From 7f474df2ee9a980b33629f0839fd423481fffad1 Mon Sep 17 00:00:00 2001
From: prx <prx@ybad.name>
Date: Mon, 22 Aug 2022 14:50:27 +0200
Subject: [PATCH 1/9] set TABLE_LEN according to pf source

---
 main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.c b/main.c
index 37f8615..280bfe4 100644
--- a/main.c
+++ b/main.c
@@ -10,7 +10,7 @@
 #include <sys/socket.h>
 
 #define DEFAULT_TABLE "blocked"
-#define TABLE_LEN 128 /* not sure what is pf table name length limit... */
+#define TABLE_LEN 32 /* see PF_TABLE_NAME_SIZE in net/pfvar.h */
 
 int main(int argc, char *argv[]){
 	struct sockaddr_storage sock;

From f9d12c9ef56b7e18b9ed100251204a318d87d100 Mon Sep 17 00:00:00 2001
From: prx <prx@ybad.name>
Date: Mon, 22 Aug 2022 14:50:40 +0200
Subject: [PATCH 2/9] avoid colision with common table names

---
 main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.c b/main.c
index 280bfe4..113b968 100644
--- a/main.c
+++ b/main.c
@@ -9,7 +9,7 @@
 
 #include <sys/socket.h>
 
-#define DEFAULT_TABLE "blocked"
+#define DEFAULT_TABLE "iblocked"
 #define TABLE_LEN 32 /* see PF_TABLE_NAME_SIZE in net/pfvar.h */
 
 int main(int argc, char *argv[]){

From 2b226c9a02e25f808b0bf3ee76dab4aaac6eb7a5 Mon Sep 17 00:00:00 2001
From: prx <prx@ybad.name>
Date: Mon, 22 Aug 2022 14:55:25 +0200
Subject: [PATCH 3/9] initialize variables, use strlcpy return value

---
 main.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/main.c b/main.c
index 113b968..3daa370 100644
--- a/main.c
+++ b/main.c
@@ -13,11 +13,11 @@
 #define TABLE_LEN 32 /* see PF_TABLE_NAME_SIZE in net/pfvar.h */
 
 int main(int argc, char *argv[]){
-	struct sockaddr_storage sock;
+	struct sockaddr_storage sock = {0};
 	socklen_t slen = sizeof(sock);
 	char ip[INET6_ADDRSTRLEN] = {'\0'}; /* INET6_ADDRSTRLEN > INET_ADDRSTRLEN */
 	char table[TABLE_LEN] = DEFAULT_TABLE;
-	int status;
+	int status = 0;
 
 	if (unveil("/usr/bin/doas", "rx") != 0)
 		err(1, "unveil");
@@ -26,9 +26,8 @@ int main(int argc, char *argv[]){
 
 	/* configuration */
 	if (argc == 2) {
-		if (strlen(argv[1]) > sizeof(table))
+		if (strlcpy(table, argv[1], TABLE_LEN) >= sizeof(table))
 			errx(1, "table name is too long");
-		strlcpy(table, argv[1], TABLE_LEN);
 	}
 
 	/* get socket structure */

From 7c1edb0feb0d5602c5ccb98c0d90525de66326b1 Mon Sep 17 00:00:00 2001
From: prx <prx@ybad.name>
Date: Mon, 22 Aug 2022 14:55:45 +0200
Subject: [PATCH 4/9] remove useless {}

---
 main.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/main.c b/main.c
index 3daa370..3d02529 100644
--- a/main.c
+++ b/main.c
@@ -25,10 +25,9 @@ int main(int argc, char *argv[]){
 		err(1, "pledge");
 
 	/* configuration */
-	if (argc == 2) {
+	if (argc == 2)
 		if (strlcpy(table, argv[1], TABLE_LEN) >= sizeof(table))
 			errx(1, "table name is too long");
-	}
 
 	/* get socket structure */
 	if(getpeername(STDIN_FILENO, (struct sockaddr *)&sock, &slen))

From 28eb2bfbeb1388e7b4d092f539859da365e66054 Mon Sep 17 00:00:00 2001
From: prx <prx@ybad.name>
Date: Mon, 22 Aug 2022 14:56:21 +0200
Subject: [PATCH 5/9] if and switch aren't functions

---
 main.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/main.c b/main.c
index 3d02529..295141a 100644
--- a/main.c
+++ b/main.c
@@ -30,20 +30,20 @@ int main(int argc, char *argv[]){
 			errx(1, "table name is too long");
 
