xref: /freebsd/contrib/blocklist/TODO (revision 48e64ca13d4f36795ac718911b805e3e9a726f1b) 
1# $NetBSD: TODO,v 1.3 2025/02/05 20:22:26 christos Exp $
2
3- don't poll periodically, find the next timeout
4- use the socket also for commands? Or separate socket?
5- add functionality to the control program. Should it change the database
6  directly, or talk to the daemon to have it do it?
7- perhaps handle interfaces too instead of addresses for dynamic ip?
8  <bge0/4>? What to do with multiple addresses?
9- perhaps rate limit against DoS
10- perhaps instead of scanning the list have a sparse map by port?
11- do we want to use libnpf directly for efficiency?
12- add more daemons ftpd?
13- do we care about the db state becoming too large?
14- instead of a yes = bump one, no = return to 0 interface, do we want
15  to have something more flexible like?
16	+n
17	-n
18	block
19	unblock
20- do we need an api in blocklistctl to perform maintenance
21- fix the blocklistctl output to be more user friendly
22
23- figure out some way to do distributed operation securely (perhaps with
24  a helper daemon that authenticates local sockets and then communicates
25  local DB changes to the central server over a secure channel --
26  perhaps blocklistd-helper can have a back-end that can send updates to
27  a central server)
28
29- add "blocklistd -l" to enable filter logging on all rules by default
30
31- add some new options in the config file
32
33	"/all"	- block both TCP and UDP (on the proto field?)
34
35	"/log"	- enable filter logging (if not the default) (on the name field?)
36	"/nolog"- disable filter logging (if not the default) (on the name field?)
37
38  The latter two probably require a new parameter for blocklistd-helper.
39
40- "blocklistd -f" should (also?) be a blocklistctl function!?!?!
41
42- if blocklistd was started with '-r' then a SIGHUP should also do a
43  "control flush $rulename" and then re-add all the filter rules?
44
45- should/could /etc/rc.conf.d/ipfilter be created with the following?
46
47	reload_postcmd=blocklistd_reload
48	start_postcmd=blocklistd_start
49	stop_precmd=blocklistd_stop
50	blocklistd_reload ()
51	{
52		/etc/rc.d/blocklistd reload	# IFF SIGHUP does flush/re-add
53		# /etc/rc.d/blocklistd restart
54	}
55	blocklistd_stop ()
56	{
57		/etc/rc.d/blocklistd stop
58	}
59	blocklistd_start ()
60	{
61		/etc/rc.d/blocklistd start
62	}
63
64  or is there a better way?
65