<pre style='margin:0'>
Frank Schima (mf2k) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/fb2856bd131f5d66c1b025e26469904306fd1df0">https://github.com/macports/macports-ports/commit/fb2856bd131f5d66c1b025e26469904306fd1df0</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new fb2856b macos-fortress: Submission of adaptive firewall and proxy chain
</span>fb2856b is described below
<span style='display:block; white-space:pre;color:#808000;'>commit fb2856bd131f5d66c1b025e26469904306fd1df0
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Sun Oct 27 17:17:21 2019 -0400
<span style='display:block; white-space:pre;color:#404040;'> macos-fortress: Submission of adaptive firewall and proxy chain
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> * MacPorts adaptation of https://github.com/essandess/macOS-Fortress
</span><span style='display:block; white-space:pre;color:#404040;'> * Adaptive PF firewall for bruteforce and crowd-sourced blocks
</span><span style='display:block; white-space:pre;color:#404040;'> * Privatizing proxy chain to block trackers and adware
</span><span style='display:block; white-space:pre;color:#404040;'> * macos-fortress-pf: Adaptive PF firewall
</span><span style='display:block; white-space:pre;color:#404040;'> * macos-fortress-dshield: dshield IP blocks
</span><span style='display:block; white-space:pre;color:#404040;'> * macos-fortress-emergingthreats: emergingthreats IP blocks
</span><span style='display:block; white-space:pre;color:#404040;'> * macos-fortress-proxy: Proxy chain (squid, privoxy)
</span><span style='display:block; white-space:pre;color:#404040;'> * macos-fortress-hphosts: hphosts host file
</span><span style='display:block; white-space:pre;color:#404040;'> * macos-fortress-easylistpac: EasyList-based PAC File
</span><span style='display:block; white-space:pre;color:#404040;'> * p5-data-validate-domain: Perl Data::Validate::Domain
</span>---
net/macos-fortress/Portfile | 813 +++++++++++++++++++++
net/macos-fortress/files/blacklist.txt | 57 ++
net/macos-fortress/files/blockips.conf | 26 +
net/macos-fortress/files/dshield_pubkey_file.txt | 42 ++
net/macos-fortress/files/hosts.orig | 9 +
net/macos-fortress/files/hphosts_pubkey_file.txt | 52 ++
.../files/logrotate.d.macos-fortress | 11 +
.../files/macosfortress_setup_check.sh | 308 ++++++++
net/macos-fortress/files/pf.conf | 221 ++++++
net/macos-fortress/files/pf_attacks.sh | 19 +
net/macos-fortress/files/privoxy-config.patch | 114 +++
.../files/privoxy-match-all.action.patch | 40 +
net/macos-fortress/files/squid-squid.conf.patch | 363 +++++++++
net/macos-fortress/files/whitelist.txt | 38 +
perl/p5-data-validate-domain/Portfile | 26 +
15 files changed, 2139 insertions(+)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/Portfile b/net/macos-fortress/Portfile
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..2c17624
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,813 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PortSystem 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+name macos-fortress
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 2019.10.27
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+categories net security
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+platforms darwin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+license MIT
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+maintainers {ieee.org:s.t.smith @essandess} openmaintainer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if {${subport} ne "${name}-easylistpac"} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ master_sites
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ distfiles
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ extract.only
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+use_configure no
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+build {}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# perl5 and python3 major versions
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set perl5_major_version \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 5.28
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set python3_version 3.7
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set python3_version_nickname \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [join [lrange [split ${python3_version} .] 0 1] {}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set pf_conf "\${prefix}/etc/${name}/pf.conf"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set proxy_hostname localhost
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set proxy_server 127.0.0.1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set proxy_pac_server \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${proxy_server}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set proxy_pac_directory \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /Library/WebServer/Documents
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+variant initialize_always \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description {Always initialize all configuration files. Intended\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ for development and troubleshooting only. Working deployments\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ must disable this variant to prevent configuration files\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ being overwritten at the next upgrade. Existing configuration\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ files are not overwritten by default.} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_warn \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tAll configuration files will be initialized because
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tthe variant +initialize_always is set. Please disable
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tthis variant for working deployments.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Network configuration
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# hard-coded examples
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set interface en0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+proc install_initial_configuration {args} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach f_or_d ${args} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "initialize_always"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && [file exists ${f_or_d}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete ${f_or_d}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ move \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f_or_d} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f_or_d}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "initialize_always"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || ![file exists ${f_or_d}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [file isfile ${f_or_d}.macports] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f_or_d}.macports \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f_or_d}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } elseif { [file isdirectory ${f_or_d}.macports] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0755 -d ${f_or_d}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach f [glob -nocomplain ${f_or_d}.macports/*] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 ${f} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f_or_d}/[file tail ${f}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+proc patch_configuration {patchfile configfile configdefault} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ global patch.cmd patch.pre_args
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # save the previous configuration
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [file exists ${configfile}] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete ${configfile}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ copy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${configfile} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${configfile}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # create or initialize the configfile
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![file exists ${configfile}] || [variant_isset "initialize_always"] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete ${configfile}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [file exists ${configdefault}] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 ${configdefault} ${configfile}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } elseif { [file exists ${configfile}.previous] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 ${configfile}.previous ${configfile}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # patch the configfile if it's the default
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [portchecksum::calc_rmd160 ${configfile}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ eq [portchecksum::calc_rmd160 ${configdefault}] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${patch.cmd} ${patch.pre_args} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -f -l -N -r /dev/null ${configfile} < ${patchfile}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_warn "File ${configfile} is not the default
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tand *not* being patched."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+proc plutil_startup {plcmds label} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ global prefix startupitem.location
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach cmd ${plcmds} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${prefix}/etc/${startupitem.location}/${label} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil ${cmd} ${label}.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set notes_pf "The PF configuration provides an adaptive firewall\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ that blocks brute force attacks, and connections from IP addresses\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ provided by the crowd-sourced lists dshield and emergingthreats. PF\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ uses this environment variable (with default value):
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${PF_CONF:-${pf_conf}}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set notes_proxy "The proxy uses a chain of squid (port 3128) and\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ privoxy (port 8118) along with a blackhole provided by nginx (port 8119).\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Domain names provided by hphosts and a blacklist file are blocked, excluding\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ whitelisted domain names. These are provised in the files:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t${prefix}/etc/${name}/blacklist.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t${prefix}/etc/${name}/whitelist.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The proxy also provides a proxy autoconfiguration (PAC) file with\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ blocking rules generated from easylist ad and tracker blocks. The\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proxy uses these environment variables (with default values):
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${PROXY_HOSTNAME:-${proxy_hostname}}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${PROXY_PAC_SERVER:-${proxy_pac_server}}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${PROXY_PAC_DIRECTORY:-${proxy_pac_directory}}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The native macOS web server is used by default to host the PAC file.\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ This web server must be launched independently with the command
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo apachectl start
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Clients may be configured to use this proxy by either host:port or\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ the PAC file:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t${proxy_hostname}:3128
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\thttp://${proxy_hostname}/proxy.pac"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if {${name} eq ${subport}} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ long_description \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Kernel-level, OS-level, and client-level security for macOS. Built\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ to block attacks using open source databases, and block ads,\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ malicious scripts, and conceal information used for web tracking.\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Uses PF, squid, privoxy, hphosts, dshield, emergingthreats,\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ hostsfile, and a proxy autoconfiguration (PAC) file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ homepage https://github.com/essandess/macOS-Fortress
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_lib-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:${name}-pf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:${name}-proxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${destroot}${prefix}/share/${name}/logrotate.d
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0755 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/macosfortress_setup_check.sh ${destroot}${prefix}/bin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/logrotate.d.macos-fortress \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/share/${name}/logrotate.d/macos-fortress
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach cmd [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PREFIX@|${prefix}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@NAME@|${name}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PROXY_HOSTNAME@|${proxy_hostname}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PROXY_SERVER@|${proxy_server}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PROXY_PAC_SERVER@|${proxy_pac_server}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PROXY_PAC_DIRECTORY@|${proxy_pac_directory}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -q ${cmd} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/bin/macosfortress_setup_check.sh \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/share/${name}/logrotate.d/macos-fortress
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.create \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.start \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/port load ${name}-pf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port load ${name}-proxy"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.stop \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/port unload ${name}-pf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port unload ${name}-proxy"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.restart \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/port reload ${name}-pf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port reload ${name}-proxy"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # modify the launch daemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert RunAtLoad -bool YES" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardErrorPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardOutPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.${startupitem.name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The port ${name} is comprised of two independent.\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ configurable components: the PF firewall and the proxy chain,\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ provided by the ports:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t${name}-pf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t${name}-proxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ After initial installation, it is necessary to kickstart these\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ launch daemons, which do not run at load:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo port load ${name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo launchctl kickstart -k system/org.macports.${name}-dshield
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo launchctl kickstart -k system/org.macports.${name}-emergingthreats
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo launchctl kickstart -k system/org.macports.${name}-hphosts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo launchctl kickstart -k system/org.macports.adblock2privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo launchctl kickstart -k system/org.macports.${name}-easylistpac
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+${notes_pf}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+${notes_proxy}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subport ${name}-pf {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description PF Firewall with dhield, emergingthreats, and \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ adaptive bruteforce blocks
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ long_description \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${description}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_lib-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:${name}-dshield \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:${name}-emergingthreats \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:pcre
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/log
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/log
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/pf.conf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name}/pf.conf.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/blockips.conf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name}/blockips.conf.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0755 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/pf_attacks.sh \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/bin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.create \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitems \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ name ${subport} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ init "PF_CONF=\"\${PF_CONF:-${pf_conf}}\"" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ start "for tt in {1..4}; do \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\tif \[\[ `/sbin/ifconfig | \${prefix}/bin/pcregrep -M -o '^\[^\\t:\]+:(\[^\\n\]|\\n\\t)*status: active' | egrep -o -m 1 '^\[^\\t:\]+'` = '' \]\]; then \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t\tsleep 45; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\telse \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t\t/sbin/pfctl -Fall \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t\t&& /sbin/pfctl -ef \${PF_CONF}; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t\tbreak; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\tfi; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\tdone" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ stop "/sbin/pfctl -d" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pidfile none \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ name ${subport}.brutexpire \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ executable /sbin/pfctl \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pidfile none \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ name ${subport}.subports \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ start \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/port load ${name}-dshield
