arizvisa · June 1, 2024 22:17
diff --git a/∕usr∕local∕etc b/∕usr∕local∕etc
 $ fuck gh's sorting algorithm and their decision of using the first filename as the gist uri...
diff --git a/∕usr∕local∕etc∕dhcpcd-hooks∕20-cache b/∕usr∕local∕etc∕dhcpcd-hooks∕20-cache
 #!/bin/sh
 . /etc/rc.subr
 name=cache
 dhcpcd_nsroots=/usr/local/etc/dnsroots.global
 load_rc_config

 # write domain-name-servers to the nameserver cache for dhcpcd
 nscache="$dhcpcd_nscache"
 nsroots="$dhcpcd_nsroots"
 nscache_dir="$svscan_servicedir/$nscache"

 dh_info()
 {
 	fmt=`printf "<%s>: %s{%s}: %s\n" "${name}" "${reason}" "${ifcarrier}" "$*"`
 	info "$fmt"
 }

 dh_warn()
 {
 	fmt=`printf "<%s>: %s{%s}: %s\n" "${name}" "${reason}" "${ifcarrier}" "$*"`
 	warn "$fmt"
 }

 # Sanity check our configuration
 if [ ! -e "$nsroots" ]; then
 	err 1 "dns global roots file $nsroots does not exist."
 elif [ -z "$nscache" ]; then
 	err 1 "dnscache service name is not specified."
 elif [ ! -d "$nscache_dir" ]; then
 	err 1 "dnscache service root $nscache_dir does not exist."
 fi

 case "$reason" in
 	PREINIT)
 		;;

 	INFORM6|EXPIRE6|STOP6|DELEGATED6)
 		dh_warn "dhcpcd has received $protocol information for ipv6 on $interface which is unimplemented."
 		;;

 	BOUND6|RENEW6|REBOOT6)
 		dh_info "dhcpcd has received a $protocol lease for ipv6 on $interface which is unimplemented."

 		dhcp6_server_id=${new_dhcp6_server_id}
 		dhcp6_client_id=${new_dhcp6_client_id}

 		dhcp6_ia_na1_iaid=${new_dhcp6_ia_na1_iaid}
 		dhcp6_ia_na1_ia_addr1=${new_dhcp6_ia_na1_ia_addr1}
 		dhcp6_ia_na1_ia_addr1_vltime=${new_dhcp6_ia_na1_ia_addr1_vltime}
 		dhcp6_ia_na1_ia_addr1_pltime=${new_dhcp6_ia_na1_ia_addr1_pltime}

 		dhcp6_ia_na1_t1=${new_dhcp6_ia_na1_t1}
 		dhcp6_ia_na1_t2=${new_dhcp6_ia_na1_t2}

 		dhcp6_name_servers=${new_dhcp6_name_servers}
 		dhcp6_fqdn_flags=${new_dhcp6_fqdn_flags}
 		;;

 	BOUND|RENEW|REBOOT)
 		dh_info "dhcpcd has received a $protocol lease for ipv4 on $interface which will require updating the ${nscache} cache."

 		ip_address=${new_ip_address}
 		subnet_mask=${new_subnet_mask}
 		network_number=${new_network_number}
 		broadcast_address=${new_broadcast_address}
 		subnet_cidr=${new_subnet_cidr}

 		routers=${new_routers}
 		domain_name=${new_domain_name}
 		domain_name_servers=${new_domain_name_servers}

 		dhcp_server_identifier=${new_dhcp_server_identifier}
 		dhcp_message_type=${new_dhcp_message_type}
 		dhcp_lease_time=${new_dhcp_lease_time}
 		dhcp_rebinding_time=${new_dhcp_rebinding_time}
 		dhcp_renewal_time=${new_dhcp_renewal_time}

 		# write name servers to cache
 		if ! checkyesno dhcpcd_useroots; then
 			echo -n >| "${nscache_dir}/root/servers/@"
 			for server in ${domain_name_servers}; do
 				dh_info "adding name server to cache: ${server}"
 				echo "${server}" >> "${nscache_dir}/root/servers/@"
 			done

 		elif [ -e "$nsroots" ]; then
 			dh_info "\$dhcpcd_useroots was set to true. adding the root nameservers to the $nscache cache."
 			echo -n >| "${nscache_dir}/root/servers/@"
 			cat "$dhcpcd_nsroots" | while read server; do 
 				dh_info "adding name server to cache: ${server}"
 				echo "${server}" >> "${nscache_dir}/root/servers/@"
 			done
 		else
 			dh_warn "\$dhcpcd_useroots was set to true, but the file at $nsroots was not found."
 		fi
 		;;

 	TIMEOUT)
 		if [ -e "$nsroots" ]; then
 			dh_warn "dhcpcd timed-out while trying to contact dhcpd. defaulting to an old lease with the nameservers at $nsroots as the name cache."
 			echo -n >| "${nscache_dir}/root/servers/@"
 			cat "$dhcpcd_nsroots" | while read server; do 
 				dh_info "adding name server to cache: ${server}"
 				echo "${server}" >> "${nscache_dir}/root/servers/@"
 			done
 		else
 			dh_warn "dhcpcd timed-out while trying to contact dhcpd. leaving nscache service $nscache untouched due to missing value for \$dhcpcd_nsroots."
 		fi
 		;;

 	STOP)
 		dh_warn "dhcpcd client has stopped. emptying cache from cache.internet."
 		echo -n >| "${nscache_dir}/root/servers/@"
 		;;
 esac
diff --git a/∕usr∕local∕etc∕dhcpcd-hooks∕20-dyndns b/∕usr∕local∕etc∕dhcpcd-hooks∕20-dyndns
 #!/bin/sh
 . /etc/rc.subr
 name=dyndns
 dhcpcd_dyndnsv4_data="data.dynamic"
 dhcpcd_dyndnsv4_external="external"
 load_rc_config

 # write bound address
 nsroot="$dhcpcd_dyndnsv4_ns"
 nsdata="$dhcpcd_dyndnsv4_data"
 nsdir="$svscan_servicedir/$nsroot"
 nsexternal="$dhcpcd_dyndnsv4_external"
 nsexternal_aliases="$dhcpcd_dyndnsv4_external_alias"

 dh_info()
 {
 	fmt=`printf "<%s>: %s{%s}: %s\n" "${name}" "${reason}" "${ifcarrier}" "$*"`
 	info "$fmt"
 }

 dh_warn()
 {
 	fmt=`printf "<%s>: %s{%s}: %s\n" "${name}" "${reason}" "${ifcarrier}" "$*"`
 	warn "$fmt"
 }

 inaddr_arpa()
 {
 	printf "%s\n" "$1" | tr '.' $'\n' | tail -r | tr -d ' ' | paste -sd. - | xargs printf '%s.in-addr.arpa\n'
 }

 # Sanity check our configuration
 if [ -z "$nsexternal" ]; then
 	err 1 "external record name is not specified."
 elif [ -z "$nsroot" ]; then
 	err 1 "tinydns service name is not specified."
 elif [ ! -d "$nsdir" ]; then
 	err 1 "tinydns service root $nsdir does not exist."
 fi

 # Now we can figure out the reason and update dns with the returned information.
 case "$reason" in
 	PREINIT)
 		;;

 	CARRIER|NOCARRIER)
 		dh_info "interface $interface has been brought $ifcarrier."
 		;;

 	INFORM6|BOUND6|RENEW6|EXPIRE6|STOP6)
 		dh_warn "dhcpcd has received $protocol information for ipv6 on $interface which is unimplemented."
 		;;
 	INFORM)
 		dh_info "dhcpcd has announced its configuration to server."
 		;;
 		
