FreeBSD src
Go to file
Kurt Lidl ea3431376e Improve ipfw rule creation for blacklist-helper script
When blocking an address, the blacklist-helper script
needs to do the following things for the ipfw packet
filter:

 - create a table to hold the addresses to be blocked,
   so lookups can be done quickly, and place the address
   to be blocked in that table
 - create rule that does the lookup in the table and
   blocks the packet

The ipfw system allows multiple rules to be inserted for
a given rule number.  There only needs to be one rule
to do the lookup per port.  Modify the script to probe
for the existence of the rule before attempting to create
it, so only one rule is inserted, rather than one rule per
blocked address.

PR:		214980
Reported by:	azhegalov (at) gmail.com
Reviewed by:	emaste
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D9681
2017-02-22 21:50:37 +00:00
bin Use uintmax_t to print st_nlink. 2017-02-16 06:32:39 +00:00
cddl When patching USDT probes, use non-unique names for aliases of weak symbols. 2017-02-10 02:01:32 +00:00
contrib Improve ipfw rule creation for blacklist-helper script 2017-02-22 21:50:37 +00:00
crypto Only notify blacklistd for successful logins in auth.c 2017-02-19 20:35:39 +00:00
etc Remove more stray EISA refernces: ahb was removed. Remove the cross 2017-02-22 20:47:25 +00:00
gnu Use SRCTOP/OBJTOP and simplify output using :H instead of "../" for directory 2017-02-11 20:12:54 +00:00
include Add new catrigl.c (r313761) APIs to include/complex.h 2017-02-18 21:08:09 +00:00
kerberos5 Conditionalize adding ${KRB5DIR}/lib/gssapi/krb5/gkrb5_err.et to ETSRCS 2017-01-02 19:03:01 +00:00
lib Surround any unmangled C++ names in libcxxrt's version map with 'extern 2017-02-22 18:44:57 +00:00
libexec Handle protected symbols in rtld. 2017-02-09 23:33:06 +00:00
release Fix the hardware.html build. 2017-02-16 22:29:37 +00:00
rescue Remove pc98 support completely. 2017-01-28 02:22:15 +00:00
sbin [ifconfig] fix a memory leak! 2017-02-20 03:12:46 +00:00
secure Remove bdes(1) 2017-02-06 08:27:19 +00:00
share Remove more stray EISA refernces: ahb was removed. Remove the cross 2017-02-22 20:47:25 +00:00
sys Convert magic values into macros in the LinuxKPI scatterlist 2017-02-22 20:24:09 +00:00
targets Remove pc98 support completely. 2017-01-28 02:22:15 +00:00
tests Fix world build for archs where __builtin_debugtrap() does not work. 2017-02-22 04:35:07 +00:00
tools [wlanstats] We actually /do/ support per-STA stats! 2017-02-20 08:04:06 +00:00
usr.bin Better fix for r314098 2017-02-22 16:37:45 +00:00
usr.sbin Enable bsdinstall hardening options by default. 2017-02-21 09:37:33 +00:00
.arcconfig callsign isn't required anymore 2016-09-29 06:19:45 +00:00
.arclint phabricator related changes: 2015-04-20 20:33:22 +00:00
COPYRIGHT Bump copyright year. 2016-12-31 12:41:42 +00:00
LOCKS Explicitly require Security Officer's approval for kernel PRNG bits. 2013-09-17 14:19:05 +00:00
MAINTAINERS Remove myself from kern_timeout.c yeah! 2016-07-27 20:37:32 +00:00
Makefile Remove pc98 support completely. 2017-01-28 02:22:15 +00:00
Makefile.inc1 Document why cat is a bootstrap tool. 2017-02-21 18:49:30 +00:00
Makefile.libcompat Use cross-NM (XNM) in compat32 build 2017-01-27 03:43:18 +00:00
ObsoleteFiles.inc Remove lib/libpam tests after they were removed from the source tree in r313975 2017-02-20 01:45:12 +00:00
README README: remove nonexistent 'games' directory. 2016-05-18 10:43:13 +00:00
UPDATING add UPDATING entry for r314048, re-work of .zfs code 2017-02-21 17:54:38 +00:00

This is the top level of the FreeBSD source directory.  This file
was last revised on:
$FreeBSD$

For copyright information, please see the file COPYRIGHT in this
directory (additional copyright information also exists for some
sources in this tree - please see the specific source directories for
more information).

The Makefile in this directory supports a number of targets for
building components (or all) of the FreeBSD source tree.  See build(7)
and http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
for more information, including setting make(1) variables.

The `buildkernel` and `installkernel` targets build and install
the kernel and the modules (see below).  Please see the top of
the Makefile in this directory for more information on the
standard build targets and compile-time flags.

Building a kernel is a somewhat more involved process.  See build(7), config(8),
and http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
for more information.

Note: If you want to build and install the kernel with the
`buildkernel` and `installkernel` targets, you might need to build
world before.  More information is available in the handbook.

The kernel configuration files reside in the sys/<arch>/conf
sub-directory.  GENERIC is the default configuration used in release builds.
NOTES contains entries and documentation for all possible
devices, not just those commonly used.


Source Roadmap:
---------------

bin		System/user commands.

cddl		Various commands and libraries under the Common Development
		and Distribution License.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

sys		Kernel sources.

tests		Regression tests which can be run by Kyua.  See tests/README
		for additional information.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.


For information on synchronizing your source tree with one or more of
the FreeBSD Project's development branches, please see:

  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html