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port load ${name}-emergingthreats" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ stop \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/port unload ${name}-dshield
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port unload ${name}-emergingthreats" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ restart \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/port reload ${name}-dshield
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port reload ${name}-emergingthreats" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pidfile none
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # use network settings for installed example configuration
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # route -n get default | grep 'interface:' | grep -o '[^ ]*$'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set interface [exec sh -c \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "route -n get default \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ | grep 'interface:' \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ | grep -o '\[^ \]*\$'"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_msg "Configuring ${subport} with:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+interface : ${interface}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach cmd [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PREFIX@|${prefix}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@NAME@|${name}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@INTERFACE@|${interface}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -q ${cmd} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${name}/pf.conf.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach cmd [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PREFIX@|${prefix}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@NAME@|${name}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -q ${cmd} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${name}/blockips.conf.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ install_initial_configuration \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${name}/blockips.conf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${name}/pf.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # modify the launch daemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert RunAtLoad -bool YES" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardErrorPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardOutPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.${subport}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # bruteforce expiration launchd daemon
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert Program -string /sbin/pfctl" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-replace ProgramArguments \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -xml '<array> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/sbin/pfctl</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>-t</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>bruteforce</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>-T</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>expire</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>604800</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>'" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert RunAtLoad -bool NO" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StartInterval -integer 86400" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardErrorPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardOutPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.${subport}.brutexpire
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert RunAtLoad -bool YES" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardErrorPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardOutPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.${subport}.subports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes ${notes_pf}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subport ${name}-dshield {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description DShield is a community-based collaborative firewall \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ log correlation system.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ long_description \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${description}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_run-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:gnupg2 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:perl${perl5_major_version} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:p${perl5_major_version}-data-validate-ip \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:wget
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/log
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/log
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # sudo gpg --homedir /var/root/.gnupg --export --armor --output ~/Downloads/dshield_pubkey_file.txt blocklist@dshield.org
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/dshield_pubkey_file.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.create \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.name \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${subport}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.init \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/gpg --homedir /var/root/.gnupg --import \${prefix}/etc/${name}/dshield_pubkey_file.txt"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.start \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/wget -N -P \${prefix}/etc/${name} http://feeds.dshield.org/block.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& \${prefix}/bin/wget -N -P \${prefix}/etc/${name} http://feeds.dshield.org/block.txt.asc \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& \${prefix}/bin/gpg --verify \${prefix}/etc/${name}/block.txt.asc \${prefix}/etc/${name}/block.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& \${prefix}/bin/perl${perl5_major_version} -ane 'use Data::Validate::IP; my \$vip=Data::Validate::IP->new; if (/^\\w*#/) { print; } elsif (\$vip->is_ipv4(\$F\[0\]) & \$vip->is_ipv4(\$F\[1\]) & \$F\[2\] =~ /\[\[:digit:\]\]/ & (0<= \$F\[2\] & \$F\[2\]<=32)) { print \$F\[0\], \"/\", \$F\[2\], \"\\n\"; }' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t\${prefix}/etc/${name}/block.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t> /tmp/dshield_block_ip.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& install -m 644 -g admin -S /tmp/dshield_block_ip.txt \${prefix}/etc/${name}/dshield_block_ip.txt ; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\trm -f /tmp/dshield_block_ip.txt ; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t/sbin/pfctl -a blockips -T load -f \${prefix}/etc/${name}/blockips.conf"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.pidfile \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ none
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # modify the launch daemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-replace ProgramArguments \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -xml '<array> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>${prefix}/etc/${startupitem.location}/org.macports.${startupitem.name}/${subport}.wrapper</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>start</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>'" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert RunAtLoad -bool NO" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StartInterval -integer 11250" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardErrorPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardOutPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.${startupitem.name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The launch daemon org.macports.${subport} is configured with\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ RunAtLoad false. To initialize this service at its first load, run:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo port load ${subport}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo launchctl kickstart -k system/org.macports.${subport}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subport ${name}-emergingthreats {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description Emerging Threats rule server.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ long_description \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${description}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_run-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:wget
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/log
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/log
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.create \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.name \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${subport}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.start \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/wget -N -P \${prefix}/etc/${name} http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt ; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/wget -N -P \${prefix}/etc/${name} http://rules.emergingthreats.net/blockrules/compromised-ips.txt ; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t/sbin/pfctl -a blockips -T load -f \${prefix}/etc/${name}/blockips.conf"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.pidfile \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ none
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # modify the launch daemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-replace ProgramArguments \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -xml '<array> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>${prefix}/etc/${startupitem.location}/org.macports.${startupitem.name}/${subport}.wrapper</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>start</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>'" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert RunAtLoad -bool NO" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StartInterval -integer 47250" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardErrorPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardOutPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.${startupitem.name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The launch daemon org.macports.${subport} is configured with\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ RunAtLoad false. To initialize this service at its first load, run:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo port load ${subport}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo launchctl kickstart -k system/org.macports.${subport}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subport ${name}-proxy {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description Blackhole and Privatizing Proxy.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_lib-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:${name}-easylistpac \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:${name}-hphosts \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:adblock2privoxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:privoxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:squid4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # squid patch file creation
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # mkdir squid-orig squid-new
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # cp ${prefix}/etc/squid.conf.documented squid-orig/squid.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # cp squid.conf.new squid-new/squid.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # sed -E -i -e 's|/opt/local|@PREFIX@|g' squid-orig/squid.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # diff -NaurdwB -I '^ *#.*' ./squid-orig/squid.conf ./squid-new/squid.conf | sed -E -e 's/\.\/squid-(orig|new)\/(squid.conf)(\.[[:alnum:]]+)*/\.\/squid.conf/' | sed -E -e 's|/opt/local|@PREFIX@|g' > ~/Downloads/squid-squid.conf.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # privoxy patch file creation
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # diff -NaurdwB -I '^ *#.*' ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)\/(config)(\.[[:alnum:]]+)*/\.\/config/' | sed -E -e 's|/opt/local|@PREFIX@|g' > ~/Downloads/privoxy-config.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/squid-squid.conf.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/privoxy-config.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/privoxy-match-all.action.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach cmd [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PREFIX@|${prefix}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PROXY_HOSTNAME@|${proxy_hostname}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@PROXY_SERVER@|${proxy_server}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -q ${cmd} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}/squid-squid.conf.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}/privoxy-config.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}/privoxy-match-all.action.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.create \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitems \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ name ${subport} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ start "\${prefix}/bin/port load ${name}-hphosts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port load squid4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port load privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port load adblock2privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port load ${name}-easylistpac" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ stop "\${prefix}/bin/port unload ${name}-hphosts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port unload squid4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port unload privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port unload adblock2privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port unload ${name}-easylistpac" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ restart "\${prefix}/bin/port reload ${name}-hphosts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port reload squid4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port reload privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port reload adblock2privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/bin/port reload ${name}-easylistpac" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pidfile none \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ name ${subport}.squid-rotate \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ executable ${prefix}/sbin/squid \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pidfile none
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patch_configuration \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}/squid-squid.conf.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/squid/squid.conf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/squid/squid.conf.documented
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patch_configuration \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}/privoxy-config.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/privoxy/config \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/privoxy/config.new
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patch_configuration \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${workpath}/privoxy-match-all.action.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/privoxy/match-all.action \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/privoxy/match-all.action.new
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # modify the launch daemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert RunAtLoad -bool YES" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardErrorPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardOutPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.${startupitem.name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # bruteforce expiration launchd daemon
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert Program -string ${prefix}/sbin/squid" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-replace ProgramArguments \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -xml '<array> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/bin/bash</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>-c</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>${prefix}/sbin/squid -k rotate ; find ${prefix}/var/squid/logs -mindepth 1 -mtime +30 -exec rm {} ';'</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>'" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StartCalendarInterval \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -xml '<dict> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Hour</key> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>0</integer> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>'" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.${subport}.squid-rotate
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes ${notes_proxy}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subport ${name}-easylistpac {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ PortGroup github 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ github.setup essandess easylist-pac-privoxy 4db116b
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ version 2019.06.18
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ revision 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description EasyList Tracker and Adblocks to Proxy Auto Configuration (PAC) File
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ long_description \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Converts EasyList tracker and ad blocking rules to efficient \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ network-level blocks in a proxy.pac file for automatic proxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ network configurations and Privoxy proxy servers. Easily \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ incorporates multiple blocking rulesets into both PAC and \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Privoxy formats, including easyprivacy.txt, easylist.txt, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ fanboy-annoyance.txt, fanboy-social.txt, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ antiadblockfilters.txt, malwaredomains_full.txt, and the \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ anti-spamware list adblock-list.txt.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ homepage https://github.com/essandess/easylist-pac-privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ checksums rmd160 0f3b2e47c2cf0c2a15b81525e42f6be7b06b7761 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 ece58c6b1bb60439fded12b767f552d100f86f1272d3c3fac5477cb8c62232cf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 81495
