3 changed files with 22 additions and 70 deletions
--- a/README.md
+++ b/README.md
@ -7,35 +7,9 @@ To deploy:

 * modify the configuration variables in the scripts
 * copy the scripts to `/usr/local/bin`
-* create the user
-
-        useradd -s /sbin/nologin _forumspam
-
-* if using `pf`:
-    * create appropriate permissions for the file:
-
-        install -m 640 -o _forumspam -g wheel /dev/null /etc/pf-forumspam.txt
-
-    * add the following to `/etc/pf.conf`, preferably high up in the ruleset:
-
-        table <forumspam> persist file "/etc/pf-forumspam.txt"
-        block in quick on egress from <forumspam>
-        block out quick on egress to <forumspam>
-
-* set up sudo or doas:
-    * for doas:
-        * add the following to `/etc/doas.conf`:
-
-        permit nopass _forumspam cmd pfctl args -nf /etc/pf.conf
-        permit nopass _forumspam cmd pfctl args -t forumspam -T replace -f /etc/pf-forumspam.txt
-
-    * for sudo:
-        * add to your sudo config file:
-          `Cmnd_Alias FIREWALL = /usr/sbin/ufw, /sbin/iptables`
-          and `_forumspam ALL = NOPASSWD: FIREWALL`
-
 * register `q2a_usercheck.sh` as a systemd unit or rc script

 TODO:
 * also check against [botscout](http://botscout.com/api.htm)
-* give the scripts more sensible names
+* add support for pf
+* add support for iptables
--- a/forumspam.sh
+++ b/forumspam.sh
@ -2,53 +2,31 @@

 # API reference: https://www.stopforumspam.com/usage

-# user configuration area - change as needed
-ostype="bsd" # allowed options are bsd, linux
-logf=/var/log/forumspam.log
-limit=0 # number of violations allowed before blocking the ip
-
-case "$ostype" in
-    bsd)
-        getroot="doas"
-        fw_cmd="pfctl"
-        ;;
-    linux)
-        getroot="sudo"
-        fw_cmd="ufw"
-        ;;
-esac
-
-abort() {
-    echo `date` 'error:' $* >> $logf
-	rm $repl
-    exit 1
-}
-block_ip() {
-    case "$fw_cmd" in
-        ufw)
-            if [ "$getroot" ufw deny from $ip >/dev/null 2>>$logf ]; then
-                echo `date` blocked ip $ip with freq $freq >> $logf
-            else
-                abort "failed to block ip $ip"
-            fi
-            ;;
-        pfctl)
-            "$getroot" pfctl -nf /etc/pf.conf || abort "pf config check failed"   # Ensure proposed changes are valid before reloading table
-            "$getroot" pfctl -t forumspam -T replace -f /etc/pf-forumspam.txt
-            ;;
-    esac
-}
-
-# we ignore all arguments except the first
 ip=$1
 repl=`mktemp`
+logf=/var/log/forumspam.log
+
 curl 'http://api.stopforumspam.org/api?ip='$ip 2>/dev/null > $repl

 if ! grep -q '<response success="true">' $repl; then
-	abort 'error failed to query stopforumspam api'
+	echo error failed to query stopforumspam api >> $logf
+	rm $repl
+	exit 1
+fi
+if ! grep -q '<appears>yes</appears>' $repl; then
+	rm $repl
+	exit 0
 fi
 freq=`grep '<frequency>' $repl | sed 's/<frequency>//; s!</frequency>!!'`
-if grep -q '<appears>yes</appears>' $repl && [ "$freq" -gt "$limit" ]; then
-    block_ip "$ip"
+if [ "$freq" -ge 1 ]; then
+	if ufw deny from $ip >/dev/null; then
+		echo `date` blocked ip $ip with freq $freq >> $logf
+		rm $repl
+		exit 0
+	else
+		echo error failed to add ufw rule >> $logf
+		rm $repl
+		exit 2
+	fi
 fi
 rm $repl
--- a/q2a_usercheck.sh
+++ b/q2a_usercheck.sh
@ -3,7 +3,7 @@
 logf='/var/log/nginx/access.log'
 cache='/tmp/forumspam_cache'

-test -f $cache || install -m 600 /dev/null $cache
+install -m 600 /dev/null $cache

 tail -F $logf | while read line ; do
 	case $line in (*"POST"*)