 	BOUND6|RENEW6|REBOOT6)
 		dhcp6_server_id=${new_dhcp6_server_id}
 		dhcp6_client_id=${new_dhcp6_client_id}
 		dhcp6_ia_na1_iaid=${new_dhcp6_ia_na1_iaid}

 		dhcp6_name_servers=${new_dhcp6_name_servers}
 		dhcp6_fqdn_flags=${new_dhcp6_fqdn_flags}

 		dhcp6_ia_na1_ia_addr1=${new_dhcp6_ia_na1_ia_addr1}
 		dhcp6_ia_na1_ia_addr1_vltime=${new_dhcp6_ia_na1_ia_addr1_vltime}
 		dhcp6_ia_na1_ia_addr1_pltime=${new_dhcp6_ia_na1_ia_addr1_pltime}

 		dhcp6_ia_na1_t1=${new_dhcp6_ia_na1_t1}
 		dhcp6_ia_na1_t2=${new_dhcp6_ia_na1_t2}

 		dh_info "dhcpcd has received a $protocol lease for ipv6 on $interface which is unimplemented."
 		dh_info "dhcpcd $protocol ia_addr $dhcp6_ia_nat1_ia_addr1."
 		for v6ns in ${dhcp6_name_servers}; do
 			dh_info "dhcpcd $protocol dns is at $v6ns."
 		done
 		;;

 	BOUND|RENEW|REBOOT)
 		dh_info "dhcpcd has received a $protocol lease for ipv4 on $interface."

 		ip_address=${new_ip_address}
 		subnet_mask=${new_subnet_mask}
 		network_number=${new_network_number}
 		broadcast_address=${new_broadcast_address}
 		subnet_cidr=${new_subnet_cidr}

 		routers=${new_routers}
 		domain_name=${new_domain_name}
 		domain_name_servers=${new_domain_name_servers}

 		dhcp_server_identifier=${new_dhcp_server_identifier}
 		dhcp_message_type=${new_dhcp_message_type}
 		dhcp_lease_time=${new_dhcp_lease_time}
 		dhcp_rebinding_time=${new_dhcp_rebinding_time}
 		dhcp_renewal_time=${new_dhcp_renewal_time}

 		# convert ipv4 to an inaddr.arpa name so that we can create a ptr record.
 		ip_address_ptr=`inaddr_arpa "$ip_address"`
 		ip_address_domain=`hostname -d`
 		external_name=`printf '%s.%s\n' "${nsexternal}" "${ip_address_domain}"`

 		# use address and hostname to write the host, ptr, and authority records to file.
 		dh_info "updating $nsroot with $hostname and address ${ip_address} (ttl ${dhcp_renewal_time})."

 		cat /dev/null >| "${nsdir}/root/${nsdata}"
 		printf '=%s:%s:%d\n' "${external_name}" "${ip_address}" "${dhcp_renewal_time}" >> "${nsdir}/root/${nsdata}"
 		printf '=%s:%s:%d\n' "${hostname}" "${ip_address}" "${dhcp_renewal_time}" >> "${nsdir}/root/${nsdata}"
 		printf '&%s::%s\n' "${ip_address_ptr}" "${hostname}" >> "${nsdir}/root/${nsdata}"

 		for alias in ${nsexternal_aliases}; do
 			external_alias=`printf '%s.%s\n' "${alias}" "${ip_address_domain}"`
 			printf 'C%s:%s\n' "${external_alias}" "${external_name}" >> "${nsdir}/root/${nsdata}"
 		done

 		# now to build it and we're done.
 		make -C "${nsdir}/root"
 		;;

 	TIMEOUT)
 		;;

 	STOP)
 		dh_warn "dhcpcd client has stopped. removing host from $nsdynamic_root."
 		echo -n >| "${nsdir}/root/${nsdata}"
 		make -C "${nsdir}/root"
 		;;

 	STOPPED|DEPARTED|FAIL)
 		dh_warn "dhcpcd has stopped or terminated unexpectedly on interface $interface."
 		;;
 esac
diff --git a/∕usr∕local∕etc∕dhcpcd.conf b/∕usr∕local∕etc∕dhcpcd.conf
 controlgroup daemon

 persistent
 gateway
 noalias
 waitip 4

 #hostname
 #clientid
 duid

 option rapid_commit
 option domain_name_servers, domain_name, domain_search, host_name
 option routers
 #option ntp_servers
 option interface_mtu

 require dhcp_server_identifier
 require domain_name_servers routers

 #slaac private
diff --git a/∕usr∕local∕etc∕ntp.conf b/∕usr∕local∕etc∕ntp.conf
 driftfile /var/db/ntp.drift
 logfile /var/log/ntp.log

 ### time sources

 ## default pool.ntp.org server
 pool pool.ntp.org iburst
 pool time.nist.gov iburst
 restrict source notrap nomodify noquery

 ### options
 disable auth
 disable monitor
 disable bclient
 disable mode7
 disable ntp
 disable stats

 ### restrictions
 discard average 5 minimum 2

 ## share time with everybody
 restrict -4 default kod notrap nomodify nopeer noquery nopeer limited
 restrict -6 default kod notrap nomodify nopeer noquery nopeer limited

 ## allow the loopback to sync
 restrict -4 127.0.0.1
 restrict -6 ::1

 ## allow other hosts to query ntpd
 restrict -4 192.168.10.0 mask 255.255.255.0 nomodify notrap nopeer
 restrict -4 192.168.20.0 mask 255.255.255.0 nomodify notrap nopeer
 restrict -4 192.168.30.0 mask 255.255.255.0 nomodify notrap nopeer
 restrict -4 192.168.40.0 mask 255.255.255.0 nomodify notrap nopeer
 restrict -4 192.168.50.0 mask 255.255.255.0 nomodify notrap nopeer
 restrict -4 192.168.254.0 mask 255.255.255.0 nomodify notrap nopeer
diff --git a/∕usr∕local∕etc∕periodic∕999.dns-over-http b/∕usr∕local∕etc∕periodic∕999.dns-over-http
 #!/bin/sh -
 ARG0=`basename "$0"`

 # read the system configuration
 . /etc/rc.subr
 load_rc_config

 # now we can read the periodic configuration
 if [ -r /etc/defaults/periodic.conf ]; then
 	. /etc/defaults/periodic.conf
 	source_periodic_confs
 fi

 info()
 {
 	format="$1"
 	shift
 	printf "$ARG0:INFO $format" "$@"
 }

 warn()
 {
 	format="$1"
 	shift
 	printf "$ARG0:WARNING $format" "$@"
 }

 error()
 {
 	format="$1"
 	shift
 	printf "$ARG0:ERROR $format" "$@"
 }

 nl()
 {
 	printf '\n'
 }


 build_dir=`/bin/realpath "$dns_over_http_build_dir"`
 if [ -z "$dns_over_http_build_dir" ] || [ ! -d "$dns_over_http_build_dir" ]; then
 	error 'specified build directory is not a directory: %s\n' "$dns_over_http_build_dir"
 	exit 20

 elif [ "$build_dir" != "$dns_over_http_build_dir" ]; then
 	error 'build directory at %s does not match its real path: %s\n' "$dns_over_http_build_dir" "$build_dir"
 	exit 22

 elif [ ! -r "$build_dir/Makefile" ]; then
 	error 'build directory at %s does not contain a %s\n' "$build_dir" "Makefile" 
 	exit 2
 fi

 nl && info 'Processing urls for address lists:\n'
 printf '%s\n' ${dns_over_http_address_lists} | tr -s $'\n' | while read aurl; do
 	filename=`basename "$aurl" .lst`
 	info '\t%s\n' "$aurl"
 	fetch -1 -o "$build_dir/$filename.lst" "$aurl"
 done

 nl && info 'Processing urls for zone lists:\n'
 printf '%s\n' ${dns_over_http_zone_lists} | tr -s $'\n' | while read zurl; do
 	filename=`basename "$zurl" .rpz`
 	info '\t%s\n' "$zurl"
 	fetch -1 -o "$build_dir/$filename.rpz" "$zurl"
 done

 nl && info 'Building all lists in directory: %s\n' "$build_dir"
 make -s -C $dns_over_http_build_dir clean all

 nl && info 'Updating pf tables...\n'
 service pftables flush
diff --git a/∕usr∕local∕etc∕rc.d∕dhcpd b/∕usr∕local∕etc∕rc.d∕dhcpd
 #! /bin/sh
 # $FreeBSD: branches/2016Q2/net/isc-dhcp43-server/files/isc-dhcpd.in 381286 2015-03-14 16:24:32Z zi $
 #
 # PROVIDE: dhcpd
 # REQUIRE: svscan
 # BEFORE: LOGIN
 # KEYWORD: shutdown
 #
 # Add the following line to /etc/rc.conf to enable dhcpd:
 #
 # dhcpd_enable="YES"