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_lib-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:adblock2privoxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:python${python3_version_nickname} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:py${python3_version_nickname}-matplotlib \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:py${python3_version_nickname}-numpy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:py${python3_version_nickname}-scikit-learn
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${destroot}${prefix}/etc/${name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0755 -W ${worksrcpath} easylist_pac.py \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/bin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 proxy.pac \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name}/proxy.pac.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -E \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "1s|env\[\[:space:\]\]+python3|env ${prefix}/bin/python${python3_version}|" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/bin/easylist_pac.py
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.create \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.name \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${subport}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.init \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PROXY_PAC_DIRECTORY=\"\${PROXY_PAC_DIRECTORY:-${proxy_pac_directory}}\"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PROXY_PAC_SERVER=\"\${PROXY_PAC_SERVER:-${proxy_pac_server}}\"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PYTHONIOENCODING=\"\${PYTHONIOENCODING:-utf_8}\"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+test -f \${PROXY_PAC_DIRECTORY}/proxy.pac.orig \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t|| install -m 0644 -S \${PROXY_PAC_DIRECTORY}/proxy.pac \${PROXY_PAC_DIRECTORY}/proxy.pac.orig"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.start \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/easylist_pac.py \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t-p \${PROXY_PAC_SERVER}:3128 -b \${PROXY_PAC_SERVER}:8119 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t-d \${prefix}/etc/${name} \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t-P \${PROXY_PAC_DIRECTORY}/proxy.pac.orig \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& install -m 0644 -g admin -S \${prefix}/etc/${name}/proxy.pac \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t\${PROXY_PAC_DIRECTORY}/proxy.pac"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.pidfile \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ none
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ install_initial_configuration \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${name}/proxy.pac
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![file isfile ${proxy_pac_directory}/proxy.pac] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 ${prefix}/etc/${name}/proxy.pac \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${proxy_pac_directory}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # modify the launch daemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-replace ProgramArguments \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -xml '<array> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>${prefix}/etc/${startupitem.location}/org.macports.${startupitem.name}/${subport}.wrapper</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>start</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>'" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert RunAtLoad -bool NO" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StartCalendarInterval \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -xml '<array> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Weekday</key> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>7</integer> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Hour</key> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>1</integer> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Minute</key> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>10</integer> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>'" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardErrorPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardOutPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.${startupitem.name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The location of the proxy autoconfiguration (PAC)\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file and the web server IP address are specified by the\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ environment variables (with default values):
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${PROXY_PAC_DIRECTORY:-${proxy_pac_directory}}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${PROXY_PAC_SERVER:-${proxy_pac_server}}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The native macOS Web Server must be started with the command:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo apachectl start
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The launch daemon org.macports.${subport} is configured with\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ RunAtLoad false. To initialize this service at its first load, run:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo port load ${subport}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo launchctl kickstart -k system/org.macports.${subport}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subport ${name}-hphosts {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description A community managed and maintained hosts file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ long_description \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ hpHosts is a community managed and maintained hosts file that \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ allows an additional layer of protection against access to ad, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ tracking and malicious websites.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_run-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:gnupg2 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:perl${perl5_major_version} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:p${perl5_major_version}-data-validate-domain \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:wget
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/log
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/log
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach f { blacklist.txt hosts.orig whitelist.txt } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/${f} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name}/${f}.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # sudo gpg --homedir /var/root/.gnupg --export --armor --output ~/Downloads/hphosts_pubkey_file.txt services@it-mate.co.uk
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/hphosts_pubkey_file.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.create \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.name \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${subport}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.init \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\${prefix}/bin/gpg --homedir /var/root/.gnupg --import \${prefix}/etc/${name}/hphosts_pubkey_file.txt"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.start \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "( /bin/test -f \${prefix}/etc/${name}/hosts.orig \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t|| install -m 0644 -S /etc/hosts \${prefix}/etc/${name}/hosts.orig ) \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& cp \${prefix}/etc/${name}/hosts.orig /tmp/hosts \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& \${prefix}/bin/wget -N -P \${prefix}/etc/${name} http://hosts-file.net/download/hosts.zip \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& \${prefix}/bin/wget -N -P \${prefix}/etc/${name} http://hosts-file.net/hphosts-partial.asp \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& unzip -o \${prefix}/etc/${name}/hosts.zip -d /tmp/hphosts \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& \${prefix}/bin/gpg --verify /tmp/hphosts/hosts.txt.asc /tmp/hphosts/hosts.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& ( test -f \${prefix}/etc/${name}/whitelist.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t|| printf '\\n# whitelisted hosts (FQDN and DN) will be deleted from hphost'\"'\"'s host.zip\\n#\\n' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t\t> \${prefix}/etc/${name}/whitelist.txt ) \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& printf '\\n# hpHosts hosts.txt from http://hosts-file.net/download/hosts.zip:\\n' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t> /tmp/hosts-block.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& cat /tmp/hphosts/hosts.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t| tr -d '\\015' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t| \${prefix}/bin/perl${perl5_major_version} -ane 'use POSIX; use Data::Validate::Domain qw(is_domain); { if (/^127\\.0\\.0\\.1\\s*(.+)$/) { print qq#127.0.0.1\\t\$1\\n# if is_domain(\$1); } else { print; } }' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t\t>> /tmp/hosts-block.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& printf '\\n# hpHosts hphosts-partial.asp from http://hosts-file.net/hphosts-partial.asp:\\n' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t>> /tmp/hosts-block.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& cat \${prefix}/etc/${name}/hphosts-partial.asp \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t| tr -d '\\015' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t| \${prefix}/bin/perl${perl5_major_version} -ane 'use POSIX; use Data::Validate::Domain qw(is_domain); { if (/^127\.0\.0\.1\\s*(.+)$/) { print qq#127.0.0.1\\t\$1\\n# if is_domain(\$1); } else { print; } }' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t\t>> /tmp/hosts-block.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& ( test -f \${prefix}/etc/${name}/blacklist.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& cat \${prefix}/etc/${name}/blacklist.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t\t>> /tmp/hosts ) \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t&& grep -v -E \"`\${prefix}/bin/perl${perl5_major_version} -ane 'BEGIN{\$s=qw#\\\\s+(#}; { if (!/^\\w*#/&length(\$F\[0\])>0){\$s = \$s . \$F\[0\] . qw(|);}} END{\$s = substr(\$s,0,length(\$s)-1) . qw#)\\\\s*#; \$s=~s/\\\\./\\\\\\\\./g; print \$s;}' \${prefix}/etc/${name}/whitelist.txt`\" /tmp/hosts-block.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\t>> /tmp/hosts \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \t&& install -m 0644 -S /tmp/hosts \${prefix}/etc/${name}/hosts-hphosts ; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\trm -fr /tmp/hosts /tmp/hphosts /tmp/hosts-block.txt ; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+\t\${prefix}/sbin/squid -k reconfigure"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.pidfile \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ none
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ install_initial_configuration \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${name}/blacklist.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${name}/hosts.orig \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${name}/whitelist.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # modify the launch daemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-replace ProgramArguments \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -xml '<array> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>${prefix}/etc/${startupitem.location}/org.macports.${startupitem.name}/${subport}.wrapper</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>start</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>'" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert RunAtLoad -bool NO" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StartInterval -integer 86850" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardErrorPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StandardOutPath -string ${prefix}/var/log/${name}.log" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.${startupitem.name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The launch daemon org.macports.${subport} is configured with\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ RunAtLoad false. To initialize this service at its first load, run:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo port load ${subport}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo launchctl kickstart -k system/org.macports.${subport}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if { [variant_isset "initialize_always"] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[exists notes]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # leave a blank line after the existing notes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append ""
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The variant +initialize_always is set, which initializes\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ all configuration files. Please disable this variant for\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ working deployments."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/blacklist.txt b/net/macos-fortress/files/blacklist.txt
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..b8eebe2
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/blacklist.txt
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,57 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# blacklisted hosts of the form "127.0.0.1 hostname.tld" appened to /etc/hosts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 127.0.0.1 www.ahostnamethatyouwanttoblackholebutwillneveractuallyseeontheinternet.net
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# https://krebsonsecurity.com/2014/01/deconstructing-the-9-84-credit-card-hustle/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 callscs.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 cewebcs.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 cs-casa.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 cewcs.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 eduacc.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 educs.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 eetsac.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 etosac.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 feosac.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 foculu.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 homecs.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 iawcs.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 iewcs.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 livecs.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 netcs.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 ntccs.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 ntsupp.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 onwsac.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 premcs.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 profcs.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 quikcs.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 sacluc.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 sacsis.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 sewcs.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 suppcs.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 tdwcs.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 techcs.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 vagacs.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 webcs.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# https://guardianapp.com/ios-app-location-report-sep2018.html
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 api.areametrics.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 in.cuebiq.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 et.intake.factual.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 api.factual.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 api.beaconsinspace.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 api.huq.io
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 m2m-api.inmarket.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 mobileapi.mobiquitynetworks.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 sdk.revealmobile.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 api.safegraph.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 incoming-data-sense360.s3.amazonaws.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 ios-quinoa-personal-identify-prod.sense360eng.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 ios-quinoa-events-prod.sense360eng.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 ios-quinoa-high-frequency-events-prod.sense360eng.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 v1.blueberry.cloud.databerries.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 pie.wirelessregistry.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Blocking this domain breaks CNN app live streaming -- send to nginx blackhole
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# To diagnose:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# tcpdump -e -ttt -i en0 -w my-iPad-cnn-3128.pcap src my-iPad or dst my-iPad
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# grep -a 'URL: <a' < my-iPad-cnn-3128.pcap | perl -lne 's/^.*URL: <a href="https?:\/\/([-\w.]+)\/?.*?">.*$/\1/; print;' | uniq
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1:8119 bea4.v.fwmrm.net
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/blockips.conf b/net/macos-fortress/files/blockips.conf
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..cc071dd
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/blockips.conf
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,26 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Define tables and drop rules for open source IP blocks
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Reload with:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# pfctl -a blockips -T load -f @PREFIX@/etc/@NAME@/blockips.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Emerging Threats Open Source, http://rules.emergingthreats.net/fwrules/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+table <emerging_threats> persist file "@PREFIX@/etc/@NAME@/emerging-Block-IPs.txt"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+block drop log quick from <emerging_threats> to any
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# http://rules.emergingthreats.net/blockrules/compromised-ips.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+table <compromised_ips> persist file "@PREFIX@/etc/@NAME@/compromised-ips.txt"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+block drop log quick from <compromised_ips> to any
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# THIS RULESET HAS BEEN OBSOLETED!!
