Module Name: src
Committed By: christos
Date: Thu Jun 9 20:02:52 UTC 2016
Modified Files:
src/external/bsd/blacklist/libexec: blacklistd-helper
Log Message:
improve on ipfilter rules by Cy Schubert
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 \
src/external/bsd/blacklist/libexec/blacklistd-helper
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/libexec/blacklistd-helper
diff -u src/external/bsd/blacklist/libexec/blacklistd-helper:1.10 src/external/bsd/blacklist/libexec/blacklistd-helper:1.11
--- src/external/bsd/blacklist/libexec/blacklistd-helper:1.10 Thu Jun 9 14:59:31 2016
+++ src/external/bsd/blacklist/libexec/blacklistd-helper Thu Jun 9 16:02:52 2016
@@ -52,8 +52,9 @@ case "$1" in
add)
case "$pf" in
ipf)
+ /sbin/ipfstat -io | /sbin/ipf -I -f -
echo block in quick proto $proto from $addr/$mask to \
- any port=$port | /sbin/ipf -f -
+ any port=$port head $port$6 | /sbin/ipf -I -f - -s
;;
ipfw)
# use $ipfw_offset+$port for rule number
@@ -79,8 +80,9 @@ add)
rem)
case "$pf" in
ipf)
- echo "$0: $1 is unsupported by ipfilter" 1>&2
- exit 1
+ /sbin/ipfstat -io | /sbin/ipf -I -f -
+ echo block in quick proto $proto from $addr/$mask to any \
+ port =$port head port$6 | /sbin/ipf -r -f - -s
;;
ipfw)
/sbin/ipfw table "port$6" delete "$addr/$mask" 2>/dev/null
