CVS commit: src/external/bsd/blacklist/libexec

Thu, 09 Jun 2016 12:00:12 -0700 

Module Name:    src
Committed By:   christos
Date:           Thu Jun  9 18:59:32 UTC 2016

Modified Files:
        src/external/bsd/blacklist/libexec: blacklistd-helper

Log Message:
Support ipfw and ipf from FreeBSD


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 \
    src/external/bsd/blacklist/libexec/blacklistd-helper

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/external/bsd/blacklist/libexec/blacklistd-helper
diff -u src/external/bsd/blacklist/libexec/blacklistd-helper:1.9 src/external/bsd/blacklist/libexec/blacklistd-helper:1.10
--- src/external/bsd/blacklist/libexec/blacklistd-helper:1.9	Fri Mar 11 17:40:04 2016
+++ src/external/bsd/blacklist/libexec/blacklistd-helper	Thu Jun  9 14:59:31 2016
@@ -10,12 +10,20 @@
 # $7 id
 
 pf=
-for f in npf pf; do
-	if [ -f "/etc/$f.conf" ]; then
-		pf="$f"
-		break
-	fi
-done
+if [ -z "$pf" -a -f "/etc/ipfw-blacklist.rc" ]; then
+	  pf="ipfw"
+	  . /etc/ipfw-blacklist.rc
+	  ipfw_offset=${ipfw_offset:-2000}
+fi
+
+if [ -z "$pf" ]; then
+	for f in npf pf ipf; do
+		if [ -f "/etc/$f.conf" ]; then
+			pf="$f"
+			break
+		fi
+	done
+fi
 
 if [ -z "$pf" ]; then
 	echo "$0: Unsupported packet filter" 1>&2
@@ -43,6 +51,19 @@ esac
 case "$1" in
 add)
 	case "$pf" in
+	ipf)
+		echo block in quick proto $proto from $addr/$mask to \
+		    any port=$port | /sbin/ipf -f -
+		;;
+	ipfw)
+		# use $ipfw_offset+$port for rule number
+		rule=$(($ipfw_offset + $6))
+		tname="port$6"
+		/sbin/ipfw table $tname create type addr 2>/dev/null
+		/sbin/ipfw -q table $tname add "$addr/$mask"
+		/sbin/ipfw -q add $rule drop $3 from "table("$tname")" to \
+		    any dst-port $6
+		;;
 	npf)
 		/sbin/npfctl rule "$2" add block in final $proto from \
 		    "$addr/$mask" to any $port
@@ -57,6 +78,13 @@ add)
 	;;
 rem)
 	case "$pf" in
+	ipf)
+		echo "$0: $1 is unsupported by ipfilter" 1>&2
+		exit 1
+		;;
+	ipfw)
+		/sbin/ipfw table "port$6" delete "$addr/$mask" 2>/dev/null
+		;;
 	npf)
 		/sbin/npfctl rule "$2" rem-id "$7"
 		;;
@@ -67,6 +95,12 @@ rem)
 	;;
 flush)
 	case "$pf" in 
+	ipf)
+		/sbin/ipf -Z -I -Fa -s
+		;;
+	ipfw)
+		/sbin/ipfw table "port$6" flush 2>/dev/null
+		;;
 	npf)
 		/sbin/npfctl rule "$2" flush
 		;;

Reply via email to