You've already forked macports-ports
mirror of
https://github.com/macports/macports-ports.git
synced 2026-07-12 18:20:25 -07:00
macos-fortress: Update to version 2025.09.21
* Use default Python version * Use port:squid * Update to maintained hosts files in subport `macos-fortress-hosts` * Update pf rules
This commit is contained in:
committed by
Renee Otten
parent
0fd2beb0b7
commit
a4df9af0ab
+69
-23
@@ -4,7 +4,7 @@ PortSystem 1.0
|
||||
PortGroup active_variants 1.1
|
||||
|
||||
name macos-fortress
|
||||
version 2024.01.11
|
||||
version 2025.09.21
|
||||
revision 0
|
||||
|
||||
categories net security
|
||||
@@ -25,7 +25,7 @@ build {}
|
||||
|
||||
# Use ${python.default_version}
|
||||
# name consistency with ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/_resources/port1.0/group/python-1.0.tcl
|
||||
set python_default_version 39
|
||||
set python_default_version 313
|
||||
set python_version ${python_default_version}
|
||||
set python_branch [string index ${python_version} 0].[string range ${python_version} 1 end]
|
||||
|
||||
@@ -741,14 +741,12 @@ subport ${name}-proxy-squid {
|
||||
|
||||
conflicts ${name}-proxy
|
||||
|
||||
set squid_major_version 5
|
||||
|
||||
depends_lib-append \
|
||||
port:${name}-easylistpac \
|
||||
port:${name}-hosts \
|
||||
port:adblock2privoxy \
|
||||
port:privoxy \
|
||||
port:squid${squid_major_version}
|
||||
port:squid
|
||||
|
||||
# squid patch file creation
|
||||
## export prefix=${prefix}
|
||||
@@ -791,13 +789,13 @@ subport ${name}-proxy-squid {
|
||||
startupitems \
|
||||
name ${subport} \
|
||||
start [list \
|
||||
"\${prefix}/bin/port -p load ${name}-hosts squid${squid_major_version} privoxy adblock2privoxy ${name}-easylistpac" \
|
||||
"\${prefix}/bin/port -p load ${name}-hosts squid privoxy adblock2privoxy ${name}-easylistpac" \
|
||||
] \
|
||||
stop [list \
|
||||
"\${prefix}/bin/port -p unload ${name}-hosts squid${squid_major_version} privoxy adblock2privoxy ${name}-easylistpac" \
|
||||
"\${prefix}/bin/port -p unload ${name}-hosts squid privoxy adblock2privoxy ${name}-easylistpac" \
|
||||
] \
|
||||
restart [list \
|
||||
"\${prefix}/bin/port -p reload ${name}-hosts squid${squid_major_version} privoxy adblock2privoxy ${name}-easylistpac" \
|
||||
"\${prefix}/bin/port -p reload ${name}-hosts squid privoxy adblock2privoxy ${name}-easylistpac" \
|
||||
] \
|
||||
pidfile none \
|
||||
name ${subport}.squid-rotate \
|
||||
@@ -903,12 +901,8 @@ subport ${name}-easylistpac {
|
||||
efficient network-level blocks in a proxy.pac file \
|
||||
for automatic proxy network configurations and \
|
||||
Privoxy proxy servers. Easily incorporates \
|
||||
multiple blocking rulesets into both PAC and \
|
||||
Privoxy formats, including easyprivacy.txt, \
|
||||
easylist.txt, fanboy-annoyance.txt, \
|
||||
fanboy-social.txt, antiadblockfilters.txt, \
|
||||
malwaredomains_full.txt, and the anti-spamware \
|
||||
list adblock-list.txt.
|
||||
multiple blocking rulesets into both Privoxy \
|
||||
and PAC formats, including many default lists.