 . /etc/rc.subr

 name="dhcpd"
 rcvar="${name}_enable"
 command=/usr/local/sbin/dhcpd

 start_cmd="dhcpd_start"
 stop_cmd="dhcpd_stop"

 load_rc_config ${name}

 dhcpd_config=${dhcpd_config:-/etc/dhcpd.d}
 dhcpd_leases=${dhcpd_leases:-/var/db}
 dhcpd_flags=${dhcpd_flags}

 dhcpd_start()
 {
 	interfaces=`/sbin/ifconfig -lu 2>/dev/null | tr ' ' $'\n'`

 	used=
 	for ifn in ${interfaces}; do
 		if [ -r "${dhcpd_config}/$ifn" ]; then
 			"$command" -c "${dhcpd_config}/${ifn}" -l "${dhcpd_leases}/dhcpd-${ifn}.leases" ${dhcpd_flags} ${ifn}
 			used="$used $ifn"
 		fi
 	done

 	ls -1 ${dhcpd_config}/* | xargs basename | while read n; do
 		if ! printf -- '%s\n' $used | grep -wq "$n"; then
 			info "[start] skipped configuration file for unknown interface : ${dhcpd_config}/$n"
 		fi
 	done
 }

 dhcpd_stop ()
 {
 	interfaces=`/sbin/ifconfig -l 2>/dev/null | tr ' ' $'\n'`

 	used=
 	for ifn in ${interfaces}; do
 		pid=`pgrep -f -- "-l ${dhcpd_leases}/dhcpd-${ifn}.leases"`
 		if [ ! -z "$pid" ]; then
 			kill "$pid"
 			info "[stop] sent signal (9) to ${name} ($pid) on interface $ifn."
 			used="$used '$ifn'"

 		elif [ -e "${dhcpd_config}/$ifn" ]; then
 			warn "[stop] found configuration ${dhcpd_config}/$ifn but ${name} is not running on interface $ifn."
 			used="$used $ifn"
 		fi
 	done

 	ls -1 ${dhcpd_config}/* | xargs basename | while read n; do
 		if ! printf -- '%s\n' $used | grep -wq "$n"; then
 			warn "[stop] ignored configuration file for unknown interface : ${dhcpd_config}/$n"
 		fi
 	done
 }

 run_rc_command "$1"
diff --git a/∕usr∕local∕etc∕rc.d∕dnctl b/∕usr∕local∕etc∕rc.d∕dnctl
 #!/bin/sh
 #
 #

 # PROVIDE: dnctl
 # BEFORE: pf ipfw
 # KEYWORD: nojailvnet

 . /etc/rc.subr

 name="dnctl"
 desc="Dummynet packet queuing and scheduling"
 rcvar="${name}_enable"
 load_rc_config $name
 start_cmd="${name}_start"
 restart_cmd="${name}_restart"
 required_files="$dnctl_rules"
 required_modules="dummynet"

 flush_cmd="${name}_flush"
 flush_queues_cmd="${name}_flush_queues"
 flush_pipes_cmd="${name}_flush_pipes"
 extra_commands="flush flush_queues flush_pipes"

 dnctl_start()
 {
 	check_startmsgs && echo -n "Enabling ${name}"
 	flushquietly
 	$dnctl_program "$dnctl_rules"
 	check_startmsgs && echo '.'
 }

 dnctl_restart()
 {
 	check_startmsgs && echo -n "Flushing rules for ${name}"
 	flushquietly
 	check_startmsgs && echo '.'
 	check_startmsgs && echo -n "Reloading rules for ${name}"
 	$dnctl_program "$dnctl_rules"
 	check_startmsgs && echo '.'
 	check_startmsgs && echo "${name} has been enabled."
 }

 isquiet()
 {
 	if [ "$1" = "-q" ]; then
 		return 0
 	else
 		return 1
 	fi
 }

 flushquietly()
 {
 	quiet_args="-q"
 	dnctl_flush_queues "$quiet_args"
 	dnctl_flush_pipes "$quiet_args"
 }

 dnctl_flush()
 {
 	warn "Flush of ${name} queues, schedulers, and pipes was requested."
 	dnctl_flush_queues
 	dnctl_flush_pipes
 }

 dnctl_flush_queues()
 {
 	isquiet "$1" || info "Flushing ${name} queues..."

 	$dnctl_program queue list | cut -d' ' -f1 | while IFS=q read _ q; do
 		isquiet "$1" || info "Deleting queue : $q"
 		dnctl queue "$q" delete
 	done
 }

 dnctl_flush_pipes()
 {
 	isquiet "$1" || info "Flushing ${name} pipes..."

 	$dnctl_program pipe list | grep -e '^[0-9]\{5\}:' | while IFS=: read pipe _; do
 		isquiet "$1" || info "Deleting pipe : $pipe"
 		dnctl pipe "$pipe" delete
 	done
 }

 run_rc_command $*
diff --git a/∕usr∕local∕etc∕rc.d∕pftables b/∕usr∕local∕etc∕rc.d∕pftables
 #!/bin/sh
 #
 # Handle some custom pf configuration like saving/restoring tables
 # falling back to a remotely manageable default if there's some
 # kind of error while loading pf rules.
 #

 # PROVIDE: pftables
 # REQUIRE: pf
 # BEFORE:  LOGIN
 # KEYWORD: shutdown

 # Add the following lines to /etc/rc.conf to enable pf:
 # pf_enable="YES"
 # pf_rules="<path to rules>"
 # pf_tables="<list of tables>"
 # pf_tablepath="<path to tables>"

 . /etc/rc.subr
 . /etc/network.subr

 name=pftables
 rcvar="pf_enable"
 start_cmd=pf_start
 stop_cmd=pf_stop

 load_cmd=pf_load
 empty_cmd=pf_empty
 enablefw_cmd=pf_enablefw
 disablefw_cmd=pf_disablefw
 save_cmd=pf_save
 restore_cmd=pf_restore
 flush_cmd=pf_flush_tables
 extra_commands="load loadsafe empty enablefw disablefw save restore flush"

 pf_command="/sbin/pfctl"
 pf_enable=${pf_enable:-"NO"}
 pf_rules=${pf_rules:-"/etc/pf.conf"}
 pf_tables=${pf_tables:-""}
 pf_tablepath=${pf_tablepath:-"/var/db/ipf"}

 pf_load()
 {
 	info "pf_load : loading rules : ${pf_rules}"
 	"${pf_command}" -f "${pf_rules}"
 }

 pf_empty()
 {
 	info "pf_unload : emptying rules : ${pf_rules}"
 	"${pf_command}" -f "/dev/null"
 }

 pf_loadsafe()
 {
 	err 1 "pf_safe : loading safe pf ruleset is not implemented yet!"
 }

