From a2702bad8405a0a56ba176c88bca6bdaee0049f7 Mon Sep 17 00:00:00 2001 From: prx Date: Sun, 18 Sep 2022 14:31:03 +0200 Subject: [PATCH 1/2] fix PREFIX in readme --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8f022d3..8eb959a 100644 --- a/README.md +++ b/README.md @@ -27,8 +27,8 @@ permit nopass _iblock cmd /sbin/pfctl Start inetd service with this in `/etc/inetd.conf`: ``` -666 stream tcp nowait _iblock /usr/local/bin/iblock iblock -666 stream tcp6 nowait _iblock /usr/local/bin/iblock iblock +666 stream tcp nowait _iblock /usr/local/sbin/iblock iblock +666 stream tcp6 nowait _iblock /usr/local/sbin/iblock iblock ``` You can change the PF table by adding it as a parameter like this: @@ -36,8 +36,8 @@ You can change the PF table by adding it as a parameter like this: In this example, the parameter `blocklist` will add IPs to the `blocklist` PF table. ``` -666 stream tcp nowait _iblock /usr/local/bin/iblock iblock blocklist -666 stream tcp6 nowait _iblock /usr/local/bin/iblock iblock blocklist +666 stream tcp nowait _iblock /usr/local/sbin/iblock iblock blocklist +666 stream tcp6 nowait _iblock /usr/local/sbin/iblock iblock blocklist ``` Default is "iblocked" table. From b95e736dc727dbe574db3e8c91ecda5a4b10dcdd Mon Sep 17 00:00:00 2001 From: prx Date: Sun, 18 Sep 2022 14:43:53 +0200 Subject: [PATCH 2/2] add fork check for error and reformat --- main.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/main.c b/main.c index beda16f..d1be695 100644 --- a/main.c +++ b/main.c @@ -44,22 +44,29 @@ int main(int argc, char *argv[]){ exit(1); } - syslog(LOG_DAEMON, "blocking %s", ip); switch (sock.ss_family) { case AF_INET: /* FALLTHROUGH */ case AF_INET6: id = fork(); - // child process - if (id == 0) { - execl("/usr/bin/doas", "doas", "/sbin/pfctl", "-t", table, "-T", "add", ip, NULL); - } else { // parent process + if (id == -1) { + syslog(LOG_DAEMON, "fork error"); + exit(1); + } else if (id == 0) { + // child process + syslog(LOG_DAEMON, "blocking %s", ip); + execl("/usr/bin/doas", "doas", "/sbin/pfctl", + "-t", table, "-T", "add", ip, NULL); + + } else { + // parent process wait(NULL); + syslog(LOG_DAEMON, "kill states for %s", ip); + execl("/usr/bin/doas", "doas", "/sbin/pfctl", + "-k", ip, NULL); } - execl("/usr/bin/doas", "doas", "/sbin/pfctl", "-k", ip, NULL); break; default: exit(2); } } -