|
||||
|
||||
homepage https://github.com/essandess/easylist-pac-privoxy
|
||||
|
||||
@@ -1029,12 +1023,15 @@ subport ${name}-hosts {
|
||||
port:p${perl5.major}-data-validate-domain \
|
||||
port:wget
|
||||
|
||||
set hosts_maintained_subdir hosts-maintained
|
||||
|
||||
destroot {
|
||||
xinstall -d \
|
||||
${destroot}${prefix}/etc/${name} \
|
||||
${destroot}${prefix}/var/log
|
||||
destroot.keepdirs \
|
||||
${destroot}${prefix}/etc/${name} \
|
||||
${destroot}${prefix}/etc/${name}/${hosts_maintained_subdir} \
|
||||
${destroot}${prefix}/var/log
|
||||
# N.b. do *not* use filename "hosts.orig" because mprsyncup uses
|
||||
# `rsync -aIC`. The -C flag causes .orig files to be excluded
|
||||
@@ -1043,6 +1040,7 @@ subport ${name}-hosts {
|
||||
${filespath}/${f} \
|
||||
${destroot}${prefix}/etc/${name}/${f}.macports
|
||||
}
|
||||
xinstall -d ${destroot}${prefix}/etc/${name}/${hosts_maintained_subdir}
|
||||
xinstall -d ${destroot}${prefix}/etc/${name}/hphosts
|
||||
xinstall -m 0644 \
|
||||
${filespath}/hphosts-hosts_20180316.txt.bz2 \
|
||||
@@ -1079,31 +1077,78 @@ function hosts_block_wget_and_add () {
|
||||
\t\t\t> \${prefix}/etc/${name}/whitelist.txt )
|
||||
\t# empty hosts-block.txt
|
||||
\t> \"/tmp/${subport}/hosts-block.txt\"
|
||||
\t# get lists
|
||||
\t# https://github.com/fabston/little-snitch-blocklist/blob/main/SOURCES.md
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://raw.githubusercontent.com/StevenBlack/hosts/master/hosts \\
|
||||
\t\tStevenBlack \\
|
||||
\t\t${hosts_maintained_subdir}/StevenBlack \\
|
||||
\t\tcat \\
|
||||
\t\t'^0\\.0\\.0\\.0\\s+(.+)$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://mirror1.malwaredomains.com/files/justdomains \\
|
||||
\t\tmalwaredomains \\
|
||||
\t\tcat \\
|
||||
\t\t'^\\s*(\[^#\\s\].*)\$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://sysctl.org/cameleon/hosts \\
|
||||
\t\tcameleon \\
|
||||
\t\t${hosts_maintained_subdir}/cameleon \\
|
||||
\t\tcat \\
|
||||
\t\t'^127\\.0\\.0\\.1\\s+(.+)\$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt \\
|
||||
\t\tdisconnect \\
|
||||
\t\t${hosts_maintained_subdir}/disconnect \\
|
||||
\t\tcat \\
|
||||
\t\t'^\\s*(\[^#\\s\].*)\$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt \\
|
||||
\t\tdisconnect \\
|
||||
\t\t${hosts_maintained_subdir}/disconnect \\
|
||||
\t\tcat \\
|
||||
\t\t'^\\s*(\[^#\\s\].*)\$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://adaway.org/hosts.txt \\
|
||||
\t\t${hosts_maintained_subdir}/adaway \\
|
||||
\t\tcat \\
|
||||
\t\t'^127\\.0\\.0\\.1\\s+(.+)\$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt \\
|
||||
\t\t${hosts_maintained_subdir}/notracking \\
|
||||
\t\tcat \\
|
||||
\t\t'^0\\.0\\.0\\.0\\s+(.+)$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&mimetype=plaintext \\
|
||||
\t\t${hosts_maintained_subdir}/yoyo \\
|
||||
\t\tcat \\
|
||||
\t\t'^\\s*(\[^#\\s\].*)\$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://phishing.army/download/phishing_army_blocklist.txt \\
|
||||
\t\t${hosts_maintained_subdir}/phishing_army \\
|
||||
\t\tcat \\
|
||||
\t\t'^\\s*(\[^#\\s\].*)\$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://someonewhocares.org/hosts/hosts \\
|
||||
\t\t${hosts_maintained_subdir}/someonewhocares \\
|
||||
\t\tcat \\
|
||||
\t\t'^127\\.0\\.0\\.1\\s+(.+)\$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt \\
|
||||