 pf_enablefw()
 {
 	info "pf_enable : enabling firewall"
 	"${pf_command}" -e
 }

 pf_disablefw()
 {
 	info "pf_disable : disabling firewall"
 	"${pf_command}" -d
 }

 pf_save()
 {
 	for table in ${pf_tables}; do
 		info "pf_save : saving table ${table} to disk : ${pf_tablepath}/${table}.tbl"
 		"${pf_command}" -t "${table}" -T show >| "${pf_tablepath}/${table}.tbl"
 	done
 }

 pf_restore()
 {
 	for table in ${pf_tables}; do
 		info "pf_restore : loading table ${table} from disk : ${pf_tablepath}/${table}.tbl"
 		"${pf_command}" -t "${table}" -T replace -f "${pf_tablepath}/${table}.tbl"
 	done
 }

 pf_flush_tables()
 {
 	info "pf_restore : reloading table definitions from configuration : ${pf_rules}"
 	"${pf_command}" -T load -f "${pf_rules}"
 }

 pf_start()
 {
 	info "pf_start : starting ${name} service"
 	debug "pf_start : loading pf ruleset from \"${pf_rules}\"."
 	pf_load
 	debug "pf_start : restoring pf tables : \"${pf_tables}\"."
 	pf_restore
 	debug "pf_start : enabling the pf firewall."
 	pf_enablefw
 }

 pf_stop()
 {
 	info "pf_stop : stopping ${name} service"
 	debug "pf_stop : saving pf tables : \"${pf_tables}\"."
 	pf_save
 	debug "pf_stop : disabling the pf firewall."
 	pf_disablefw
 }

 load_rc_config "$name"
 run_rc_command "$1"
diff --git a/∕usr∕share∕mk∕fuck-doh.mk b/∕usr∕share∕mk∕fuck-doh.mk
 address_lists = *.lst *.list
 zone_lists = *.rpz
 ignore_lists = *.ignore

 makedir = ${.PARSEDIR}

 ls = /bin/ls
 cp = /bin/cp -v
 rm = /bin/rm -v
 cat = /bin/cat
 cmp = /usr/bin/cmp -s
 basename = /usr/bin/basename
 printf = /usr/bin/printf
 sort = /usr/bin/sort
 grep = /usr/bin/grep
 awk = /usr/bin/awk
 nproc = /bin/nproc
 xargs = /usr/bin/xargs
 getaddrinfo = /usr/bin/getaddrinfo
 dnsipq = /usr/local/bin/dnsipq

 awk_strip_comments = -F\# '$$1 != "" { print $$1; }'
 awk_grep_canonical = -F' ' '$$1 == "canonname" { print $$2; }'
 awk_strip_zone_comments = -F\; '$$1 != "" { print $$1; }'
 awk_grep_zone_cname = -F ' ' '$$2 == "CNAME" && $$3 == "." { print $$1; } NF == 1 { print $$1; }'
 awk_require_field_2 = -F ' ' '$$2 != "" { print $$1 }'
 awk_grep_stream_udp = -F ' ' '$$1 == "stream" && $$3 == "udp" { print $$4 }'
 awk_grep_dgram_udp = -F ' ' '$$1 == "dgram" && $$3 == "udp" { print $$4 }'
 awk_grep_stream_tcp = -F ' ' '$$1 == "stream" && $$3 == "tcp" { print $$4 }'
 awk_grep_dgram_tcp = -F ' ' '$$1 == "dgram" && $$3 == "tcp" { print $$4 }'
 awk_strip_newlines = 'NF { print }'

 grep_exclude_patterns = -Fxv

 xargs_parallel = -P ${num_processors}
 getaddrinfo_canonical = -c
 getaddrinfo_proto_tcp = -p tcp
 getaddrinfo_proto_udp = -p udp
 num_processors = ${nproc:sh}
 sort_unique = -u

 ### placeholders
 _files_address = $(ls) $(address_lists) 2>/dev/null
 _files_zone = $(ls) $(zone_lists) 2>/dev/null
 _files_ignore = $(ls) $(ignore_lists) 2>/dev/null

 empty empty.lst empty.rpz:
 	$(cp) /dev/null ${.TARGET}

 ### address lists
 address.files: empty.lst ${_files_address:sh}
 	$(printf) '%s\0' ${.ALLSRC} | $(xargs) -0 -L 1 $(basename) >| ${.TARGET}

 address.stripped: address.files
 	$(xargs) <${.ALLSRC} $(awk) $(awk_strip_comments) >| ${.TARGET}

 address.canonical: address.stripped
 	$(xargs) <${.ALLSRC} $(xargs_parallel) -L 1 $(getaddrinfo) $(getaddrinfo_canonical) >| ${.TARGET}

 address.unsorted: address.canonical
 	$(awk) <${.ALLSRC} $(awk_grep_canonical) >| ${.TARGET}

 address.unique: address.unsorted
 	$(sort) -o ${.TARGET} $(sort_unique) ${.ALLSRC}

 address.filtered: address.unique ignore.filter empty
 	( $(cmp) ${.ALLSRC:[3]} ${.ALLSRC:[2]} && $(cat) ${.ALLSRC:[1]} || $(xargs) -J ^ <${.ALLSRC:[2]} $(grep) $(grep_exclude_patterns) ^ -- ${.ALLSRC:[1]} ) >| ${.TARGET}

 address.results: address.filtered
 	$(cp) ${.ALLSRC} ${.TARGET}

 ### ignore lists
 ignore.files: ${_files_ignore:sh}
 	$(printf) '%s\0' ${.ALLSRC} | $(xargs) -0 -n1 $(basename) >| ${.TARGET}

 ignore.stripped: ignore.files
 	$(xargs) <${.ALLSRC} $(awk) $(awk_strip_comments) >| ${.TARGET}

 ignore.squeezed: ignore.stripped
 	$(awk) $(awk_strip_newlines) ${.ALLSRC} >| ${.TARGET}

 ignore.resolved: ignore.squeezed
 	-$(xargs) <${.ALLSRC} $(xargs_parallel) -L 1 $(getaddrinfo) 2>/dev/null >| ${.TARGET}

 ignore.unsorted: ignore.resolved
 	$(awk) $(awk_grep_dgram_udp) ${.ALLSRC} >| ${.TARGET}

 ignore.unique: ignore.unsorted
 	$(sort) -o ${.TARGET} $(sort_unique) ${.ALLSRC}

 ignore.filter: ignore.unique
 	$(xargs) <${.ALLSRC} $(printf) -- '-e %s\n' >| ${.TARGET}

 ### zone lists
 zone.files: empty.rpz ${_files_zone:sh}
 	$(printf) '%s\0' ${.ALLSRC} | $(xargs) -0 -n1 $(basename) >| ${.TARGET}

 zone.stripped: zone.files
 	$(xargs) <${.ALLSRC} $(awk) $(awk_strip_zone_comments) >| ${.TARGET}

 zone.unsorted: zone.stripped
 	$(awk) $(awk_grep_zone_cname) ${.ALLSRC} >| ${.TARGET}

 zone.uncommented: zone.unsorted
 	$(awk) $(awk_strip_comments) ${.ALLSRC} >| ${.TARGET}

 zone.unique: zone.uncommented
 	$(sort) -o ${.TARGET} $(sort_unique) ${.ALLSRC}

 zone.resolved: zone.unique
 	-$(xargs) <${.ALLSRC} $(xargs_parallel) -L 1 $(getaddrinfo) 2>/dev/null >| ${.TARGET}

 zone.address: zone.resolved
 	$(awk) $(awk_grep_dgram_udp) ${.ALLSRC} >| ${.TARGET}

