From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 26435 invoked from network); 11 Dec 2023 18:56:08 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 11 Dec 2023 18:56:08 -0000 Received: from pb-smtp1.pobox.com ([64.147.108.70]) by 9front; Mon Dec 11 13:55:06 -0500 2023 Received: from pb-smtp1.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id BB1981B3032 for <9front@9front.org>; Mon, 11 Dec 2023 13:55:00 -0500 (EST) (envelope-from unobe@cpan.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=message-id :to:subject:date:from:in-reply-to:mime-version:content-type :content-transfer-encoding; s=sasl; bh=48ltjUqfywwpyzR+/ZQNv1lgH RKW9aVKdKHJSH2WkvE=; b=IrRHvH4waoe4RBcpvO5Mrt9m2j/LlT+g/4Mde3Ya2 i+BlHAZAq+UK/pvQCSgzoEbmmUQxtiDPZN6eW87dynCk1jSmp/VO1S8hekCTto9B PdYw0B+Nmdu6116R75OaMHbDXkvv25NWxjqKFHs4GLkclH1K6dPJuCDRpDupJgFq Qk= Received: from pb-smtp1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 5EC1F1B302E for <9front@9front.org>; Mon, 11 Dec 2023 13:55:00 -0500 (EST) (envelope-from unobe@cpan.org) Received: from strider.localdomain (unknown [24.205.13.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id 8C25C1B302A for <9front@9front.org>; Mon, 11 Dec 2023 13:54:59 -0500 (EST) (envelope-from unobe@cpan.org) Message-ID: <0C0E7B64F2E5A67D8B1525C4B2EF8C7A@smtp.pobox.com> To: 9front@9front.org Date: Mon, 11 Dec 2023 10:54:58 -0800 From: unobe@cpan.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Pobox-Relay-ID: C8B0F64C-9856-11EE-B082-78DCEB2EC81B-09620299!pb-smtp1.pobox.com List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: full-stack SOAP over SVG reduce/map-aware factory framework STM backend Subject: Re: [9front] [PITCH] ip/null Reply-To: 9front@9front.org Precedence: bulk FWIW, I haven't seen anyone else comment on this, but I like it. Quoth Jacob Moody : > As I play around more with 9front as my router, I found myself reaching for some > kind of 'firewall'. I find that we already have a pretty good interface in the kernel > in the form of ipmux. But there isn't too many ways of making use of it as is. I hacked up > something quick to just drop packets matching a filter on to the floor. If others find it > useful I can make up a man page and present again with a bit more polish. > > Some examples: > # Drop inbound private range > ip/null 'ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0' > > # google verboden > ip/null 'ifc=my.internal.ip;dst=8.8.8.8;src=192.168.0.0&255.255.0.0' > > thanks, > moody > > --- /dev/null > +++ b//sys/src/cmd/ip/null.c > @@ -1,0 +1,36 @@ > +#include > +#include > + > +void > +usage(void) > +{ > + fprint(2, "usage: %s filter\n", argv0); > + exits("usage"); > +} > + > +void > +main(int argc, char **argv) > +{ > + char buf[64 * 1024]; > + int fd; > + > + ARGBEGIN{ > + default: > + usage(); > + break; > + }ARGEND > + if(argc < 1) > + usage(); > + > + fd = dial(smprint("ipmux!%s", argv[0]), nil, nil, nil); > + if(fd < 0) > + sysfatal("dial: %r"); > + > + for(;;) > + switch(read(fd, buf, sizeof buf)){ > + case -1: > + sysfatal("read: %r"); > + case 0: > + return; > + } > +}