Module Name: src
Committed By: christos
Date: Wed Oct 12 18:34:43 UTC 2022
Modified Files:
src/external/bsd/blocklist/libexec: blocklistd-helper
Log Message:
>From pjuran at github:
- Be quiet
- Kill active tcp connections from the blocked address
- Fix purge operation for pf, which must dynamically determine which filters
have been created, so the filters can be flushed by name.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blocklist/libexec/blocklistd-helper
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/libexec/blocklistd-helper
diff -u src/external/bsd/blocklist/libexec/blocklistd-helper:1.3 src/external/bsd/blocklist/libexec/blocklistd-helper:1.4
--- src/external/bsd/blocklist/libexec/blocklistd-helper:1.3 Mon Mar 8 16:48:22 2021
+++ src/external/bsd/blocklist/libexec/blocklistd-helper Wed Oct 12 14:34:43 2022
@@ -151,8 +151,8 @@ add)
echo "block in quick $proto from <port$6> to any $port" | \
/sbin/pfctl -a "$2/$6" -f -
# insert $ip/$mask into per-protocol/port anchored table
- /sbin/pfctl -a "$2/$6" -t "port$6" -T add "$addr/$mask" && \
- echo OK
+ /sbin/pfctl -qa "$2/$6" -t "port$6" -T add "$addr/$mask" && \
+ /sbin/pcftl -qk "$addr" && echo OK
;;
esac
@@ -184,7 +184,7 @@ rem)
;;
pf)
- /sbin/pfctl -a "$2/$6" -t "port$6" -T delete "$addr/$mask" && \
+ /sbin/pfctl -qa "$2/$6" -t "port$6" -T delete "$addr/$mask" && \
echo OK
;;
@@ -224,7 +224,12 @@ flush)
;;
pf)
- /sbin/pfctl -a "$2/$6" -t "port$6" -T flush && echo OK
+ # dynamically determine which anchors exist
+ for anchor in $(/sbin/pfctl -a "$2" -s Anchors); do
+ /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush
+ /sbin/pfctl -a "$anchor" -F rules
+ done
+ echo OK
;;
esac
;;