 	/* get socket structure */
-	if(getpeername(STDIN_FILENO, (struct sockaddr *)&sock, &slen))
+	if (getpeername(STDIN_FILENO, (struct sockaddr *)&sock, &slen))
 		err(1, "getpeername");
 
 	/* get ip */
 	status = getnameinfo((struct sockaddr *)&sock, slen, ip, sizeof(ip),
 						  NULL, 0, NI_NUMERICHOST);
 
-	if(status != 0) {
+	if (status != 0) {
 		syslog(LOG_DAEMON, "getnameinfo error");
 		exit(1);
 	}
 
 	syslog(LOG_DAEMON, "blocking %s", ip);
-	switch(sock.ss_family) {
+	switch (sock.ss_family) {
 	case AF_INET: /* FALLTHROUGHT */
 	case AF_INET6:
 		execlp("/usr/bin/doas", "doas", "/sbin/pfctl", "-t", table, "-T", "add", ip, NULL);

From 9b755ab6271e5c3897b51ec0d0257f17413d4a83 Mon Sep 17 00:00:00 2001
From: prx <prx@ybad.name>
Date: Mon, 22 Aug 2022 14:56:35 +0200
Subject: [PATCH 6/9] typo

---
 main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.c b/main.c
index 295141a..f0317de 100644
--- a/main.c
+++ b/main.c
@@ -44,7 +44,7 @@ int main(int argc, char *argv[]){
 
 	syslog(LOG_DAEMON, "blocking %s", ip);
 	switch (sock.ss_family) {
-	case AF_INET: /* FALLTHROUGHT */
+	case AF_INET: /* FALLTHROUGH */
 	case AF_INET6:
 		execlp("/usr/bin/doas", "doas", "/sbin/pfctl", "-t", table, "-T", "add", ip, NULL);
 		break;

From 3cadbbe7df91012ee47d3f0508f8da3942411092 Mon Sep 17 00:00:00 2001
From: prx <prx@ybad.name>
Date: Mon, 22 Aug 2022 15:02:17 +0200
Subject: [PATCH 7/9] no need to look in PATH

---
 main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.c b/main.c
index f0317de..397d676 100644
--- a/main.c
+++ b/main.c
@@ -46,7 +46,7 @@ int main(int argc, char *argv[]){
 	switch (sock.ss_family) {
 	case AF_INET: /* FALLTHROUGH */
 	case AF_INET6:
-		execlp("/usr/bin/doas", "doas", "/sbin/pfctl", "-t", table, "-T", "add", ip, NULL);
+		execl("/usr/bin/doas", "doas", "/sbin/pfctl", "-t", table, "-T", "add", ip, NULL);
 		break;
 	default:
 		exit(2);

From 8fe70f68e8a8912d68201440a28bd2f023bdfb21 Mon Sep 17 00:00:00 2001
From: prx <prx@ybad.name>
Date: Mon, 22 Aug 2022 15:04:26 +0200
Subject: [PATCH 8/9] make sure PREFIX is set

---
 Makefile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Makefile b/Makefile
index 0421d4a..5baf4c5 100644
--- a/Makefile
+++ b/Makefile
@@ -2,6 +2,10 @@ CFLAGS  += -pedantic -Wall -Wextra -Wmissing-prototypes \
            -Werror -Wshadow -Wstrict-overflow -fno-strict-aliasing \
            -Wstrict-prototypes -Wwrite-strings \
 		   -Os
+
+PREFIX = /usr/local
+
+
 all: iblock
 	
 iblock: main.c

From ff5ff21ca5e290eec4fd5b04ea74eb5ded1ec945 Mon Sep 17 00:00:00 2001
From: prx <prx@ybad.name>
Date: Mon, 22 Aug 2022 15:05:26 +0200
Subject: [PATCH 9/9] make install is set

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e3ed392..cb19422 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,8 @@ In this example, the parameter `blocklist` will add IPs to the `blocklist` PF ta
 666 stream tcp6 nowait _iblock /usr/local/bin/iblock iblock blocklist
 ```
 
+Default is "iblocked" table.
+
 ## Configure packet filter
 
 Use this in `/etc/pf.conf`, choose which ports will trigger the ban from the variable:
@@ -65,5 +67,4 @@ In the example I added a label to the block rule, you can use `pfctl -s labels`
 
 # TODO
 
-- make install doing something
 - A proper man page