 zone.filtered: zone.address ignore.filter empty
 	( $(cmp) ${.ALLSRC:[3]} ${.ALLSRC:[2]} && $(cat) ${.ALLSRC:[1]} || $(xargs) -J ^ <${.ALLSRC:[2]} $(grep) $(grep_exclude_patterns) ^ -- ${.ALLSRC:[1]} ) >| ${.TARGET}

 zone.results: zone.filtered
 	$(cp) ${.ALLSRC} ${.TARGET}

 ### all lists
 all: address.results zone.results
 	+$(printf) 'Successfully built the following lists : %s\n' "${.ALLSRC}"

 clean:
 	$(rm) -f empty empty.lst empty.rpz
 	$(rm) -f address.files zone.files ignore.files
 	$(rm) -f address.stripped address.canonical address.unsorted address.unique address.filtered
 	$(rm) -f zone.stripped zone.unsorted zone.uncommented zone.unique zone.resolved zone.address zone.filtered
 	$(rm) -f ignore.stripped ignore.squeezed ignore.resolved ignore.unsorted ignore.unique ignore.filter
 	$(rm) -f address.results zone.results
	#!/bin/sh
	. /etc/rc.subr
	name=cache
	dhcpcd_nsroots=/usr/local/etc/dnsroots.global
	load_rc_config

	# write domain-name-servers to the nameserver cache for dhcpcd
	nscache="$dhcpcd_nscache"
	nsroots="$dhcpcd_nsroots"
	nscache_dir="$svscan_servicedir/$nscache"

	dh_info()
	{
	fmt=`printf "<%s>: %s{%s}: %s\n" "${name}" "${reason}" "${ifcarrier}" "$*"`
	info "$fmt"
	}

	dh_warn()
	{
	fmt=`printf "<%s>: %s{%s}: %s\n" "${name}" "${reason}" "${ifcarrier}" "$*"`
	warn "$fmt"
	}

	# Sanity check our configuration
	if [ ! -e "$nsroots" ]; then
	err 1 "dns global roots file $nsroots does not exist."
	elif [ -z "$nscache" ]; then
	err 1 "dnscache service name is not specified."
	elif [ ! -d "$nscache_dir" ]; then
	err 1 "dnscache service root $nscache_dir does not exist."
	fi

	case "$reason" in
	PREINIT)
	;;

	INFORM6\|EXPIRE6\|STOP6\|DELEGATED6)
	dh_warn "dhcpcd has received $protocol information for ipv6 on $interface which is unimplemented."
	;;

	BOUND6\|RENEW6\|REBOOT6)
	dh_info "dhcpcd has received a $protocol lease for ipv6 on $interface which is unimplemented."

	dhcp6_server_id=${new_dhcp6_server_id}
	dhcp6_client_id=${new_dhcp6_client_id}

	dhcp6_ia_na1_iaid=${new_dhcp6_ia_na1_iaid}
	dhcp6_ia_na1_ia_addr1=${new_dhcp6_ia_na1_ia_addr1}
	dhcp6_ia_na1_ia_addr1_vltime=${new_dhcp6_ia_na1_ia_addr1_vltime}
	dhcp6_ia_na1_ia_addr1_pltime=${new_dhcp6_ia_na1_ia_addr1_pltime}

	dhcp6_ia_na1_t1=${new_dhcp6_ia_na1_t1}
	dhcp6_ia_na1_t2=${new_dhcp6_ia_na1_t2}

	dhcp6_name_servers=${new_dhcp6_name_servers}
	dhcp6_fqdn_flags=${new_dhcp6_fqdn_flags}
	;;

	BOUND\|RENEW\|REBOOT)
	dh_info "dhcpcd has received a $protocol lease for ipv4 on $interface which will require updating the ${nscache} cache."

	ip_address=${new_ip_address}
	subnet_mask=${new_subnet_mask}
	network_number=${new_network_number}
	broadcast_address=${new_broadcast_address}
	subnet_cidr=${new_subnet_cidr}

	routers=${new_routers}
	domain_name=${new_domain_name}
	domain_name_servers=${new_domain_name_servers}

	dhcp_server_identifier=${new_dhcp_server_identifier}
	dhcp_message_type=${new_dhcp_message_type}
	dhcp_lease_time=${new_dhcp_lease_time}
	dhcp_rebinding_time=${new_dhcp_rebinding_time}
	dhcp_renewal_time=${new_dhcp_renewal_time}

	# write name servers to cache
	if ! checkyesno dhcpcd_useroots; then
	echo -n >\| "${nscache_dir}/root/servers/@"
	for server in ${domain_name_servers}; do
	dh_info "adding name server to cache: ${server}"
	echo "${server}" >> "${nscache_dir}/root/servers/@"
	done

	elif [ -e "$nsroots" ]; then
	dh_info "\$dhcpcd_useroots was set to true. adding the root nameservers to the $nscache cache."
	echo -n >\| "${nscache_dir}/root/servers/@"
	cat "$dhcpcd_nsroots" \| while read server; do
	dh_info "adding name server to cache: ${server}"
	echo "${server}" >> "${nscache_dir}/root/servers/@"
	done
	else
	dh_warn "\$dhcpcd_useroots was set to true, but the file at $nsroots was not found."
	fi
	;;

	TIMEOUT)
	if [ -e "$nsroots" ]; then
	dh_warn "dhcpcd timed-out while trying to contact dhcpd. defaulting to an old lease with the nameservers at $nsroots as the name cache."
	echo -n >\| "${nscache_dir}/root/servers/@"
	cat "$dhcpcd_nsroots" \| while read server; do
	dh_info "adding name server to cache: ${server}"
	echo "${server}" >> "${nscache_dir}/root/servers/@"
	done
	else
	dh_warn "dhcpcd timed-out while trying to contact dhcpd. leaving nscache service $nscache untouched due to missing value for \$dhcpcd_nsroots."
	fi
	;;

	STOP)
	dh_warn "dhcpcd client has stopped. emptying cache from cache.internet."
	echo -n >\| "${nscache_dir}/root/servers/@"
	;;
	esac
	#!/bin/sh
	. /etc/rc.subr
	name=dyndns
	dhcpcd_dyndnsv4_data="data.dynamic"
	dhcpcd_dyndnsv4_external="external"
	load_rc_config

	# write bound address
	nsroot="$dhcpcd_dyndnsv4_ns"
	nsdata="$dhcpcd_dyndnsv4_data"
	nsdir="$svscan_servicedir/$nsroot"
	nsexternal="$dhcpcd_dyndnsv4_external"
	nsexternal_aliases="$dhcpcd_dyndnsv4_external_alias"

	dh_info()
	{
	fmt=`printf "<%s>: %s{%s}: %s\n" "${name}" "${reason}" "${ifcarrier}" "$*"`
	info "$fmt"
	}

	dh_warn()
	{
	fmt=`printf "<%s>: %s{%s}: %s\n" "${name}" "${reason}" "${ifcarrier}" "$*"`
	warn "$fmt"
	}

	inaddr_arpa()
	{
	printf "%s\n" "$1" \| tr '.' $'\n' \| tail -r \| tr -d ' ' \| paste -sd. - \| xargs printf '%s.in-addr.arpa\n'
	}

	# Sanity check our configuration
	if [ -z "$nsexternal" ]; then
	err 1 "external record name is not specified."
	elif [ -z "$nsroot" ]; then
	err 1 "tinydns service name is not specified."
	elif [ ! -d "$nsdir" ]; then
	err 1 "tinydns service root $nsdir does not exist."
	fi

	# Now we can figure out the reason and update dns with the returned information.
	case "$reason" in
	PREINIT)
	;;

	CARRIER\|NOCARRIER)
	dh_info "interface $interface has been brought $ifcarrier."
	;;