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# http://rules.emergingthreats.net/blockrules/rbn-ips.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#table <rbn_ips> persist file "@PREFIX@/etc/@NAME@/rbn-ips.txt"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#block drop log quick from <rbn_ips> to any
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# http://rules.emergingthreats.net/blockrules/rbn-malvertisers-ips.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#table <rbn_malvertisers_ips> persist file "@PREFIX@/etc/@NAME@/rbn-malvertisers-ips.txt"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#block drop log quick from <rbn_malvertisers_ips> to any
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# dshield.org block list
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+table <dshield_block_ip> persist file "@PREFIX@/etc/@NAME@/dshield_block_ip.txt"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+block drop log quick from <dshield_block_ip> to any
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/dshield_pubkey_file.txt b/net/macos-fortress/files/dshield_pubkey_file.txt
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..d42f137
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/dshield_pubkey_file.txt
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,42 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-----BEGIN PGP PUBLIC KEY BLOCK-----
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+mQENBFhpH0wBCAC1CthDoy7pzCQINVVz45kS6DWzpI9Qh2sbO9pa8w5H7DCes7T3
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+B+4Q73306AOcfkaNGIhm2UT6QKVshUbq62tFSGwO9XYgHJ6ooZrwLtNuqo5EfAQh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+RUv8ujIxwQtPJGA6d6Sp462suDX0PmjCNIKo2h80rSiGeDB26Y4inaqRWdmrSZsy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pX1AYF+RiZRBVb5fz4R3pJhST2L9oWxdQQNAw4bENOD//pJ27/krtzzIgqvybr8w
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+r+6fC/zZ8dy8377G+ylyZzzHizz+EdJX1UvDSdNaHEEzKwoVqkNhifvo0JQQL2R5
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+MGikkksyc7FoGLm58+HweivZO9ASwUV9icVrABEBAAG0SkRTaGllbGQgQmxvY2ts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+aXN0IChVc2VkIHRvIFNpZ24gRFNoaWVsZCBCbG9ja2xpc3QpIDxibG9ja2xpc3RA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ZHNoaWVsZC5vcmc+iQE9BBMBCgAnBQJYaR9MAhsDBQkJZgGABQsJCAcDBRUKCQgL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+BRYCAwEAAh4BAheAAAoJEH0PQzkiEIT0uRQH/1xG5ii9Lz6PjWt3UYeAHNAvXwLB
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+TEtYbCRBzMiG4ZoYKD1OvfOaDDiTq9GCOS+tjwUOBzOui8Nj/ahg4EUEaCKEveye
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+zFsxqloV5sTkN5iQp0dlaOha3A3o9Peh9FguxmpDqomsekJHuYu9Pl/FswXZByub
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+VTiN0QL94Payh+mXEaJbLhyXWn9J2RGBY+EqG/LxsSAmfen6tMg+xTNGZEEnV9hf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Av80lYDkSlpaKX+OtDyPbE8LaGtcMKu/eYoE0hu/3pZhf5MnbGEFOeTSYjRD65TF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+l8CmsesUePW4drdwuekCKSUW56eZnKJEss7uALwnqomo9QRFjn29jhFYtFuJAhwE
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EAEKAAYFAlhpH9wACgkQv0LHdXSmgdWy8BAAp2HOLrVAZYsKhgDMScDQZVkx8RxA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+RVoegH3AFoIcxilMH53us035R3a6GSWdWvMSEPNSKdCF4gor747jhJCTyheUgc4k
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+l4RdIs/113/5NXCfCoaKXaoJgKHxFEL1j801b2poQrCidNCtxLmqdzMzgp0SSmO/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+znexTJSxc8bqZ0vxQz2F5JU7A3p5Sn4aYJUm4XQeluLAN5675ploUas2YgLjxXft
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+l9j7EmgzF7X0ZkDP4LH6+mU0kh/jjyV8SCachjkRW3h+O/vu+yheCr63k+DNeCSL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+b9njwghLMsWfEg3RDTWdK3IOqwVNjpZ+AFGrJSE2e9HGixNUOSA8ZYO4GLZAdvxX
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ZznEQgueAZn9ZINZUGHskJYXgEGDMkJlB2gWTjYRGBC1c2JbfSrX/UYq6PPKMZ0h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Yq0sy5o+Rt5a1xjZ8znNJz2LCMTX5KWt4VIRv/L/naX4jjY4xydoEPG+UEmsB909
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+qbuJByoSVeoSgQnBVpx1hDhspsLTDEFf/FL+cEGVrPIeXzIVpBQVBiKPe59YNv84
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+7SLiavKXki09BwJeUGy317rUU9VbuyPryEnZTDGt36tKVwAKdKQH8ICYPKIy2FkA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+4INa7wa5NEb21YYD6y1VIasmSDqXJBmpA1i/BqurMAG2nCItbPxBnIzHpenqSsZO
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Gvz2817y9BcCdiu5AQ0EWGkfTAEIAMp3rHYcDF6gDTOypSFy0rIAHlnFJhdoreCE
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+tCy41Dbi7Ljx+lT3wuw23kkeYT66JjmcFnRWDS1nEZaUYm29ewZ2IHcxduZnPO+p
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fVDo35x6HLHe0q+2cjtC3fyW8+o2TPW4OD8pkfK3EKQahj2w1RxWS+hVXPEXVyI9
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+vBUTsWXHhK9R7QmHO+ibynqmkes2TtiHD2H3lWuUIIhSaVMFjdOnQKDHjQXK4Dex
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+dgftv8ZGTANvKF3JACy4YVMx2AyUxtm3Eo9QaPhY5YBohlwdGaaJ+H7CFf4U4d2Q
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+OOFoQ8FBYeKtOljmlboZXWVgAsZPUBMel3/jyxu5L5Riqh2rShUAEQEAAYkBJQQY
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+AQoADwUCWGkfTAIbDAUJCWYBgAAKCRB9D0M5IhCE9LXKB/9BW9ATsHabNzE2XSxN
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+E3eB4rruqXU7WqwN6K4wxL1arN3EnsumVerkB9QKpRX8veUMecMG8Ih7Hh1EL+Sy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+SqY5bqL+jaH9IdrXNSG5Dp4igzFCXYgXe9SimgzGbrGlR0CMGywrlhooll/3Is0L
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+P/pxBRKU7uGSDmqWv4Fzy46y7QKPk5kN6XLjsLVN/xnE6glBPsA0qWQDo7Kxp6ZE
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fRXOJjXaOsoGjPLSoS6JyliUChzQkDUOevRRYNwSG4gZVPM9t1XxDyDwwcxeQrzP
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+dW0mXX3Z1bdyJEfz4n1cNZ2LZoqR5qpQITFmRaGmeiwV6+w12f5XnGFjeo6G7S0Y
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+AQAb
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+=+hHu
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-----END PGP PUBLIC KEY BLOCK-----
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/hosts.orig b/net/macos-fortress/files/hosts.orig
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..34d0068
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/hosts.orig
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,9 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+##
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Host Database
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# localhost is used to configure the loopback interface
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# when the system is booting. Do not change this entry.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+##
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+127.0.0.1 localhost
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+255.255.255.255 broadcasthost
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+::1 localhost
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/hphosts_pubkey_file.txt b/net/macos-fortress/files/hphosts_pubkey_file.txt
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..4672b3f
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/hphosts_pubkey_file.txt
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,52 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-----BEGIN PGP PUBLIC KEY BLOCK-----
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+mQSuBFSrSTIRDAC4geeOdrkHmMxIgUKqzjjgxnj6ZrcXLtQUI/p2p/sSvpx/jJiE
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+yeLQ49sl3Y9mKMNGUptwk1Z52LtiG23Ey/JGOoIVLSbtbu6JI3KhwrR7WNyDs9S1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+DZvCBcRQX7vcLdPhUymaikIYWpqBRPJOaIjAJ7z8DQ00P65rnWZ1+5+O3jzVuDfX
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+2NidTskYq7viLfd1i3TwyzZkvZzT0FQ01sKrFMR6NVl0X/VPUixpwR1E0zVbCQEe
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+3ZBoG6x5yvl6wBqcJKXPQ3qbvxJ3GgL1iDYZAUpGcCdiFnu0/1c/9e0xbes53Zmo
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+qrMiqd2OEDY/08t/fXmVPJyqeJ29Esb572/hcYaUNU+QG2UGVy64dhVh2SYuTxd1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+R5AqKltfSf6JXb40fovJkwsyU/8py7BfzIItssYAJxmxS2Aw5jBLhnIbfub0jiJU
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+bqZ+s0pWgllfnu/2n8mDqXfaf3E+kmHiqPm0Ip/AXMK/XkBzeCIkYa5oMsf975Vu
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+nlR59Vi5r+AbvxMBANeuHIXoSYYiqngqKqO7YI32IAV+0VxhWOiC9r2ZZwjZDACt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+GvXp1wimPfsAQpIBJjnMDiu8/wiAVrUVnZpcBKz4sizen9O9du/LMrgfCn9nIanm
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pi/mc+Xfsgwvwc7PT5+UiO/vfOlyiQKCPK2BH88ROOwqh/8IcZlGF76yV1308aXM
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+9kePcDCoXRxwlbJgA0gbNgalIwx3gFhdt7U/vjM6rZdLbld7BzZTbl5/4wRj+pPJ
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+OyH/gkhlYEZpKvP3dSsXSHM5aNymXdjFBKKJ/rTUmd5bG6LrfNH2uHxjGg7VCSlR
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+2b68ZZF8IbOvhYomthAgbV7lqT2uibym6F1ns/D/l4KbwE+GnG06IRxWzO89J17J
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+s0Xhzc0P9V8nLiepsdp3MTofkIG1qA0CB5q4yIfUr9N7vGLfLRbmuFJpsPayyfaB
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+n+LiyvSxNme76PjCRjSyC2e1zw1DOh1H+BTQSC7OFIGyCVQzH0BstD9EkVeeoIf7
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+5Q8RV/sniyM/5EbpDQs9ogR51FdV7JdusRRSFxesZKkAxzMOFPu9FCzk2yIncVUM
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+AKB00m+wd0081FoNWBwtpf/kHfgYCgoL9WI867d2y3PVyt8hcdkABrIjf1Q0klEC
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+B4MULvhhglSxcSOMhLSR0e/tzKakeN+dZRHfZp2n8vEhY5eskqev/fTScU/dQhlm
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+lN4r9Qdf3YGQy/7CTtzhiqwkP8Cl6OyY0SPtZUyrtfLY/BeN4MOIJOYalRhGZJkP
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ISmjI+tbt0nXlKKJSkkNFjrbc1NUHNSGw5nUUf6DmFgGySBEi4F3S7NytZv6nHlr
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+7ZFVMZtgcAAY6mdzULWWJPlEMM7T/KKVgaP9qpQFf5c/vg4mngBK/5XqTnmAUdrq
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+4cyiubzxUKaook1eu9b7z7uz82MRw7xcyea6PLBujcas/f3RF/XJLd+IT8FqyN75
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+nb3y299XzfWkNdVBd2OnzMzT8zrHPwP9noKcEuTK36Ux0pXlJmbeNtnKQ3rwm14Y
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+RsGXAnjwrv7JAxQ7pDNV8OqrtxSYBOiU95Ni/17gnGeona0TkPhWz4PyRWp9b+SK
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+FrQ4U3RldmVuIEJ1cm4gW2hwSG9zdHNdIChocEhvc3RzKSA8c2VydmljZXNAaXQt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+bWF0ZS5jby51az6IewQTEQgAIwUCVKtJMgIbAwcLCQgHAwIBBhUIAgkKCwQWAgMB
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Ah4BAheAAAoJEOjNFzlgjZABdVAA/irz3nHnidWFJeFDiKPcNdD7MOYUrLrcU66P
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+k8/P5o1uAP0aIbc4pOzpEMo0wIpmrdAXMZH4zuaoSc+E+pWG8sOoBbkDDQRUq0ky
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EAwA/fUEEv0AiZ28j4OvgzxAkJrqeIryeii3AmUY+CzJkOn38WjD4jZj1yTTCdRt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Ss20c7lO62yuD26A04Nr221yY11XZewKnzpXEhONjLFFR5RRVmsUnFLyhngWJgoj
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+2NqGPOYdO02bTURRwyluV1A4M20QvI5ODB7eP3xXRZHIgqRmisLCLipVCIVREaaR
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+mJJO5tgT+ZGJQKbytbDaraveFDZKb49ADO9El6Y0IXm+1uNpH098PSYNRf6nkIoh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+w+tBijey3LR4B7axBEVak9rPXduO+oNOpa44s3/+KxaG2hxt7hGazCpzboZrhLwr
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+96XlORnp8K5Efyxqi611b8T0JEkwUbDmVQhD3NnN4BiII45mYDhQXO5gy6mlBepr
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+tM3Tg/0QkG+6CRZWfXtlXflqoi9eSeIwJGAngQUfCrb49IWg8WDZ7Ng4cLCByAW1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+qZq3tvf+jnqS5ZdxeNER7tenhIequ6uu0UQcLklQfEKbGrmjeScYdSU+C/biz2QO
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+NDarAAMFC/92YZRgCWpVHh4JP6rcZDqD2WMYexXs/VElNGr7WmgxWwIivLUu5seg
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+TBXOcuZxOaxJnso3x9wmkOa3zmjEHxJ+YB93yI37fDgNaChvr4NRuXRmciVJlf9O
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+mVp2WRZ805+anUh+HFyOzFu2k+Io3vENAiaV4fPVb2NaegQbR1thLTgTzcR1ofrE
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+IwffbEA0VSXJ4A4oDHFqiILI4dfUljE8kFqe0dU4dRFnoBCD7veDRQDgj0giIBpm
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sQPEL/fK3qtFBuiBwFyDB1heIney1ze2dGhI9vdXCSZHQICjooSXuObNka9gZtBU
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+dCnrJQmMe0MSrGTdc89lC2ToX5npMW7UfBgMi1+WRa41PxudE43Y4ljLnz47h+5r
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+yWy56Sknw9fl/3NTXayd/0KbTpo4VCc9GqX64Looc+wcrvxm1doe+Jg3R/iTsAgo
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+mIbzITWomO/KCcq3v4CT5gCi5CeKJ7zkJF/GAaf7UntPeFwpUKQk5gmfVeGAs1C5
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+G4+lsZz3tHWIYQQYEQgACQUCVKtJMgIbDAAKCRDozRc5YI2QAdRtAQDSvtRPHvzm
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+2zy3JwkEb3Cq1j6k9vhdA1MUDjnoogBYyQD/WdWrnmw8PvpAJ0Q26CJ0FEXqYdb4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+v4FmqNPMrDBv6YM=
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+=bbKb
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-----END PGP PUBLIC KEY BLOCK-----
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/logrotate.d.macos-fortress b/net/macos-fortress/files/logrotate.d.macos-fortress
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..86282e9
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/logrotate.d.macos-fortress
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,11 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@PREFIX@/var/log/@NAME@/*.log {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ weekly
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ missingok
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# rotate 52
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ compress
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delaycompress
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notifempty
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# create 640 root admin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# sharedscripts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# endscript
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/macosfortress_setup_check.sh b/net/macos-fortress/files/macosfortress_setup_check.sh
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..304067a
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/macosfortress_setup_check.sh
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,308 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#!/bin/sh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# macOS-Fortress: Firewall, Blackhole, and Privatizing Proxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# for Trackers, Attackers, Malware, Adware, and Spammers
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# macos_fortress_setup_check.sh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# commands
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+SUDO=/usr/bin/sudo
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PORT=/opt/local/bin/port
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+LAUNCHCTL=/bin/launchctl
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PFCTL=/sbin/pfctl
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+KILLALL=/usr/bin/killall
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+CAT=/bin/cat
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+SED=/usr/bin/sed
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+GREP=/usr/bin/grep
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EGREP=/usr/bin/egrep
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ECHO=/bin/echo
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PFCTL=/sbin/pfctl
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+HEAD=/usr/bin/head
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+TAIL=/usr/bin/tail
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+LSOF=/usr/sbin/lsof
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+KILLALL=/usr/bin/killall
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PS=/bin/ps
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+WC=/usr/bin/wc
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+CURL=/usr/bin/curl
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+AWK=/usr/bin/awk
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+HOSTNAME=/bin/hostname
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+JSC=/System/Library/Frameworks/JavaScriptCore.framework/Versions/A/Resources/jsc
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PROXY_HOSTNAME="${PROXY_HOSTNAME:-@PROXY_HOSTNAME@}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+LAUNCHDAEMONS=/Library/LaunchDaemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# apache for proxy.pac
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if ! [ -d /Applications/Server.app ]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # macOS native apache server for proxy.pac
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ PROXY_PAC_DIRECTORY="${PROXY_PAC_DIRECTORY:-@PROXY_PAC_DIRECTORY@}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+else
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # macOS Server for proxy.pac
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ PROXY_PAC_DIRECTORY="${PROXY_PAC_DIRECTORY:-/Library/WebServer/Sites/${PROXY_HSOTNAME}}"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fi
