fix PREFIX in readme

Merge pull request 'iblock: kill established connections after the ban' (#3 ) from fork into main
Reviewed-on: solene/iblock#3
2022-09-18 14:31:03 +02:00 · 2022-09-17 15:25:57 +00:00 · 2022-09-17 16:52:03 +02:00 · 2022-08-30 07:26:22 +00:00 · 2022-08-25 10:04:53 +02:00
3 changed files with 18 additions and 7 deletions
--- a/2
+++ b/2
@ -9,7 +9,7 @@ PREFIX = /usr/local
 all: iblock
 iblock: main.c
-	${CC} -o iblock main.c
+	${CC} ${CFLAGS} -o iblock main.c
 clean:
 	rm -f iblock
--- a/README.md
+++ b/README.md
@ -4,6 +4,7 @@ iblock is an inetd program adding the client IP to a Packet Filter table.
 It is meant to be used to block scanner connecting on unused ports.
 Upon connection, the IP is added to a PF table and all established connections with this IP are killed.  You need to use a PF bloking rule using the table.
 # How to use
@ -26,8 +27,8 @@ permit nopass _iblock cmd /sbin/pfctl
 Start inetd service with this in `/etc/inetd.conf`:
 ```
-666 stream tcp nowait _iblock /usr/local/bin/iblock iblock
+666 stream tcp nowait _iblock /usr/local/sbin/iblock iblock
-666 stream tcp6 nowait _iblock /usr/local/bin/iblock iblock
+666 stream tcp6 nowait _iblock /usr/local/sbin/iblock iblock
 ```
 You can change the PF table by adding it as a parameter like this:
@ -35,8 +36,8 @@ You can change the PF table by adding it as a parameter like this:
 In this example, the parameter `blocklist` will add IPs to the `blocklist` PF table.
 ```
-666 stream tcp nowait _iblock /usr/local/bin/iblock iblock blocklist
+666 stream tcp nowait _iblock /usr/local/sbin/iblock iblock blocklist
-666 stream tcp6 nowait _iblock /usr/local/bin/iblock iblock blocklist
+666 stream tcp6 nowait _iblock /usr/local/sbin/iblock iblock blocklist
 ```
 Default is "iblocked" table.
--- a/main.c
+++ b/main.c
@ -5,6 +5,7 @@
 #include <netdb.h>
 #include <netinet/in.h>
 #include <syslog.h>
 #include <sys/wait.h>
 #include <unistd.h>
 #include <sys/socket.h>
@ -18,10 +19,11 @@ int main(int argc, char *argv[]){
 	char ip[INET6_ADDRSTRLEN] = {'\0'}; /* INET6_ADDRSTRLEN > INET_ADDRSTRLEN */
 	char table[TABLE_LEN] = DEFAULT_TABLE;
 	int status = 0;
 	pid_t id;
 	if (unveil("/usr/bin/doas", "rx") != 0)
 		err(1, "unveil");
-	if (pledge("exec inet stdio", NULL) != 0)
+	if (pledge("exec inet proc stdio", NULL) != 0)
 		err(1, "pledge");
 	/* configuration */
@ -46,7 +48,15 @@ int main(int argc, char *argv[]){
 	switch (sock.ss_family) {
 	case AF_INET: /* FALLTHROUGH */
 	case AF_INET6:
-		execl("/usr/bin/doas", "doas", "/sbin/pfctl", "-t", table, "-T", "add", ip, NULL);
+		id = fork();
 		// child process
 		if (id == 0) {
 			execl("/usr/bin/doas", "doas", "/sbin/pfctl", "-t", table, "-T", "add", ip, NULL);
 		} else { // parent process
 			wait(NULL);
 		}
 		execl("/usr/bin/doas", "doas", "/sbin/pfctl", "-k", ip, NULL);
 		break;
 	default:
 		exit(2);
Author	SHA1	Message	Date
prx	a2702bad84	fix PREFIX in readme	2022-09-18 14:31:03 +02:00
solene	747a833df3	Merge pull request 'iblock: kill established connections after the ban' (#3 ) from fork into main Reviewed-on: solene/iblock#3	2022-09-17 15:25:57 +00:00
Solene Rapenne	1f21555152	iblock: kill established connections after the ban	2022-09-17 16:52:03 +02:00
solene	f272f53c0c	Merge pull request 'actually use cflags' (#2 ) from prx/iblock:main into main Reviewed-on: solene/iblock#2	2022-08-30 07:26:22 +00:00
prx	7910b7ea11	actually use cflags	2022-08-25 10:04:53 +02:00