	INFORM6\|BOUND6\|RENEW6\|EXPIRE6\|STOP6)
	dh_warn "dhcpcd has received $protocol information for ipv6 on $interface which is unimplemented."
	;;
	INFORM)
	dh_info "dhcpcd has announced its configuration to server."
	;;

	BOUND6\|RENEW6\|REBOOT6)
	dhcp6_server_id=${new_dhcp6_server_id}
	dhcp6_client_id=${new_dhcp6_client_id}
	dhcp6_ia_na1_iaid=${new_dhcp6_ia_na1_iaid}

	dhcp6_name_servers=${new_dhcp6_name_servers}
	dhcp6_fqdn_flags=${new_dhcp6_fqdn_flags}

	dhcp6_ia_na1_ia_addr1=${new_dhcp6_ia_na1_ia_addr1}
	dhcp6_ia_na1_ia_addr1_vltime=${new_dhcp6_ia_na1_ia_addr1_vltime}
	dhcp6_ia_na1_ia_addr1_pltime=${new_dhcp6_ia_na1_ia_addr1_pltime}

	dhcp6_ia_na1_t1=${new_dhcp6_ia_na1_t1}
	dhcp6_ia_na1_t2=${new_dhcp6_ia_na1_t2}

	dh_info "dhcpcd has received a $protocol lease for ipv6 on $interface which is unimplemented."
	dh_info "dhcpcd $protocol ia_addr $dhcp6_ia_nat1_ia_addr1."
	for v6ns in ${dhcp6_name_servers}; do
	dh_info "dhcpcd $protocol dns is at $v6ns."
	done
	;;

	BOUND\|RENEW\|REBOOT)
	dh_info "dhcpcd has received a $protocol lease for ipv4 on $interface."

	ip_address=${new_ip_address}
	subnet_mask=${new_subnet_mask}
	network_number=${new_network_number}
	broadcast_address=${new_broadcast_address}
	subnet_cidr=${new_subnet_cidr}

	routers=${new_routers}
	domain_name=${new_domain_name}
	domain_name_servers=${new_domain_name_servers}

	dhcp_server_identifier=${new_dhcp_server_identifier}
	dhcp_message_type=${new_dhcp_message_type}
	dhcp_lease_time=${new_dhcp_lease_time}
	dhcp_rebinding_time=${new_dhcp_rebinding_time}
	dhcp_renewal_time=${new_dhcp_renewal_time}

	# convert ipv4 to an inaddr.arpa name so that we can create a ptr record.
	ip_address_ptr=`inaddr_arpa "$ip_address"`
	ip_address_domain=`hostname -d`
	external_name=`printf '%s.%s\n' "${nsexternal}" "${ip_address_domain}"`

	# use address and hostname to write the host, ptr, and authority records to file.
	dh_info "updating $nsroot with $hostname and address ${ip_address} (ttl ${dhcp_renewal_time})."

	cat /dev/null >\| "${nsdir}/root/${nsdata}"
	printf '=%s:%s:%d\n' "${external_name}" "${ip_address}" "${dhcp_renewal_time}" >> "${nsdir}/root/${nsdata}"
	printf '=%s:%s:%d\n' "${hostname}" "${ip_address}" "${dhcp_renewal_time}" >> "${nsdir}/root/${nsdata}"
	printf '&%s::%s\n' "${ip_address_ptr}" "${hostname}" >> "${nsdir}/root/${nsdata}"

	for alias in ${nsexternal_aliases}; do
	external_alias=`printf '%s.%s\n' "${alias}" "${ip_address_domain}"`
	printf 'C%s:%s\n' "${external_alias}" "${external_name}" >> "${nsdir}/root/${nsdata}"
	done

	# now to build it and we're done.
	make -C "${nsdir}/root"
	;;

	TIMEOUT)
	;;

	STOP)
	dh_warn "dhcpcd client has stopped. removing host from $nsdynamic_root."
	echo -n >\| "${nsdir}/root/${nsdata}"
	make -C "${nsdir}/root"
	;;

	STOPPED\|DEPARTED\|FAIL)
	dh_warn "dhcpcd has stopped or terminated unexpectedly on interface $interface."
	;;
	esac
	controlgroup daemon

	persistent
	gateway
	noalias
	waitip 4

	#hostname
	#clientid
	duid

	option rapid_commit
	option domain_name_servers, domain_name, domain_search, host_name
	option routers
	#option ntp_servers
	option interface_mtu

	require dhcp_server_identifier
	require domain_name_servers routers

	#slaac private
	driftfile /var/db/ntp.drift
	logfile /var/log/ntp.log

	### time sources

	## default pool.ntp.org server
	pool pool.ntp.org iburst
	pool time.nist.gov iburst
	restrict source notrap nomodify noquery

	### options
	disable auth
	disable monitor
	disable bclient
	disable mode7
	disable ntp
	disable stats

	### restrictions
	discard average 5 minimum 2

	## share time with everybody
	restrict -4 default kod notrap nomodify nopeer noquery nopeer limited
	restrict -6 default kod notrap nomodify nopeer noquery nopeer limited

	## allow the loopback to sync
	restrict -4 127.0.0.1
	restrict -6 ::1

	## allow other hosts to query ntpd
	restrict -4 192.168.10.0 mask 255.255.255.0 nomodify notrap nopeer
	restrict -4 192.168.20.0 mask 255.255.255.0 nomodify notrap nopeer
	restrict -4 192.168.30.0 mask 255.255.255.0 nomodify notrap nopeer
	restrict -4 192.168.40.0 mask 255.255.255.0 nomodify notrap nopeer
	restrict -4 192.168.50.0 mask 255.255.255.0 nomodify notrap nopeer
	restrict -4 192.168.254.0 mask 255.255.255.0 nomodify notrap nopeer
	#!/bin/sh -
	ARG0=`basename "$0"`

	# read the system configuration
	. /etc/rc.subr
	load_rc_config

	# now we can read the periodic configuration
	if [ -r /etc/defaults/periodic.conf ]; then
	. /etc/defaults/periodic.conf
	source_periodic_confs
	fi

	info()
	{
	format="$1"
	shift
	printf "$ARG0:INFO $format" "$@"
	}

	warn()
	{
	format="$1"
	shift
	printf "$ARG0:WARNING $format" "$@"
	}

	error()
	{
	format="$1"
	shift
	printf "$ARG0:ERROR $format" "$@"
	}

	nl()
	{
	printf '\n'
	}


	build_dir=`/bin/realpath "$dns_over_http_build_dir"`
	if [ -z "$dns_over_http_build_dir" ] \|\| [ ! -d "$dns_over_http_build_dir" ]; then
	error 'specified build directory is not a directory: %s\n' "$dns_over_http_build_dir"
	exit 20

	elif [ "$build_dir" != "$dns_over_http_build_dir" ]; then
	error 'build directory at %s does not match its real path: %s\n' "$dns_over_http_build_dir" "$build_dir"
	exit 22

	elif [ ! -r "$build_dir/Makefile" ]; then
	error 'build directory at %s does not contain a %s\n' "$build_dir" "Makefile"
	exit 2
	fi

	nl && info 'Processing urls for address lists:\n'
	printf '%s\n' ${dns_over_http_address_lists} \| tr -s $'\n' \| while read aurl; do
	filename=`basename "$aurl" .lst`
	info '\t%s\n' "$aurl"
	fetch -1 -o "$build_dir/$filename.lst" "$aurl"
	done

	nl && info 'Processing urls for zone lists:\n'
	printf '%s\n' ${dns_over_http_zone_lists} \| tr -s $'\n' \| while read zurl; do
	filename=`basename "$zurl" .rpz`
	info '\t%s\n' "$zurl"
	fetch -1 -o "$build_dir/$filename.rpz" "$zurl"
	done

	nl && info 'Building all lists in directory: %s\n' "$build_dir"
	make -s -C $dns_over_http_build_dir clean all

	nl && info 'Updating pf tables...\n'
	service pftables flush
	#! /bin/sh
	# $FreeBSD: branches/2016Q2/net/isc-dhcp43-server/files/isc-dhcpd.in 381286 2015-03-14 16:24:32Z zi $
	#
	# PROVIDE: dhcpd
	# REQUIRE: svscan
	# BEFORE: LOGIN
	# KEYWORD: shutdown
	#
	# Add the following line to /etc/rc.conf to enable dhcpd:
	#
	# dhcpd_enable="YES"

