* Omar Polo <[email protected]> le [07-09-2022 17:19:02 +0200]: > On 2022/09/03 14:00:47 +0200, prx <[email protected]> wrote: > > * Uwe Werler <[email protected]> le [02-09-2022 16:50:21 +0200]: > > > On 02 Sep 10:50, prx wrote: > > > > Hello, > > > > find attached a new port for iblock, > > > > an inetd program adding the client IP to a pf table. > > > > > > > > Regards. > > > > > > > > prx > > > > > > > > > > Index: infrastructure/db/user.list > > > > =================================================================== > > > > RCS file: /cvs/ports/infrastructure/db/user.list,v > > > > retrieving revision 1.405 > > > > diff -u -r1.405 user.list > > > > --- infrastructure/db/user.list 27 Aug 2022 21:18:26 -0000 1.405 > > > > +++ infrastructure/db/user.list 2 Sep 2022 08:48:14 -0000 > > > > @@ -392,3 +392,4 @@ > > > > 881 _opensearch _opensearch textproc/opensearch > > > > 882 _opensearch-dashboards _opensearch-dashboards > > > > www/opensearch-dashboards > > > > 883 _step-ca _step-ca security/step-ca > > > > +884 _iblock _iblock net/iblock > > > > > > Hi prx, > > > > > > you have to change the uid/gid in PLIST also to 884. > > > > > > > Indeed. > > Attached the port modified. > > > > Regards. > > Index: infrastructure/db/user.list > > =================================================================== > > RCS file: /cvs/ports/infrastructure/db/user.list,v > > retrieving revision 1.405 > > diff -u -r1.405 user.list > > --- infrastructure/db/user.list 27 Aug 2022 21:18:26 -0000 1.405 > > +++ infrastructure/db/user.list 2 Sep 2022 08:48:14 -0000 > > @@ -392,3 +392,4 @@ > > 881 _opensearch _opensearch textproc/opensearch > > 882 _opensearch-dashboards _opensearch-dashboards www/opensearch-dashboards > > 883 _step-ca _step-ca security/step-ca > > +884 _iblock _iblock net/iblock > > > some nits: > > - don't start COMMENT with "an" > - double empty line before .include <bsd.port.mk> > - in @newuser drop :daemon: so that it reads: > > @newuser _iblock:884:884::iblock inetd user:/nonexistent:/sbin/nologin > > (yep, with the double ::) > > - the sample commands in the README could use '#' instead of '$' as > prompt. it's probably not done consistenly across all READMEs, but > I think it's better to use '#' for commands that needs to be > executed as super-user and '$' otherwise. rcctl(8) falls in the > first category. > > - the build doesn't respect CC and CFLAGS. For ${CC} the makefile > just needs an > > MAKE_FLAGS = CC="${CC}" > > for CFLAGS other than your latest patch upstream we usually drop > optimizations flags like -Os, so after it is updated that should be > taken care of. >
Thank you for checking this. > regarding the port itself I think it's a nice idea but i don't > particularly like how it "shells out" to pfctl. it helps that the > code is very, very short (56 lines counting blanks and #includes), but > i'd probably prefer it if used pf(4)' ioctls. that's just me tho :) > I understand. I guess doas was preffered for privileges separation. I'll look into pf(4) and see where it leads. > here's a diff against your makefile and an updated tarball that are ok > for me to import if someone wants to ;) >
