Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/blacklist/libexec fixes from FreeBSD via Kurt Lidl
details: https://anonhg.NetBSD.org/src/rev/20ce0c188210
branches: trunk
changeset: 352128:20ce0c188210
user: christos <christos%NetBSD.org@localhost>
date: Fri Mar 17 20:42:42 2017 +0000
description:
fixes from FreeBSD via Kurt Lidl
diffstat:
external/bsd/blacklist/libexec/blacklistd-helper | 55 ++++++++++++++---------
1 files changed, 33 insertions(+), 22 deletions(-)
diffs (110 lines):
diff -r 01af2f75423b -r 20ce0c188210 external/bsd/blacklist/libexec/blacklistd-helper
--- a/external/bsd/blacklist/libexec/blacklistd-helper Fri Mar 17 17:26:20 2017 +0000
+++ b/external/bsd/blacklist/libexec/blacklistd-helper Fri Mar 17 20:42:42 2017 +0000
@@ -10,10 +10,10 @@
# $7 id
pf=
-if [ -z "$pf" -a -f "/etc/ipfw-blacklist.rc" ]; then
- pf="ipfw"
- . /etc/ipfw-blacklist.rc
- ipfw_offset=${ipfw_offset:-2000}
+if [ -f "/etc/ipfw-blacklist.rc" ]; then
+ pf="ipfw"
+ . /etc/ipfw-blacklist.rc
+ ipfw_offset=${ipfw_offset:-2000}
fi
if [ -z "$pf" ]; then
@@ -52,9 +52,10 @@
add)
case "$pf" in
ipf)
- /sbin/ipfstat -io | /sbin/ipf -I -f -
- echo block in quick proto $proto from $addr/$mask to \
- any port=$port head $port$6 | /sbin/ipf -I -f - -s
+ /sbin/ipfstat -io | /sbin/ipf -I -f - >/dev/null 2>&1
+ echo block in quick $proto from $addr/$mask to \
+ any port=$6 head port$6 | \
+ /sbin/ipf -I -f - -s >/dev/null 2>&1 && echo OK
;;
ipfw)
# use $ipfw_offset+$port for rule number
@@ -62,52 +63,62 @@
tname="port$6"
/sbin/ipfw table $tname create type addr 2>/dev/null
/sbin/ipfw -q table $tname add "$addr/$mask"
- /sbin/ipfw -q add $rule drop $3 from "table("$tname")" to \
- any dst-port $6
+ # if rule number $rule does not already exist, create it
+ /sbin/ipfw show $rule >/dev/null 2>&1 || \
+ /sbin/ipfw add $rule drop $3 from \
+ table"("$tname")" to any dst-port $6 >/dev/null && \
+ echo OK
;;
npf)
/sbin/npfctl rule "$2" add block in final $proto from \
"$addr/$mask" to any $port
;;
pf)
- # insert $ip/$mask into per-protocol anchored table
- /sbin/pfctl -a "$2" -t "port$6" -T add "$addr/$mask"
- echo "block in quick $proto from <port$6> to any $port" | \
- /sbin/pfctl -a "$2" -f -
+ # if the filtering rule does not exist, create it
+ /sbin/pfctl -a "$2/$6" -sr 2>/dev/null | \
+ grep -q "<port$6>" || \
+ echo "block in quick $proto from <port$6> to any $port" | \
+ /sbin/pfctl -a "$2/$6" -f -
+ # insert $ip/$mask into per-protocol/port anchored table
+ /sbin/pfctl -a "$2/$6" -t "port$6" -T add "$addr/$mask" && \
+ echo OK
;;
esac
;;
rem)
case "$pf" in
ipf)
- /sbin/ipfstat -io | /sbin/ipf -I -f -
- echo block in quick proto $proto from $addr/$mask to any \
- port =$port head port$6 | /sbin/ipf -r -f - -s
+ /sbin/ipfstat -io | /sbin/ipf -I -f - >/dev/null 2>&1
+ echo block in quick $proto from $addr/$mask to \
+ any port=$6 head port$6 | \
+ /sbin/ipf -I -r -f - -s >/dev/null 2>&1 && echo OK
;;
ipfw)
- /sbin/ipfw table "port$6" delete "$addr/$mask" 2>/dev/null
+ /sbin/ipfw table "port$6" delete "$addr/$mask" 2>/dev/null && \
+ echo OK
;;
npf)
/sbin/npfctl rule "$2" rem-id "$7"
;;
pf)
- /sbin/pfctl -a "$2" -t "port$6" -T delete "$addr/$mask"
+ /sbin/pfctl -a "$2/$6" -t "port$6" -T delete "$addr/$mask" && \
+ echo OK
;;
esac
;;
flush)
- case "$pf" in
+ case "$pf" in
ipf)
- /sbin/ipf -Z -I -Fa -s
+ /sbin/ipf -Z -I -Fi -s > /dev/null && echo OK
;;
ipfw)
- /sbin/ipfw table "port$6" flush 2>/dev/null
+ /sbin/ipfw table "port$6" flush 2>/dev/null && echo OK
;;
npf)
/sbin/npfctl rule "$2" flush
;;
pf)
- /sbin/pfctl -a "$2" -t "port$6" -T flush
+ /sbin/pfctl -a "$2/$6" -t "port$6" -T flush && echo OK
;;
esac
;;
Home |
Main Index |
Thread Index |
Old Index