupported packet filter" 1>&2
        exit 1
 fi
@@ -26,8 +30,8 @@
        port="port $6"
 fi
 
-addr=$4
-mask=$5
+addr="$4"
+mask="$5"
 case "$4" in
 ::ffff:*.*.*.*)
        if [ "$5" = 128 ]; then
@@ -39,34 +43,34 @@
 case "$1" in
 add)
        case "$pf" in
+       npf)
+               /sbin/npfctl rule "$2" add block in final $proto from \
+                   "$addr/$mask" to any $port
+               ;;
        pf)
                # insert $ip/$mask into per-protocol anchored table
                /sbin/pfctl -a "$2" -t "port$6" -T add "$addr/$mask"
                echo "block in quick $proto from <port$6> to any $port" | \
                    /sbin/pfctl -a "$2" -f -
                ;;
-       npf)
-               /sbin/npfctl rule $2 add block in final $proto from \
-                   $addr/$mask to any $port
-               ;;
        esac
        ;;
 rem)
        case "$pf" in
+       npf)
+               /sbin/npfctl rule "$2" rem-id "$7"
+               ;;
        pf)
                /sbin/pfctl -a "$2" -t "port$6" -T delete "$addr/$mask"
                ;;
-       npf)
-               /sbin/npfctl rule "$2" rem-id "$7"
-               ;;
        esac
        ;;
 flush)
        case "$pf" in 
+       npf)
+               /sbin/npfctl rule "$2" flush
        pf)
                /sbin/pfctl -a "$2" -t "port$6" -T flush
-       npf)
-               /sbin/npfctl rule "$2" flush
        esac
        ;;
 *)