On 2022/09/03 14:00:47 +0200, prx <[email protected]> wrote: > * Uwe Werler <[email protected]> le [02-09-2022 16:50:21 +0200]: > > On 02 Sep 10:50, prx wrote: > > > Hello, > > > find attached a new port for iblock, > > > an inetd program adding the client IP to a pf table. > > > > > > Regards. > > > > > > prx > > > > > > > Index: infrastructure/db/user.list > > > =================================================================== > > > RCS file: /cvs/ports/infrastructure/db/user.list,v > > > retrieving revision 1.405 > > > diff -u -r1.405 user.list > > > --- infrastructure/db/user.list 27 Aug 2022 21:18:26 -0000 1.405 > > > +++ infrastructure/db/user.list 2 Sep 2022 08:48:14 -0000 > > > @@ -392,3 +392,4 @@ > > > 881 _opensearch _opensearch textproc/opensearch > > > 882 _opensearch-dashboards _opensearch-dashboards > > > www/opensearch-dashboards > > > 883 _step-ca _step-ca security/step-ca > > > +884 _iblock _iblock net/iblock > > > > Hi prx, > > > > you have to change the uid/gid in PLIST also to 884. > > > > Indeed. > Attached the port modified. > > Regards. > Index: infrastructure/db/user.list > =================================================================== > RCS file: /cvs/ports/infrastructure/db/user.list,v > retrieving revision 1.405 > diff -u -r1.405 user.list > --- infrastructure/db/user.list 27 Aug 2022 21:18:26 -0000 1.405 > +++ infrastructure/db/user.list 2 Sep 2022 08:48:14 -0000 > @@ -392,3 +392,4 @@ > 881 _opensearch _opensearch textproc/opensearch > 882 _opensearch-dashboards _opensearch-dashboards www/opensearch-dashboards > 883 _step-ca _step-ca security/step-ca > +884 _iblock _iblock net/iblock
some nits:
- don't start COMMENT with "an"
- double empty line before .include <bsd.port.mk>
- in @newuser drop :daemon: so that it reads:
@newuser _iblock:884:884::iblock inetd user:/nonexistent:/sbin/nologin
(yep, with the double ::)
- the sample commands in the README could use '#' instead of '$' as
prompt. it's probably not done consistenly across all READMEs, but
I think it's better to use '#' for commands that needs to be
executed as super-user and '$' otherwise. rcctl(8) falls in the
first category.
- the build doesn't respect CC and CFLAGS. For ${CC} the makefile
just needs an
MAKE_FLAGS = CC="${CC}"
for CFLAGS other than your latest patch upstream we usually drop
optimizations flags like -Os, so after it is updated that should be
taken care of.
regarding the port itself I think it's a nice idea but i don't
particularly like how it "shells out" to pfctl. it helps that the
code is very, very short (56 lines counting blanks and #includes), but
i'd probably prefer it if used pf(4)' ioctls. that's just me tho :)
here's a diff against your makefile and an updated tarball that are ok
for me to import if someone wants to ;)
--- Makefile.orig Wed Sep 7 17:07:18 2022
+++ Makefile Wed Sep 7 17:10:32 2022
@@ -1,4 +1,4 @@
-COMMENT = an inetd program blocking IP connecting to it
+COMMENT = inetd program to blackhole IPs connecting to it
V = 1.0.1
DISTNAME = iblock-${V}
@@ -18,5 +18,10 @@
DISTFILES = iblock-{}${V}${EXTRACT_SUFX}
WRKSRC = ${WRKDIR}/iblock
+MAKE_FLAGS = CC="${CC}"
+
+# XXX: until it is updated to respect CFLAGS
+do-build:
+ cd ${WRKSRC} && ${CC} ${CFLAGS} -o iblock main.c
.include <bsd.port.mk>
iblock.tar.gz
Description: GNU Zip compressed data
