CVS commit: src/external/bsd/blacklist/libexec

[Christos Zoulas]

Module Name:    src
Committed By:   christos
Date:           Fri Mar 11 17:01:59 UTC 2016

Modified Files:
        src/external/bsd/blacklist/libexec: blacklistd-helper

Log Message:
Sort filters alphabetically; make it easier to add ipf.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/blacklist/libexec/blacklistd-helper

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/external/bsd/blacklist/libexec/blacklistd-helper
diff -u src/external/bsd/blacklist/libexec/blacklistd-helper:1.7 src/external/bsd/blacklist/libexec/blacklistd-helper:1.8
--- src/external/bsd/blacklist/libexec/blacklistd-helper:1.7	Fri Mar 11 10:35:28 2016
+++ src/external/bsd/blacklist/libexec/blacklistd-helper	Fri Mar 11 12:01:59 2016
@@ -9,11 +9,15 @@
 # $6 port
 # $7 id
 
-if [ -f /etc/pf.conf ]; then
-	pf="pf"
-elif [ -f /etc/npf.conf ]; then
-	pf="npf"
-else
+pf=
+for f in npf pf; do
+	if [ -f "/etc/$f.conf" ]; then
+		pf="$f"
+		break
+	fi
+done
+
+if [ -z "$pf" ]; then
 	echo "$0: Unsupported packet filter" 1>&2
 	exit 1
 fi
@@ -26,8 +30,8 @@ if [ -n "$6" ]; then
 	port="port $6"
 fi
 
-addr=$4
-mask=$5
+addr="$4"
+mask="$5"
 case "$4" in
 ::ffff:*.*.*.*)
 	if [ "$5" = 128 ]; then
@@ -39,34 +43,34 @@ esac
 case "$1" in
 add)
 	case "$pf" in
+	npf)
+		/sbin/npfctl rule "$2" add block in final $proto from \
+		    "$addr/$mask" to any $port
+		;;
 	pf)
 		# insert $ip/$mask into per-protocol anchored table
 		/sbin/pfctl -a "$2" -t "port$6" -T add "$addr/$mask"
 		echo "block in quick $proto from <port$6> to any $port" | \
 		    /sbin/pfctl -a "$2" -f -
 		;;
-	npf)
-		/sbin/npfctl rule $2 add block in final $proto from \
-		    $addr/$mask to any $port
-		;;
 	esac
 	;;
 rem)
 	case "$pf" in
-	pf)
-		/sbin/pfctl -a "$2" -t "port$6" -T delete "$addr/$mask"
-		;;
 	npf)
 		/sbin/npfctl rule "$2" rem-id "$7"
 		;;
+	pf)
+		/sbin/pfctl -a "$2" -t "port$6" -T delete "$addr/$mask"
+		;;
 	esac
 	;;
 flush)
 	case "$pf" in 
-	pf)
-		/sbin/pfctl -a "$2" -t "port$6" -T flush
 	npf)
 		/sbin/npfctl rule "$2" flush
+	pf)
+		/sbin/pfctl -a "$2" -t "port$6" -T flush
 	esac
 	;;
 *)