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fname_exists () { [ -f "${FNAME}" ] && echo "[✅] ${FNAME} exists" || echo "[❌] ${FNAME} DOESN'T EXIST!"; }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# print launchd status, or echo "# comment line"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+launchctl_check () { "${EGREP}" -q -e '^(\d+|-)+\s[0]' <<< "${LINE}" && echo "[✅]\t${LINE}" || echo "[❌]\t${LINE}"; }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# launchctl_check () { [ "${PLIST##\#*}" == "" ] && echo "${PLIST}" || ( [ -f "${LAUNCHDAEMONS}/${PLIST}" ] && ( LINE=`"${SUDO}" "${LAUNCHCTL}" list | "${EGREP}" -e $(echo "${PLIST}" | "${SED}" -e 's/.plist$//')'$'`; "${EGREP}" -q -e '^(\d+|-)+\s[0]' <<< "${LINE}" && echo "[✅] ${LINE}" || "[❌] ${LINE}" ) || echo "[❌] ${LAUNCHDAEMONS}/${PLIST}: NOT INSTALLED!"; ) }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"${CAT}" <<HELPSTRING
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Checking macOS-Fortress installed items (run as sudo)…
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+HELPSTRING
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# launchcd.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Checking launchd.plist files…
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+LAUNCHD_PLISTS=( \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.@NAME@ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.@NAME@-pf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.@NAME@-pf.brutexpire \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.@NAME@-pf.subports \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.@NAME@-dshield \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.@NAME@-emergingthreats \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.@NAME@-proxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.@NAME@-proxy.squid-rotate \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.@NAME@-easylistpac \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.@NAME@-hphosts \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.adblock2privoxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.adblock2privoxy-nginx \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.Squid \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.Privoxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ )
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+for PLIST in "${LAUNCHD_PLISTS[@]}" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ; do \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ FNAME="${LAUNCHDAEMONS}/${PLIST}.plist"; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ fname_exists; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+done
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"${CAT}" <<'EOF'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Checking launchd.plist's. These should all be installed with return
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+code 0 (2d column of `sudo launchctl list`)…
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+IFS="|"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+LAUNCHD_PLISTS_REGEX="(${LAUNCHD_PLISTS[*]%%.plist})"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+IFS=$'\n'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+LAUNCHD_LIST=(`"${SUDO}" "${LAUNCHCTL}" list | "${EGREP}" "${LAUNCHD_PLISTS_REGEX}"`)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# loaded launchcd.plist's
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+for LINE in "${LAUNCHD_LIST[@]}" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ; do \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ launchctl_check; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+done
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# unloaded launchcd.plist's
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+LAUNCHD_SERVICES=(`for L in "${LAUNCHD_LIST[@]}"; do "${AWK}" '{ print $3 }' <<< "${L}"; done`)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+IFS="|"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+LAUNCHD_SERVICES_REGEX="(${LAUNCHD_SERVICES[*]})"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+IFS=$'\n'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+for SERVICE in "${LAUNCHD_PLISTS[@]}" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ; do \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${EGREP}" -q -e "${LAUNCHD_SERVICES_REGEX}" <<< "${SERVICE%%.plist}" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || echo "[❌] ${SERVICE%%.plist} isn't loaded!"; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+done
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# PF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Checking PF files…
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+unset IFS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PF_FILES=( \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/pf.conf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/blockips.conf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/emerging-Block-IPs.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/compromised-ips.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/dshield_block_ip.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/block.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/block.txt.asc \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+for FNAME in "${PF_FILES[@]}" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ; do \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ fname_exists; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+done
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Checking PF…
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# pfctl
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if [[ `"${SUDO}" "${PFCTL}" -s info | "${HEAD}" -1 | "${TAIL}" -1` =~ "Status: Enabled" ]]; then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo "[✅] PF is enabled and running"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+else
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[❌] PF isn't enabled! Troubleshooting:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo pfctl -si
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+less @PREFIX@/var/log/@NAME@.log
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo @PREFIX@/bin/gpg --homedir /var/root/.gnupg --list-keys | grep -A2 -B1 -i dshield.org
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo pfctl -Fall && sudo pfctl -ef @PREFIX@/etc/@NAME@/pf.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fi
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# hphosts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Checking hphosts files…
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+HPHOSTS_FILES=( \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/hosts-hphosts \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/hosts.zip \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/hphosts-partial.asp \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/whitelist.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/blacklist.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+for FNAME in "${HPHOSTS_FILES[@]}" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ; do \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ fname_exists; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+done
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Checking @PREFIX@/etc/@NAME@/hosts-hphosts creation…
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# pfctl
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if [ -f /etc/hosts-hphosts ]; then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo "[✅] @PREFIX@/etc/@NAME@/hosts-hphosts exists"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+else
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[❌] @PREFIX@/etc/@NAME@/hosts-hphosts doesn't exist! Troubleshooting:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo @PREFIX@/bin/gpg --homedir /var/root/.gnupg --list-keys | grep -A2 -B1 -i hpHosts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo port reload org.macports.@NAME@-hphosts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fi
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Proxy PAC and proxy chain
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Checking proxy PAC and proxy chain files…
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PROXY_FILES=( \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${PROXY_PAC_DIRECTORY}/proxy.pac.orig" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${PROXY_PAC_DIRECTORY}/proxy.pac" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/bin/easylist_pac.py \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/bin/adblock2privoxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/@NAME@/proxy.pac \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/adblock2privoxy/nginx.conf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/adblock2privoxy/css/default.html \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.action \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.filter \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.system.action \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.system.filter \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/squid/squid.conf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/var/squid/logs/cache.log \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/etc/privoxy/config \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ @PREFIX@/var/log/privoxy/logfile \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+for FNAME in "${PROXY_FILES[@]}" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ; do \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ fname_exists; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+done
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Checking proxy status…
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# squid
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if [[ `"${SUDO}" "${LSOF}" -i ':3128' | "${TAIL}" -1` && `"${PS}" -ef | "${GREP}" "@PREFIX@/sbin/squid -s" | "${EGREP}" -v '(grep|daemondo)' | "${WC}" -l` -eq 1 ]]; then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo "[✅] Squid is running properly"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+else
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[❌] Squid isn't running properly! Troubleshooting:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo squid -k check
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo less @PREFIX@/var/squid/logs/cache.log
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo port unload squid4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo killall '(squid-1)'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo killall 'squid'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sleep 5
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo port load squid4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fi
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if [[ `"${SUDO}" "${LSOF}" -i ':8118' | "${TAIL}" -1` ]]; then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo "[✅] Privoxy is running properly"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+else
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[❌] Privoxy isn't running properly! Troubleshooting:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo less @PREFIX@/var/log/privoxy/logfile
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo port reload privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fi
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Privoxy configuration http://p.p/ via proxy server
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if ! [[ `( http_proxy=http://${PROXY_HOSTNAME}:3128; "${CURL}" -s --head http://p.p/ | "${HEAD}" -n 1 | "${GREP}" "HTTP/1.\d [23]\d\d" )` ]]; then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo "[✅] Privoxy config http://p.p/ via http://${PROXY_HOSTNAME}:3128 is running properly"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+else
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[❌] Privoxy config http://p.p/ via http://${PROXY_HOSTNAME}:3128 isn't running properly! Troubleshooting:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo less @PREFIX@/var/log/privoxy/logfile
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo port reload privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fi
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# nginx
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if [[ `"${SUDO}" "${LSOF}" -i ':8119' | "${TAIL}" -1` ]]; then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo "[✅] nginx is running properly"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+else
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${CAT}" <<'EOF'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[❌] nginx isn't running properly! Troubleshooting:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo ps -f `cat @PREFIX@/var/run/nginx/nginx-adblock2privoxy.pid`
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo port reload org.macports.adblock2privoxy-nginx
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fi
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Javascript parsing of proxy.pac.orig and proxy.pac
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if [ -x "${JSC}" -a -f "${PROXY_PAC_DIRECTORY/proxy.pac.orig}" ]; then \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${JSC}" "${PROXY_PAC_DIRECTORY}/proxy.pac.orig" >/dev/null 2>&1 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && echo "[✅] PAC ${PROXY_PAC_DIRECTORY}/proxy.pac.orig passes Javascript parsing" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || echo "[❌] PAC ${PROXY_PAC_DIRECTORY}/proxy.pac.orig fails Javascript parsing" ; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fi
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if [ -x "${JSC}" -a -f "${PROXY_PAC_DIRECTORY}/proxy.pac" ]; then \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${JSC}" "${PROXY_PAC_DIRECTORY}/proxy.pac" >/dev/null 2>&1 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && echo "[✅] PAC ${PROXY_PAC_DIRECTORY}/proxy.pac passes Javascript parsing" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || echo "[❌] PAC ${PROXY_PAC_DIRECTORY}/proxy.pac fails Javascript parsing" ; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fi
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# proxy.pac on proxy server
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if [[ `"${CURL}" -s --head "http://${PROXY_HOSTNAME}/proxy.pac" | "${HEAD}" -n 1 | "${GREP}" "HTTP/1.\d [23]\d\d"` ]]; then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo "[✅] Web server for http://${PROXY_HOSTNAME}/proxy.pac is running properly"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+else
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[❌] Web server for http://${PROXY_HOSTNAME}/proxy.pac isn't running properly! Troubleshooting:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo apachectl start
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fi
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# blackhole on proxy server
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if [[ `"${CURL}" -s --head "http://${PROXY_HOSTNAME}:8119/" | "${HEAD}" -n 1 | "${GREP}" "HTTP/1.[01] [23]\d\d"` ]]; then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo "[✅] Blackhole server for http://${PROXY_HOSTNAME}:8119/ is running properly"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+else
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${CAT}" <<EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[❌] Blackhole server for http://${PROXY_HOSTNAME}:8119/ isn't running properly! Troubleshooting:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo ps -f \`cat @PREFIX@/var/run/nginx/nginx-adblock2privoxy.pid\`
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sudo port reload org.macports.adblock2privoxy-nginx
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+EOF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+fi
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/pf.conf b/net/macos-fortress/files/pf.conf
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..fe29ee8
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/pf.conf
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,221 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Default PF configuration file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This file contains the main ruleset, which gets automatically loaded
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# at startup. PF will not be automatically enabled, however. Instead,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# each component which utilizes PF is responsible for enabling and disabling
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# PF via -E and -X as documented in pfctl(8). That will ensure that PF
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# is disabled only when the last enable reference is released.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Care must be taken to ensure that the main ruleset does not get flushed,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# as the nested anchors rely on the anchor point defined here. In addition,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# to the anchors loaded by this file, some system services would dynamically
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# insert anchors into the main ruleset. These anchors will be added only when
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# the system service is used and would removed on termination of the service.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# See pf.conf(5) for syntax.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# References for modifications:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The Book of PF by Peter N.M. Hansteen, p. 21
