13 if [ -f "/etc/ipfw-blacklist.rc" ]; then
15 . /etc/ipfw-blacklist.rc
16 ipfw_offset=${ipfw_offset:-2000}
20 for f in npf pf ipf; do
21 if [ -f "/etc/$f.conf" ]; then
29 echo "$0: Unsupported packet filter" 1>&2
45 if [ "$5" = 128 ]; then
55 /sbin/ipfstat -io | /sbin/ipf -I -f - >/dev/null 2>&1
56 echo block in quick $proto from $addr/$mask to \
57 any port=$6 head port$6 | \
58 /sbin/ipf -I -f - -s >/dev/null 2>&1 && echo OK
61 # use $ipfw_offset+$port for rule number
62 rule=$(($ipfw_offset + $6))
64 /sbin/ipfw table $tname create type addr 2>/dev/null
65 /sbin/ipfw -q table $tname add "$addr/$mask"
66 # if rule number $rule does not already exist, create it
67 /sbin/ipfw show $rule >/dev/null 2>&1 || \
68 /sbin/ipfw add $rule drop $3 from \
69 table"("$tname")" to any dst-port $6 >/dev/null && \
73 /sbin/npfctl rule "$2" add block in final $proto from \
74 "$addr/$mask" to any $port
77 # if the filtering rule does not exist, create it
78 /sbin/pfctl -a "$2/$6" -sr 2>/dev/null | \
79 grep -q "<port$6>" || \
80 echo "block in quick $proto from <port$6> to any $port" | \
81 /sbin/pfctl -a "$2/$6" -f -
82 # insert $ip/$mask into per-protocol/port anchored table
83 /sbin/pfctl -qa "$2/$6" -t "port$6" -T add "$addr/$mask" && \
84 /sbin/pfctl -q -k $addr && echo OK
91 /sbin/ipfstat -io | /sbin/ipf -I -f - >/dev/null 2>&1
92 echo block in quick $proto from $addr/$mask to \
93 any port=$6 head port$6 | \
94 /sbin/ipf -I -r -f - -s >/dev/null 2>&1 && echo OK
97 /sbin/ipfw table "port$6" delete "$addr/$mask" 2>/dev/null && \
101 /sbin/npfctl rule "$2" rem-id "$7"
104 /sbin/pfctl -qa "$2/$6" -t "port$6" -T delete "$addr/$mask" && \
112 /sbin/ipf -Z -I -Fi -s > /dev/null && echo OK
115 /sbin/ipfw table "port$6" flush 2>/dev/null && echo OK
118 /sbin/npfctl rule "$2" flush
121 # dynamically determine which anchors exist
122 anchors=$(/sbin/pfctl -a $2 -s Anchors)
123 for anchor in $anchors; do
124 /sbin/pfctl -a $anchor -t "port${anchor##*/}" -T flush
125 /sbin/pfctl -a $anchor -F rules
132 echo "$0: Unknown command '$1'" 1>&2