iblock/main.c

#include <stdlib.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <stdio.h>
#include <err.h>
#include <netdb.h>
#include <unistd.h>
#include <syslog.h>

int main(void){
        struct sockaddr sock;
        socklen_t slen = sizeof(sock);
        char host[1024] = "";
        char port[1044] = "";
        char cmd[1000] = "";
        int status;

	unveil("/usr/bin/doas", "rx");
	unveil("/sbin/pfctl", "rx");
	pledge("exec inet dns stdio", NULL);

        if(getpeername(0, &sock, &slen))
            err(1, "getpeername");

        status = getnameinfo(&sock, slen, host, sizeof host, port, sizeof port,
                        NI_NUMERICHOST|NI_NUMERICSERV);
	if(status > 0)
	{
            syslog(LOG_DAEMON, "getnameinfo error");
            exit(1);
	}

	syslog(LOG_DAEMON, "blocking %s", host);
	snprintf(cmd, sizeof(cmd), "/sbin/pfctl -t blocked -T add %s", host);

	syslog(LOG_DAEMON, "%s", cmd);
        switch(sock. sa_family)
        {
            case AF_INET:
                    execlp(cmd, cmd, NULL);
                    break;
            // case AF_INET6:
            //         printf("%s %s\n", host, cmd);
            //         break;
            default:
                    exit(2);
                    //puts("run from console");
        }
}
skeleton 2021-02-25 23:10:12 +00:00			`#include <stdlib.h>`
			`#include <netinet/in.h>`
			`#include <sys/socket.h>`
			`#include <stdio.h>`
			`#include <err.h>`
			`#include <netdb.h>`
Add a pfctl call + syslog 2021-02-28 09:54:36 +00:00			`#include <unistd.h>`
			`#include <syslog.h>`
skeleton 2021-02-25 23:10:12 +00:00
			`int main(void){`
			`struct sockaddr sock;`
			`socklen_t slen = sizeof(sock);`
			`char host[1024] = "";`
			`char port[1044] = "";`
Add a pfctl call + syslog 2021-02-28 09:54:36 +00:00			`char cmd[1000] = "";`
skeleton 2021-02-25 23:10:12 +00:00			`int status;`

Add a pfctl call + syslog 2021-02-28 09:54:36 +00:00			`unveil("/usr/bin/doas", "rx");`
			`unveil("/sbin/pfctl", "rx");`
			`pledge("exec inet dns stdio", NULL);`

skeleton 2021-02-25 23:10:12 +00:00			`if(getpeername(0, &sock, &slen))`
			`err(1, "getpeername");`

			`status = getnameinfo(&sock, slen, host, sizeof host, port, sizeof port,`
			`NI_NUMERICHOST\|NI_NUMERICSERV);`
			`if(status > 0)`
			`{`
Add a pfctl call + syslog 2021-02-28 09:54:36 +00:00			`syslog(LOG_DAEMON, "getnameinfo error");`
skeleton 2021-02-25 23:10:12 +00:00			`exit(1);`
			`}`

Add a pfctl call + syslog 2021-02-28 09:54:36 +00:00			`syslog(LOG_DAEMON, "blocking %s", host);`
			`snprintf(cmd, sizeof(cmd), "/sbin/pfctl -t blocked -T add %s", host);`

			`syslog(LOG_DAEMON, "%s", cmd);`
skeleton 2021-02-25 23:10:12 +00:00			`switch(sock. sa_family)`
			`{`
			`case AF_INET:`
Add a pfctl call + syslog 2021-02-28 09:54:36 +00:00			`execlp(cmd, cmd, NULL);`
skeleton 2021-02-25 23:10:12 +00:00			`break;`
Add a pfctl call + syslog 2021-02-28 09:54:36 +00:00			`// case AF_INET6:`
			`// printf("%s %s\n", host, cmd);`
			`// break;`
skeleton 2021-02-25 23:10:12 +00:00			`default:`
Add a pfctl call + syslog 2021-02-28 09:54:36 +00:00			`exit(2);`
			`//puts("run from console");`
skeleton 2021-02-25 23:10:12 +00:00			`}`
			`}`