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# http://ikawnoclast.com/security/mac-os-x-pf-firewall-avoiding-known-bad-guys/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# http://support.apple.com/kb/HT5519?viewlocale=en_US&locale=en_US
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# http://blog.scottlowe.org/2013/05/15/using-pf-on-os-x-mountain-lion/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# http://krypted.com/mac-security/a-cheat-sheet-for-using-pf-in-os-x-lion-and-up/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Internal interface; use the command `ifconfig -a` or:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ ifconfig | pcregrep -M -o '^[^\t:]+:([^\n]|\n\t)*status: active' | egrep -o -m 1 '^[^\t:]+'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+int_if = "@INTERFACE@"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# VPN network (uncomment '#vpn#' comment lines)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $vpn_net == utun0/24 when Tunnelblick creates utun0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# vpn_net = "10.8.0/24" # utun0 interface doesn't exist at boot time
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Options
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set block-policy return
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set fingerprints "/etc/pf.os"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set ruleset-optimization basic
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set skip on lo0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Normalization
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Scrub incoming packets
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+scrub in all no-df
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# com.apple anchor point
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+scrub-anchor "com.apple/*"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Queueing
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Translation
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# OpenVPN Server NAT
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The Book of PF, p. 21
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Allow VPN connections to the VPN host:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# http://serverfault.com/questions/555594/troubleshoot-broken-tcp-from-openvpn-client-to-server-but-ping-traceroute-work
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#tun_if = "utun0"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#no nat on ! $tun_if from $vpn_net to ($int_if)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#nat on ! $tun_if from $vpn_net to ! ($int_if) -> ($int_if)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Use a list in case Tunnelblick creates multiples utun interaces
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#tun_if = "{ utun0, utun1, utun2, utun3, utun4, utun5, utun6, utun7, utun8, utun9 }"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# not_tun_if = "{ !utun0, !utun1, !utun2, !utun3, !utun4, !utun5, !utun6, !utun7, !utun8, !utun9 }"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# no nat on $not_tun_if from $vpn_net to ($int_if)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# nat on $not_tun_if from $vpn_net to ! ($int_if) -> ($int_if)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This rule must be included below BEFORE these packets are passed by other rules:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# pass in quick on $tun_if reply-to $tun_if from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+nat-anchor "com.apple/*"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+rdr-anchor "com.apple/*"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+dummynet-anchor "com.apple/*"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+anchor "com.apple/*"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+load anchor "com.apple" from "/etc/pf.anchors/com.apple"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# macOS Server Adaptive Firewall
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Comment out for non-macOS Server instances
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# anchor "com.apple.server-firewall/*"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# load anchor "com.apple.server-firewall" from "/etc/pf.anchors/com.apple.server-firewall"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Filtering
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Block by default
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+block all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Debugging:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#pass quick log (all, to pflog0) all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#block log (all, to pflog0) all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# debugging rules
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo ifconfig pflog0 create
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo tcpdump -n -e -ttt -i pflog0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo ifconfig pflog0 destroy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# block log (all, to pflog0) all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Allow VPN connections to the VPN host:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# http://serverfault.com/questions/555594/troubleshoot-broken-tcp-from-openvpn-client-to-server-but-ping-traceroute-work
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# pass in quick on $tun_if reply-to $tun_if from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Rule for a lot of utun interfaces in case Tunnelblick creates extras
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in quick on utun0 reply-to utun0 from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in quick on utun1 reply-to utun1 from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in quick on utun2 reply-to utun2 from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in quick on utun3 reply-to utun3 from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in quick on utun4 reply-to utun4 from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in quick on utun5 reply-to utun5 from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in quick on utun6 reply-to utun6 from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in quick on utun7 reply-to utun7 from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in quick on utun8 reply-to utun8 from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in quick on utun9 reply-to utun9 from $vpn_net to $int_if
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Local net
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+table <lan_inet> const { 10/8, 172.16/12, 192.168/16 }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+table <lan_inet6> const { ::1, fe80::/10 }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass quick inet from <lan_inet> to any keep state
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass quick inet6 from <lan_inet6> to any keep state
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Antispoof
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+antispoof log quick for $int_if inet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Block to/from illegal destinations or sources
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+block drop in log quick from no-route to any
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+block drop in log quick from urpf-failed to any
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This is observed on macOS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#block drop in log quick on $int_if from any to 255.255.255.255
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Whitelist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Hardcoded IPs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#mydomainname_com = "xxx.xxx.xxx.xxx"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#table <whitelist> const { $mydomainname_com }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#pass in quick from <whitelist>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#pass out quick to <whitelist>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Block brute force attacks
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+table <bruteforce> persist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+block drop log quick from <bruteforce>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Allow application-specific traffic over these interfaces
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# multicast DNS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass on $int_if proto { udp, tcp } to { 224.0.0.2, 224.0.0.18, 224.0.0.251 } port mdns
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass on $int_if proto igmp to { 224.0.0.1, 224.0.0.22, 224.0.0.251 }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# quick pass of Tor relay ports to avoid blocks below
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#tor_relay = "{ 9001, 9030 }"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#pass in quick proto tcp from any to $int_if port $tor_relay
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#pass out quick proto tcp from $int_if port $tor_relay to any
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Open Source IP blocks
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Refresh with pfctl -a blockips -T load -f @PREFIX@/etc/@NAME@/blockips.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+anchor 'blockips' label "Open Source IP Blocks"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+load anchor 'blockips' from '@PREFIX@/etc/@NAME@/blockips.conf'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ICMP
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+icmp_types = "echoreq"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass inet proto icmp from $int_if:network to any icmp-type $icmp_types
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass inet proto icmp from any to $int_if icmp-type $icmp_types
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# allow out the default range for traceroute(8):
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# "base+nhops*nqueries-1" (33434+64*3-1)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass out on $int_if inet proto udp from any to any port 33433 >< 33626
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Allow critical system traffic
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass in quick inet proto udp from port bootps to port bootpc
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass out quick inet proto udp from port bootpc to port bootps
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# LAN services: block access, except from localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+lan_udp_services = "{ domain, 5001, postgresql }"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+lan_tcp_services = "{ domain, auth, nntp, www, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 311, 3128, 5001, 5900:5909, privoxy, postgresql, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 8123, 8180, 8181, 9150, 9151 }"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+block in proto tcp from any to $int_if port $lan_tcp_services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+block in proto udp from any to $int_if port $lan_udp_services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass in inet proto udp from $int_if:network to $int_if port $lan_udp_services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass in inet proto tcp from $int_if:network to $int_if port $lan_tcp_services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass out proto udp from $int_if port $lan_udp_services to $int_if:network
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass out proto tcp from $int_if port $lan_tcp_services to $int_if:network
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Add vpn_net if running OpenVPN
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in inet proto udp from $vpn_net to $int_if port $lan_udp_services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass in inet proto tcp from $vpn_net to $int_if port $lan_tcp_services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass out proto udp from $int_if port $lan_udp_services to $vpn_net
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#vpn# pass out proto tcp from $int_if port $lan_tcp_services to $vpn_net
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Internet services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+internet_udp_services = "{ https, 500, openvpn, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1701, 4500, 5060, 5190, 5297, 5298, 5678, 16384 }"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+internet_tcp_services = "{ 995, 1640, 1723, 2195, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 2196, 4190, 5218, 5223, 5190, 5220, 5222, 5298, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 8008, 8443, 8800, 8843, 9001, 9030 }"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass in proto udp from any to $int_if port $internet_udp_services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass in proto tcp from any to $int_if port $internet_tcp_services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass out inet proto udp from $int_if to any port $internet_udp_services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass out inet proto tcp from $int_if to any port $internet_tcp_services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#apns_services = "{ 2195, 2196 }"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#pass in proto tcp from any port $apns_services to <lan_inet>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#pass out inet proto tcp to any port $apns_services from <lan_inet>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ssh really restrictive
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass in inet proto tcp from any to $int_if port ssh \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ keep state (max-src-conn 5, max-src-conn-rate 5/2, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ overload <bruteforce> flush global)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass out inet proto tcp from $int_if port ssh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# web, mail more restrictive
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass in inet proto tcp from any to $int_if \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port { smtp, https, imap, submission, imaps } \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ keep state (max-src-nodes 50, max-src-conn 200, max-src-conn-rate 100/10, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ overload <bruteforce> flush global)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pass out inet proto tcp from $int_if to any \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port { smtp, imap4-ssl, imap, submission, imaps }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# I2P
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#i2p_port = "65530"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#pass in inet proto { udp, tcp } from any to $int_if port $i2p_port
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#pass out inet proto { udp, tcp } from $int_if port $i2p_port to any
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/pf_attacks.sh b/net/macos-fortress/files/pf_attacks.sh
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..b67da27
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/pf_attacks.sh
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,19 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#!/bin/bash
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Count attacks on the PF firewall
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+num=0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+res=$(sudo pfctl -t bruteforce -Ts 2>&1 | sed -e 1,2d | wc -l)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+num=$((num + res))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+res=$(sudo pfctl -a blockips -t compromised_ips -Ts -v 2>&1 | sed -e 1,2d | egrep -e 'Packets: [^0]' | wc -l)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+num=$((num + res))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+res=$(sudo pfctl -a blockips -t dshield_block_ip -Ts -v 2>&1 | sed -e 1,2d | egrep -e 'Packets: [^0]' | wc -l)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+num=$((num + res))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+res=$(sudo pfctl -a blockips -t emerging_threats -Ts -v 2>&1 | sed -e 1,2d | egrep -e 'Packets: [^0]' | wc -l)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+num=$((num + res))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+echo $num
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/privoxy-config.patch b/net/macos-fortress/files/privoxy-config.patch
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..da47ab5
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/privoxy-config.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,114 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./config 2019-10-22 22:49:35.000000000 -0400
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./config 2019-10-22 22:54:09.000000000 -0400
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -193,6 +193,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # shown.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #admin-address privoxy-admin@example.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++admin-address root@@PROXY_HOSTNAME@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 1.4. proxy-info-url