	. /etc/rc.subr

	name="dhcpd"
	rcvar="${name}_enable"
	command=/usr/local/sbin/dhcpd

	start_cmd="dhcpd_start"
	stop_cmd="dhcpd_stop"

	load_rc_config ${name}

	dhcpd_config=${dhcpd_config:-/etc/dhcpd.d}
	dhcpd_leases=${dhcpd_leases:-/var/db}
	dhcpd_flags=${dhcpd_flags}

	dhcpd_start()
	{
	interfaces=`/sbin/ifconfig -lu 2>/dev/null \| tr ' ' $'\n'`

	used=
	for ifn in ${interfaces}; do
	if [ -r "${dhcpd_config}/$ifn" ]; then
	"$command" -c "${dhcpd_config}/${ifn}" -l "${dhcpd_leases}/dhcpd-${ifn}.leases" ${dhcpd_flags} ${ifn}
	used="$used $ifn"
	fi
	done

	ls -1 ${dhcpd_config}/* \| xargs basename \| while read n; do
	if ! printf -- '%s\n' $used \| grep -wq "$n"; then
	info "[start] skipped configuration file for unknown interface : ${dhcpd_config}/$n"
	fi
	done
	}

	dhcpd_stop ()
	{
	interfaces=`/sbin/ifconfig -l 2>/dev/null \| tr ' ' $'\n'`

	used=
	for ifn in ${interfaces}; do
	pid=`pgrep -f -- "-l ${dhcpd_leases}/dhcpd-${ifn}.leases"`
	if [ ! -z "$pid" ]; then
	kill "$pid"
	info "[stop] sent signal (9) to ${name} ($pid) on interface $ifn."
	used="$used '$ifn'"

	elif [ -e "${dhcpd_config}/$ifn" ]; then
	warn "[stop] found configuration ${dhcpd_config}/$ifn but ${name} is not running on interface $ifn."
	used="$used $ifn"
	fi
	done

	ls -1 ${dhcpd_config}/* \| xargs basename \| while read n; do
	if ! printf -- '%s\n' $used \| grep -wq "$n"; then
	warn "[stop] ignored configuration file for unknown interface : ${dhcpd_config}/$n"
	fi
	done
	}

	run_rc_command "$1"
	#!/bin/sh
	#
	#

	# PROVIDE: dnctl
	# BEFORE: pf ipfw
	# KEYWORD: nojailvnet

	. /etc/rc.subr

	name="dnctl"
	desc="Dummynet packet queuing and scheduling"
	rcvar="${name}_enable"
	load_rc_config $name
	start_cmd="${name}_start"
	restart_cmd="${name}_restart"
	required_files="$dnctl_rules"
	required_modules="dummynet"

	flush_cmd="${name}_flush"
	flush_queues_cmd="${name}_flush_queues"
	flush_pipes_cmd="${name}_flush_pipes"
	extra_commands="flush flush_queues flush_pipes"

	dnctl_start()
	{
	check_startmsgs && echo -n "Enabling ${name}"
	flushquietly
	$dnctl_program "$dnctl_rules"
	check_startmsgs && echo '.'
	}

	dnctl_restart()
	{
	check_startmsgs && echo -n "Flushing rules for ${name}"
	flushquietly
	check_startmsgs && echo '.'
	check_startmsgs && echo -n "Reloading rules for ${name}"
	$dnctl_program "$dnctl_rules"
	check_startmsgs && echo '.'
	check_startmsgs && echo "${name} has been enabled."
	}

	isquiet()
	{
	if [ "$1" = "-q" ]; then
	return 0
	else
	return 1
	fi
	}

	flushquietly()
	{
	quiet_args="-q"
	dnctl_flush_queues "$quiet_args"
	dnctl_flush_pipes "$quiet_args"
	}

	dnctl_flush()
	{
	warn "Flush of ${name} queues, schedulers, and pipes was requested."
	dnctl_flush_queues
	dnctl_flush_pipes
	}

	dnctl_flush_queues()
	{
	isquiet "$1" \|\| info "Flushing ${name} queues..."

	$dnctl_program queue list \| cut -d' ' -f1 \| while IFS=q read _ q; do
	isquiet "$1" \|\| info "Deleting queue : $q"
	dnctl queue "$q" delete
	done
	}

	dnctl_flush_pipes()
	{
	isquiet "$1" \|\| info "Flushing ${name} pipes..."

	$dnctl_program pipe list \| grep -e '^[0-9]\{5\}:' \| while IFS=: read pipe _; do
	isquiet "$1" \|\| info "Deleting pipe : $pipe"
	dnctl pipe "$pipe" delete
	done
	}

	run_rc_command $*
	#!/bin/sh
	#
	# Handle some custom pf configuration like saving/restoring tables
	# falling back to a remotely manageable default if there's some
	# kind of error while loading pf rules.
	#

	# PROVIDE: pftables
	# REQUIRE: pf
	# BEFORE: LOGIN
	# KEYWORD: shutdown

	# Add the following lines to /etc/rc.conf to enable pf:
	# pf_enable="YES"
	# pf_rules="<path to rules>"
	# pf_tables="<list of tables>"
	# pf_tablepath="<path to tables>"

	. /etc/rc.subr
	. /etc/network.subr

	name=pftables
	rcvar="pf_enable"
	start_cmd=pf_start
	stop_cmd=pf_stop

	load_cmd=pf_load
	empty_cmd=pf_empty
	enablefw_cmd=pf_enablefw
	disablefw_cmd=pf_disablefw
	save_cmd=pf_save
	restore_cmd=pf_restore
	flush_cmd=pf_flush_tables
	extra_commands="load loadsafe empty enablefw disablefw save restore flush"

	pf_command="/sbin/pfctl"
	pf_enable=${pf_enable:-"NO"}
	pf_rules=${pf_rules:-"/etc/pf.conf"}
	pf_tables=${pf_tables:-""}
	pf_tablepath=${pf_tablepath:-"/var/db/ipf"}

	pf_load()
	{
	info "pf_load : loading rules : ${pf_rules}"
	"${pf_command}" -f "${pf_rules}"
	}

	pf_empty()
	{
	info "pf_unload : emptying rules : ${pf_rules}"
	"${pf_command}" -f "/dev/null"
	}

	pf_loadsafe()
	{
	err 1 "pf_safe : loading safe pf ruleset is not implemented yet!"
	}

	pf_enablefw()
	{
	info "pf_enable : enabling firewall"
	"${pf_command}" -e
	}

	pf_disablefw()
	{
	info "pf_disable : disabling firewall"
	"${pf_command}" -d
	}

	pf_save()
	{
	for table in ${pf_tables}; do
	info "pf_save : saving table ${table} to disk : ${pf_tablepath}/${table}.tbl"
	"${pf_command}" -t "${table}" -T show >\| "${pf_tablepath}/${table}.tbl"
	done
	}

	pf_restore()
	{
	for table in ${pf_tables}; do
	info "pf_restore : loading table ${table} from disk : ${pf_tablepath}/${table}.tbl"
	"${pf_command}" -t "${table}" -T replace -f "${pf_tablepath}/${table}.tbl"
	done
	}

