Index: config ================================================================== --- config +++ config @@ -1,37 +1,10 @@ -# blacklistbl/whitelistbl blacklist -# whitelist/blacklist cidr - - - blacklistbl dnsbl.sorbs.net - blacklistbl relay.ordb.org - whitelist 127.0.0.0/8 - - -# uncomment this if you wish the fallthrough action to be to reject. -#FallthroughAccept no - -# uncomment this if you wish to handle other destination ports than SMTP. -# this is here so that you don't do something really stupid without reading -# the wiki and understanding all of the ramifications. -#AllowNonPort25 no - -# uncomment this if you want to allow packets that don't have the SYN -# flag set. -#AllowNonSyn no - -# uncomment this to accept unconditionally while still logging as if you've -# done the rejecting. -#DryRun no - -# uncomment this to set the size of the cache to use. -#CacheSize 8192 - -# uncomment this to set the time-to-live for cached entries (in seconds) -#CacheTTL 3600 - -#LogFacility daemon - -# Set this to true to cause PacketBL to *NOT* write to syslog() every time a -# packet is processed. -#Quiet no +options: { + allow_nonport25 = false; + dryrun = false; + queueno = 2; + quiet = false; + debug = 2; +}; + +blacklist = [ "127.0.0.1" ]; Index: packetbl.c ================================================================== --- packetbl.c +++ packetbl.c @@ -81,12 +81,12 @@ uint8_t b1; uint8_t b2; uint8_t b3; uint8_t b4; - int s_port; - int d_port; + unsigned int s_port; + unsigned int d_port; int flags; }; struct cidr { @@ -121,11 +121,11 @@ struct config_entry *whitelistbl; struct config_entry *blacklist; struct config_entry *whitelist; }; -static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 0, 0, 0, NULL, NULL, NULL, NULL }; +static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 1, 0, 0, NULL, NULL, NULL, NULL }; struct pbl_stat_info { uint32_t cacheaccept; uint32_t cachereject; uint32_t whitelistblhits; @@ -419,15 +419,15 @@ if (check_packet_list(&ip, conf.blacklist) == 1) { get_ip_string(&ip); if (!conf.quiet) { if (conf.debug == 0) { syslog(LOG_INFO, - "[reject blacklist] [%s]", + "[reject blacklist] [%s]\n", msgbuf); } else { fprintf(stderr, - "[reject blacklist] [%s]", + "[reject blacklist] [%s]\n", msgbuf); } } statistics.blacklisthits++; @@ -842,10 +842,11 @@ config_lookup_bool(config, "options.fallthroughaccept", &conf.default_accept); config_lookup_bool(config, "options.allownonport25", &conf.allow_non25); config_lookup_bool(config, "options.dryrun", &conf.dryrun); config_lookup_bool(config, "options.allownonsyn", &conf.allow_nonsyn); config_lookup_bool(config, "options.quiet", &conf.quiet); + config_lookup_int(config, "options.debug", &conf.debug); #ifdef USE_CACHE config_lookup_int(config, "cache.ttl", &packet_cache_ttl); if (packet_cache_ttl < 0) { @@ -872,11 +873,11 @@ i++; } } } - config_lookup_int(config, "config.queueno", &conf.queueno); + config_lookup_int(config, "options.queueno", &conf.queueno); if (conf.queueno < 0) { conf.queueno = 1; fprintf(stderr, "queueno negative - using default"); } @@ -907,12 +908,15 @@ #ifdef HAVE_FIREDNS size_t blacklistlen = 0; #endif len = config_setting_length(c); - while (i++ < len) { + while (i < len) { setting = config_setting_get_string_elem(c, i); + if (setting == NULL) { + break; + } ce = malloc(sizeof(struct config_entry)); if (ce == NULL) { /* shouldn't happen... */ fprintf(stderr, "Failed to allocate memory for ce struct\n"); exit(EXIT_FAILURE); @@ -924,10 +928,12 @@ blacklistlen = strlen(ce->string); if (ce->string[blacklistlen - 1] == '.') { ce->string[blacklistlen - 1] = '\0'; } #endif + + i++; switch (type) { case 1: if (conf.blacklistbl == NULL) { conf.blacklistbl = ce; @@ -942,10 +948,11 @@ continue; } else { tmp = conf.whitelistbl; } case 3: + fprintf(stderr, "got %s for blacklist\n", ce->string); if (parse_cidr(ce) == -1) { fprintf(stderr, "Error parsing CIDR in %s, ignoring\n", ce->string); free(ce->string); free(ce); continue; @@ -1331,11 +1338,11 @@ exit(1); } return; } - rv = snprintf(msgbuf, sizeof(msgbuf), "%hhu.%hhu.%hhu.%hhu:%d.%d", + rv = snprintf(msgbuf, sizeof(msgbuf), "%hhu.%hhu.%hhu.%hhu:%hu.%hu", ip->b1, ip->b2, ip->b3, ip->b4, ip->s_port,ip->d_port); if (rv < 0) { syslog(LOG_ERR, "snprintf failed in line %d: %s", __LINE__, strerror(errno));