Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/blocklist/libexec From pjuran at github:
details: https://anonhg.NetBSD.org/src/rev/047527a53e06
branches: trunk
changeset: 371809:047527a53e06
user: christos <christos%NetBSD.org@localhost>
date: Wed Oct 12 18:34:43 2022 +0000
description:
>From pjuran at github:
- Be quiet
- Kill active tcp connections from the blocked address
- Fix purge operation for pf, which must dynamically determine which filters
have been created, so the filters can be flushed by name.
diffstat:
external/bsd/blocklist/libexec/blocklistd-helper | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diffs (37 lines):
diff -r 7b8807922549 -r 047527a53e06 external/bsd/blocklist/libexec/blocklistd-helper
--- a/external/bsd/blocklist/libexec/blocklistd-helper Wed Oct 12 14:46:17 2022 +0000
+++ b/external/bsd/blocklist/libexec/blocklistd-helper Wed Oct 12 18:34:43 2022 +0000
@@ -151,8 +151,8 @@
echo "block in quick $proto from <port$6> to any $port" | \
/sbin/pfctl -a "$2/$6" -f -
# insert $ip/$mask into per-protocol/port anchored table
- /sbin/pfctl -a "$2/$6" -t "port$6" -T add "$addr/$mask" && \
- echo OK
+ /sbin/pfctl -qa "$2/$6" -t "port$6" -T add "$addr/$mask" && \
+ /sbin/pcftl -qk "$addr" && echo OK
;;
esac
@@ -184,7 +184,7 @@
;;
pf)
- /sbin/pfctl -a "$2/$6" -t "port$6" -T delete "$addr/$mask" && \
+ /sbin/pfctl -qa "$2/$6" -t "port$6" -T delete "$addr/$mask" && \
echo OK
;;
@@ -224,7 +224,12 @@
;;
pf)
- /sbin/pfctl -a "$2/$6" -t "port$6" -T flush && echo OK
+ # dynamically determine which anchors exist
+ for anchor in $(/sbin/pfctl -a "$2" -s Anchors); do
+ /sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush
+ /sbin/pfctl -a "$anchor" -F rules
+ done
+ echo OK
;;
esac
;;
Home |
Main Index |
Thread Index |
Old Index