	pf_flush_tables()
	{
	info "pf_restore : reloading table definitions from configuration : ${pf_rules}"
	"${pf_command}" -T load -f "${pf_rules}"
	}

	pf_start()
	{
	info "pf_start : starting ${name} service"
	debug "pf_start : loading pf ruleset from \"${pf_rules}\"."
	pf_load
	debug "pf_start : restoring pf tables : \"${pf_tables}\"."
	pf_restore
	debug "pf_start : enabling the pf firewall."
	pf_enablefw
	}

	pf_stop()
	{
	info "pf_stop : stopping ${name} service"
	debug "pf_stop : saving pf tables : \"${pf_tables}\"."
	pf_save
	debug "pf_stop : disabling the pf firewall."
	pf_disablefw
	}

	load_rc_config "$name"
	run_rc_command "$1"
	address_lists = .lst .list
	zone_lists = *.rpz
	ignore_lists = *.ignore

	makedir = ${.PARSEDIR}

	ls = /bin/ls
	cp = /bin/cp -v
	rm = /bin/rm -v
	cat = /bin/cat
	cmp = /usr/bin/cmp -s
	basename = /usr/bin/basename
	printf = /usr/bin/printf
	sort = /usr/bin/sort
	grep = /usr/bin/grep
	awk = /usr/bin/awk
	nproc = /bin/nproc
	xargs = /usr/bin/xargs
	getaddrinfo = /usr/bin/getaddrinfo
	dnsipq = /usr/local/bin/dnsipq

	awk_strip_comments = -F\# '$$1 != "" { print $$1; }'
	awk_grep_canonical = -F' ' '$$1 == "canonname" { print $$2; }'
	awk_strip_zone_comments = -F\; '$$1 != "" { print $$1; }'
	awk_grep_zone_cname = -F ' ' '$$2 == "CNAME" && $$3 == "." { print $$1; } NF == 1 { print $$1; }'
	awk_require_field_2 = -F ' ' '$$2 != "" { print $$1 }'
	awk_grep_stream_udp = -F ' ' '$$1 == "stream" && $$3 == "udp" { print $$4 }'
	awk_grep_dgram_udp = -F ' ' '$$1 == "dgram" && $$3 == "udp" { print $$4 }'
	awk_grep_stream_tcp = -F ' ' '$$1 == "stream" && $$3 == "tcp" { print $$4 }'
	awk_grep_dgram_tcp = -F ' ' '$$1 == "dgram" && $$3 == "tcp" { print $$4 }'
	awk_strip_newlines = 'NF { print }'

	grep_exclude_patterns = -Fxv

	xargs_parallel = -P ${num_processors}
	getaddrinfo_canonical = -c
	getaddrinfo_proto_tcp = -p tcp
	getaddrinfo_proto_udp = -p udp
	num_processors = ${nproc:sh}
	sort_unique = -u

	### placeholders
	_files_address = $(ls) $(address_lists) 2>/dev/null
	_files_zone = $(ls) $(zone_lists) 2>/dev/null
	_files_ignore = $(ls) $(ignore_lists) 2>/dev/null

	empty empty.lst empty.rpz:
	$(cp) /dev/null ${.TARGET}

	### address lists
	address.files: empty.lst ${_files_address:sh}
	$(printf) '%s\0' ${.ALLSRC} \| $(xargs) -0 -L 1 $(basename) >\| ${.TARGET}

	address.stripped: address.files
	$(xargs) <${.ALLSRC} $(awk) $(awk_strip_comments) >\| ${.TARGET}

	address.canonical: address.stripped
	$(xargs) <${.ALLSRC} $(xargs_parallel) -L 1 $(getaddrinfo) $(getaddrinfo_canonical) >\| ${.TARGET}

	address.unsorted: address.canonical
	$(awk) <${.ALLSRC} $(awk_grep_canonical) >\| ${.TARGET}

	address.unique: address.unsorted
	$(sort) -o ${.TARGET} $(sort_unique) ${.ALLSRC}

	address.filtered: address.unique ignore.filter empty
	( $(cmp) ${.ALLSRC:[3]} ${.ALLSRC:[2]} && $(cat) ${.ALLSRC:[1]} \|\| $(xargs) -J ^ <${.ALLSRC:[2]} $(grep) $(grep_exclude_patterns) ^ -- ${.ALLSRC:[1]} ) >\| ${.TARGET}

	address.results: address.filtered
	$(cp) ${.ALLSRC} ${.TARGET}

	### ignore lists
	ignore.files: ${_files_ignore:sh}
	$(printf) '%s\0' ${.ALLSRC} \| $(xargs) -0 -n1 $(basename) >\| ${.TARGET}

	ignore.stripped: ignore.files
	$(xargs) <${.ALLSRC} $(awk) $(awk_strip_comments) >\| ${.TARGET}

	ignore.squeezed: ignore.stripped
	$(awk) $(awk_strip_newlines) ${.ALLSRC} >\| ${.TARGET}

	ignore.resolved: ignore.squeezed
	-$(xargs) <${.ALLSRC} $(xargs_parallel) -L 1 $(getaddrinfo) 2>/dev/null >\| ${.TARGET}

	ignore.unsorted: ignore.resolved
	$(awk) $(awk_grep_dgram_udp) ${.ALLSRC} >\| ${.TARGET}

	ignore.unique: ignore.unsorted
	$(sort) -o ${.TARGET} $(sort_unique) ${.ALLSRC}

	ignore.filter: ignore.unique
	$(xargs) <${.ALLSRC} $(printf) -- '-e %s\n' >\| ${.TARGET}

	### zone lists
	zone.files: empty.rpz ${_files_zone:sh}
	$(printf) '%s\0' ${.ALLSRC} \| $(xargs) -0 -n1 $(basename) >\| ${.TARGET}

	zone.stripped: zone.files
	$(xargs) <${.ALLSRC} $(awk) $(awk_strip_zone_comments) >\| ${.TARGET}

	zone.unsorted: zone.stripped
	$(awk) $(awk_grep_zone_cname) ${.ALLSRC} >\| ${.TARGET}

	zone.uncommented: zone.unsorted
	$(awk) $(awk_strip_comments) ${.ALLSRC} >\| ${.TARGET}

	zone.unique: zone.uncommented
	$(sort) -o ${.TARGET} $(sort_unique) ${.ALLSRC}

	zone.resolved: zone.unique
	-$(xargs) <${.ALLSRC} $(xargs_parallel) -L 1 $(getaddrinfo) 2>/dev/null >\| ${.TARGET}

	zone.address: zone.resolved
	$(awk) $(awk_grep_dgram_udp) ${.ALLSRC} >\| ${.TARGET}

	zone.filtered: zone.address ignore.filter empty
	( $(cmp) ${.ALLSRC:[3]} ${.ALLSRC:[2]} && $(cat) ${.ALLSRC:[1]} \|\| $(xargs) -J ^ <${.ALLSRC:[2]} $(grep) $(grep_exclude_patterns) ^ -- ${.ALLSRC:[1]} ) >\| ${.TARGET}

	zone.results: zone.filtered
	$(cp) ${.ALLSRC} ${.TARGET}

	### all lists
	all: address.results zone.results
	+$(printf) 'Successfully built the following lists : %s\n' "${.ALLSRC}"

	clean:
	$(rm) -f empty empty.lst empty.rpz
	$(rm) -f address.files zone.files ignore.files
	$(rm) -f address.stripped address.canonical address.unsorted address.unique address.filtered
	$(rm) -f zone.stripped zone.unsorted zone.uncommented zone.unique zone.resolved zone.address zone.filtered
	$(rm) -f ignore.stripped ignore.squeezed ignore.resolved ignore.unsorted ignore.unique ignore.filter
	$(rm) -f address.results zone.results