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ====================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -386,6 +387,8 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ actionsfile default.action # Main actions file
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ actionsfile user.action # User customizations
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++actionsfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.system.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++actionsfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 2.6. filterfile
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -431,6 +434,8 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ filterfile default.filter
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ filterfile user.filter # User customizations
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++filterfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.system.filter
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++filterfile @PREFIX@/etc/adblock2privoxy/privoxy/ab2p.filter
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 2.7. logfile
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # =============
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -675,7 +680,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Note that Privoxy does not validate the specified hostname
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # value.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#hostname hostname.example.org
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++hostname @PROXY_HOSTNAME@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 4. ACCESS CONTROL AND SECURITY
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ===============================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -780,7 +785,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # listen-address [::1]:8118
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-listen-address 127.0.0.1:8118
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++listen-address @PROXY_SERVER@:8118
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 4.2. toggle
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ============
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1257,6 +1262,13 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> .
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++forward / .
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++forward :443 .
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# I2P
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#forward .i2p @PROXY_HOSTNAME@:4443
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 5.2. forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # =========================================================================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1592,7 +1604,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # keep-alive-timeout 300
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-keep-alive-timeout 5
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++keep-alive-timeout 300
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 6.5. tolerate-pipelining
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # =========================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1635,7 +1647,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # tolerate-pipelining 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-tolerate-pipelining 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#tolerate-pipelining 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 6.6. default-server-timeout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ============================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1686,7 +1698,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # default-server-timeout 60
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#default-server-timeout 60
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++default-server-timeout 60
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 6.7. connection-sharing
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ========================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1756,7 +1768,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # connection-sharing 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#connection-sharing 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++connection-sharing 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 6.8. socket-timeout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ====================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1788,7 +1800,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # socket-timeout 300
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-socket-timeout 300
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++socket-timeout 60
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 6.9. max-client-connections
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ============================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1850,7 +1862,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # max-client-connections 256
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#max-client-connections 256
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++max-client-connections 256
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 6.10. handle-as-empty-doc-returns-ok
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # =====================================
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/privoxy-match-all.action.patch b/net/macos-fortress/files/privoxy-match-all.action.patch
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..6b69538
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/privoxy-match-all.action.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,40 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./match-all.action 2019-10-22 23:03:04.000000000 -0400
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./match-all.action 2019-10-22 23:06:32.000000000 -0400
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -6,12 +6,34 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # users should only edit this file through the actions file editor.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #############################################################################
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# original:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#{ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#+change-x-forwarded-for{block} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#+client-header-tagger{css-requests} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#+client-header-tagger{image-requests} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#+hide-from-header{block} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#+set-image-blocker{pattern} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#/ # Match all URLs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ { \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ +change-x-forwarded-for{block} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-+client-header-tagger{css-requests} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-+client-header-tagger{image-requests} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-+client-header-tagger{range-requests} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++deanimate-gifs{last} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++filter{refresh-tags} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++filter{img-reorder} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++filter{banners-by-size} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++filter{webbugs} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++filter{jumping-windows} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++filter{ie-exploits} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ +hide-from-header{block} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++hide-referrer{conditional-block} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++session-cookies-only \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ +set-image-blocker{pattern} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ / # Match all URLs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# User-Agent
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++{ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++hide-referrer{conditional-forge} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Safari/605.1.15} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++/ # Match all URLs
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/squid-squid.conf.patch b/net/macos-fortress/files/squid-squid.conf.patch
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..8257fe6
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/squid-squid.conf.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,363 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./squid.conf 2019-10-22 22:36:27.000000000 -0400
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./squid.conf 2019-10-22 23:08:00.000000000 -0400
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1294,12 +1294,9 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Example rule allowing access from your local networks.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Adapt to list your (internal) IP networks from where browsing
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # should be allowed
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ acl localnet src fc00::/7 # RFC 4193 local private network range
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1563,8 +1560,8 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## Allow ICP queries from local networks only
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-##icp_access allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-##icp_access deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++icp_access allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++icp_access deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Deny, unless rules exist in squid.conf.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -2015,10 +2012,10 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Squid normally listens to port 3128
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-http_port 3128
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++http_port @PROXY_SERVER@:3128
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: https_port
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-# Usage: [ip:]port [mode] tls-cert=certificate.pem [options]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Usage: [ip:]port cert=certificate.pem [key=key.pem] [mode] [options...]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # The socket address where Squid will listen for client requests made
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # over TLS or SSL connections. Commonly referred to as HTTPS.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -3308,6 +3305,16 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # none
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# See http://www.privoxy.org/user-manual/config.html
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Define Privoxy as parent proxy (without ICP)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++cache_peer @PROXY_SERVER@ parent 8118 0 no-digest no-query default name=privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# If privoxy is run on the LAN:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#cache_peer 10.0.1.3 parent 8118 0 no-digest no-query default name=privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# I2P
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# cache_peer @PROXY_SERVER@ parent 4443 0 no-digest no-query default name=i2p
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: cache_peer_access
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Restricts usage of cache_peer proxies.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -3441,6 +3453,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # enough to keep larger objects from hoarding cache_mem.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # maximum_object_size_in_memory 512 KB
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++maximum_object_size_in_memory 64 KB
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: memory_cache_shared on|off
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Controls whether the memory cache is shared among SMP workers.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -3523,6 +3536,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # and http://fog.hpl.external.hp.com/techreports/98/HPL-98-173.html.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # cache_replacement_policy lru
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++cache_replacement_policy heap LFUDA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: minimum_object_size (bytes)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Objects smaller than this size will NOT be saved on disk. The
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -3547,6 +3561,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # See cache_replacement_policy for a discussion of this policy.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # maximum_object_size 4 MB
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++maximum_object_size 64 MB
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: cache_dir
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Format:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -3702,6 +3717,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # No disk cache. Store cache ojects only in memory.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++cache_dir ufs @PREFIX@/var/squid/cache 256 16 256
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Uncomment and adjust the following to add a disk cache directory.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #cache_dir ufs @PREFIX@/var/squid/cache 100 16 256
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -4333,6 +4349,8 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # access_log daemon:@PREFIX@/var/squid/logs/access.log squid
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # access_log daemon:@PREFIX@/var/squid/logs/access.log squid
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++access_log daemon:@PREFIX@/var/squid/logs/access.log squid
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#access_log daemon:@PREFIX@/var/squid/logs/access.log squid_ua
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: icap_log
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ICAP log files record ICAP transaction summaries, one line per
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -4533,8 +4551,11 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # in the habit of using 'squid -k rotate' instead of 'kill -USR1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # <pid>'.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Note, from Squid-3.1 this option is only a default for cache.log,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# that log can be rotated separately by using debug_options.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # logfile_rotate 10
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++logfile_rotate 31
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: mime_table
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Path to Squid's icon configuration file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -4590,6 +4611,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Currently honored by 'daemon' and 'tcp' access_log modules only.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # buffered_logs off
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++buffered_logs on
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: netdb_filename
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Note: This option is only available if Squid is rebuilt with the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -5351,15 +5376,25 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ refresh_pattern ^ftp: 1440 20% 10080
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ refresh_pattern ^gopher: 1440 0% 1440
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-refresh_pattern . 0 20% 4320
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#refresh_pattern . 0 20% 4320
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# https://www.linux.com/news/speed-your-internet-access-using-squids-refresh-patterns
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++refresh_pattern . 0 40% 40320
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: quick_abort_min (KB)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # quick_abort_min 16 KB
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++quick_abort_min 0 KB
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: quick_abort_max (KB)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # quick_abort_max 16 KB
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++quick_abort_max 0 KB
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: quick_abort_pct (percent)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # The cache by default continues downloading aborted requests
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -5577,6 +5612,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # replies as required by RFC2616.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # via on
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++via off
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: vary_ignore_expire on|off
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Many HTTP servers supporting Vary gives such objects
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -5669,6 +5705,67 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # No limits.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# allow localnet headers
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access From allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Server allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Link allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Cache-Control allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-Cache allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-Cache-Lookup allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Via allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Forwarded-For allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-Forwarded-For allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Pragma allow localnet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# old 'http_anonymizer standard'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access From deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# allow privoxy configuration to see the referer, then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++acl privoxy-config dstdomain config.privoxy.org p.p
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Referer allow privoxy-config
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++cache deny privoxy-config
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# forge Referer in Privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Referer deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Server deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# forge User-Agent below and in Privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# header_access User-Agent deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# this breaks web authentication -- do not use
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#! header_access WWW-Authenticate deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Link deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# more privacy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-Cache deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-Cache-Lookup deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Via deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Forwarded-For deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-Forwarded-For deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access Pragma deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#! These slow down browsing a lot -- do not use
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# header_access Cache-Control deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# header_access Keep-Alive deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Mobile carrier uniquely identifying headers
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access MSISDN deny all # T-Mobile
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-MSISDN deny all # T-Mobile
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-UIDH deny all # Verizon
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access x-up-subno deny all # AT&T
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-ACR deny all # AT&T
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-UP-SUBSCRIBER-COS deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-OPWV-DDM-HTTPMISCDD deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-OPWV-DDM-IDENTITY deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-OPWV-DDM-SUBSCRIBER deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access CLIENTID deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X-VF-ACR deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X_MTI_USERNAME deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X_MTI_EMAIL deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access X_MTI_EMPID deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_access User-Agent deny all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_replace User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Safari/605.1.15
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: reply_header_access
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Usage: reply_header_access header_name allow|deny [!]aclname ...
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -6033,6 +6130,10 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # seconds will receive a 'timeout' message.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # shutdown_lifetime 30 seconds
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Make this significantly less than daemondo's kChildDeathTimeout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# to avoid multiple squid processes at boot or on network change
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# const CFTimeInterval kChildDeathTimeout = 20;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++shutdown_lifetime 5 seconds
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ADMINISTRATIVE PARAMETERS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -----------------------------------------------------------------------------
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -6101,6 +6202,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # names with this setting.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Automatically detect the system host name
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++visible_hostname localhost
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: unique_hostname
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # If you want to have multiple machines with the same
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -6829,6 +6931,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # up or to simplify log analysis.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # log_icp_queries on
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++log_icp_queries off
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: udp_incoming_address
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # udp_incoming_address is used for UDP packets received from other
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -7326,6 +7429,24 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Prevent any cache_peer being used for this request.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Do not send AWS requests through Privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++acl aws-domains dstdomain \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ .aws.amazon.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ .cloudfront.net
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++always_direct allow aws-domains
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# See http://www.privoxy.org/user-manual/config.html
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Define ACL for protocol FTP
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++acl ftp proto FTP
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++always_direct allow ftp
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Direct to specified domain names
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#acl mydomainname dstdomain .mydomainname.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#always_direct allow mydomainname
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Do not forward SSL requests to Privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#always_direct allow SSL_ports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: never_direct
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Usage: never_direct allow|deny [!]aclname ...
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -7355,6 +7476,10 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Allow DNS results to be used for this request.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# See http://www.privoxy.org/user-manual/config.html
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Forward all the rest to Privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++never_direct allow all
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ADVANCED NETWORKING OPTIONS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -----------------------------------------------------------------------------
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8195,6 +8320,12 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Use operating system definitions
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Google DNS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++dns_nameservers 8.8.8.8 4.4.4.4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Use LAN IP with possible backup if you're running DNS yourself
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#dns_nameservers 10.0.1.3
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: hosts_file
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Location of the host-local IP name-address associations
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # database. Most Operating Systems have such a file on different
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8220,6 +8351,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # definitions.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # hosts_file /etc/hosts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++hosts_file @PREFIX@/etc/@NAME@/hosts-hphosts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: append_domain
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Appends local domain name to hostnames without any dots in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8262,6 +8394,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Maximum number of DNS IP cache entries.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ipcache_size 1024
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ipcache_size 16384
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: ipcache_low (percent)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8276,6 +8409,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Maximum number of FQDN cache entries.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # fqdncache_size 1024
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++fqdncache_size 1048576
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # MISCELLANEOUS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -----------------------------------------------------------------------------
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8296,6 +8430,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # routines, disable this.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # memory_pools on
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++memory_pools off
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: memory_pools_limit (bytes)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Used only with memory_pools on:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8342,6 +8477,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # X-Forwarded-For entries, and place the client IP as the sole entry.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # forwarded_for on
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++forwarded_for off
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: cachemgr_passwd
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Specify passwords for cachemgr operations.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8409,6 +8545,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # turn off client_db here.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # client_db on
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++client_db off
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: refresh_all_ims on|off
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # When you enable this option, squid will always check
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8539,6 +8676,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # WARNING: pipelining breaks NTLM and Negotiate/Kerberos authentication.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Do not pre-parse pipelined requests.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++pipeline_prefetch 3
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: high_response_time_warning (msec)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # If the one-minute median response time exceeds this value,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8596,6 +8734,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Whether to lookup the EUI or MAC address of a connected client.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #Default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # eui_lookup on
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++eui_lookup off
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: max_filedescriptors
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Reduce the maximum number of filedescriptors supported below
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/whitelist.txt b/net/macos-fortress/files/whitelist.txt
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..2f3239c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/whitelist.txt
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,38 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# whitelisted hosts (FQDN and DN) will be deleted frpm hphost's host.zip
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+s3.amazonaws.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+www.s3.amazonaws.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+broker.adobe.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sstats.adobe.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+stats.adobe.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+j.mp
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+securemetrics.apple.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+autolinkmaker.itunes.apple.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+rover.ebay.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+yelp.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+www.yelp.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+inc.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+www.inc.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+gdlp01.c-wss.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+h.online-metrix.net
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+drugstore.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+www.drugstore.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+evite.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+www.evite.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+thedailybeast.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+www.thedailybeast.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+alibaba.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+www.alibaba.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# iphonehacks.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# www.iphonehacks.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# www.kqzyfj.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+funnyordie.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+www.funnyordie.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+intensedebate.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+www.intensedebate.com
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Blocking this domain breaks CNN app live streaming
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# To diagnose:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# tcpdump -e -ttt -i en0 -w my-iPad-cnn-3128.pcap src my-iPad or dst my-iPad
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# grep -a 'URL: <a' < my-iPad-cnn-3128.pcap | perl -lne 's/^.*URL: <a href="https?:\/\/([-\w.]+)\/?.*?">.*$/\1/; print;' | uniq
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+bea4.v.fwmrm.net
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/perl/p5-data-validate-domain/Portfile b/perl/p5-data-validate-domain/Portfile
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..f49c590
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/perl/p5-data-validate-domain/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,26 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PortSystem 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PortGroup perl5 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+perl5.branches 5.28 5.30
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+perl5.setup Data-Validate-Domain 0.14
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+platforms darwin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+maintainers nomaintainer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+license {Artistic-1 GPL}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+description Domain and host name validation
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+long_description ${description}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums rmd160 c08f624399d0dcb64db80a0c6159486299732e1f \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 4470f253b8d2720a4dd3fa3ae550995417c2269f3be7ff030e01afa04a3a9421 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 31962
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if {${perl5.major} != ""} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_run-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:p${perl5.major}-net-domain-tld
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span></pre><pre style='margin:0'>
</pre>