\t\t${hosts_maintained_subdir}/Spam404 \\
|
||||
\t\tcat \\
|
||||
\t\t'^\\s*(\[^#\\s\].*)\$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://gitlab.com/quidsup/notrack-blocklists/-/raw/master/notrack-malware.txt?inline=false \\
|
||||
\t\t${hosts_maintained_subdir}/quidsup \\
|
||||
\t\tcat \\
|
||||
\t\t'^\\s*(\[^#\\s\].*)\$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://gitlab.com/quidsup/notrack-blocklists/-/raw/master/notrack-blocklist.txt?inline=false \\
|
||||
\t\t${hosts_maintained_subdir}/quidsup \\
|
||||
\t\tcat \\
|
||||
\t\t'^\\s*(\[^#\\s\].*)\$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://badmojr.github.io/1Hosts/Pro/hosts.txt \\
|
||||
\t\t${hosts_maintained_subdir}/badmojr \\
|
||||
\t\tcat \\
|
||||
\t\t'^0\\.0\\.0\\.0\\s+(.+)$'
|
||||
\thosts_block_wget_and_add \\
|
||||
\t\thttps://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt \\
|
||||
\t\t${hosts_maintained_subdir}/anudeepND \\
|
||||
\t\tcat \\
|
||||
\t\t'^0\\.0\\.0\\.0\\s+(.+)$'
|
||||
\thosts_block_add \\
|
||||
\t\t'http://hosts-file.net/download/hosts.zip \[no longer maintained\]' \\
|
||||
\t\thphosts/hphosts-hosts_20180316.txt.bz2 \\
|
||||
@@ -1119,6 +1164,7 @@ function hosts_block_wget_and_add () {
|
||||
\t\thphosts/hphosts-ad_servers_20170602.txt.bz2 \\
|
||||
\t\tbzcat \\
|
||||
\t\t'^127\\.0\\.0\\.1\\s+(.+)\$'
|
||||
\t# process lists
|
||||
\tegrep -v -e '^(127\\.0\\.0\\.1|::1)\\s+localhost\$' \"/tmp/${subport}/hosts-block.txt\" \\
|
||||
\t\t> \"/tmp/${subport}/hosts-block-\$\$.txt\" \\
|
||||
\t\t&& mv \"/tmp/${subport}/hosts-block-\$\$.txt\" \"/tmp/${subport}/hosts-block.txt\"
|
||||
|
||||
@@ -7,20 +7,14 @@
|
||||
# http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
|
||||
table <emerging_threats> persist file "@PREFIX@/etc/@NAME@/emerging-Block-IPs.txt"
|
||||
block drop log quick from <emerging_threats> to any
|
||||
block drop log quick from any to <emerging_threats>
|
||||
|
||||
# http://rules.emergingthreats.net/blockrules/compromised-ips.txt
|
||||
table <compromised_ips> persist file "@PREFIX@/etc/@NAME@/compromised-ips.txt"
|
||||
block drop log quick from <compromised_ips> to any
|
||||
|
||||
# THIS RULESET HAS BEEN OBSOLETED!!
|
||||
# http://rules.emergingthreats.net/blockrules/rbn-ips.txt
|
||||
#table <rbn_ips> persist file "@PREFIX@/etc/@NAME@/rbn-ips.txt"
|
||||
#block drop log quick from <rbn_ips> to any
|
||||
|
||||
# http://rules.emergingthreats.net/blockrules/rbn-malvertisers-ips.txt
|
||||
#table <rbn_malvertisers_ips> persist file "@PREFIX@/etc/@NAME@/rbn-malvertisers-ips.txt"
|
||||
#block drop log quick from <rbn_malvertisers_ips> to any
|
||||
block drop log quick from any to <compromised_ips>
|
||||
|
||||
# dshield.org block list
|
||||
table <dshield_block_ip> persist file "@PREFIX@/etc/@NAME@/dshield_block_ip.txt"
|
||||
block drop log quick from <dshield_block_ip> to any
|
||||
block drop log quick from any to <dshield_block_ip>
|
||||
|
||||
@@ -60,16 +60,14 @@ scrub-anchor "com.apple/*"
|
||||
# The Book of PF, p. 21
|
||||
# Allow VPN connections to the VPN host:
|
||||
# http://serverfault.com/questions/555594/troubleshoot-broken-tcp-from-openvpn-client-to-server-but-ping-traceroute-work
|
||||
# $ sudo vi /etc/sysctl.conf
|
||||
# net.inet.ip.forwarding=1
|
||||
# # net.inet6.ip6.forwarding=1
|
||||
#tun_if = "utun0"
|
||||
#no nat on ! $tun_if from $vpn_net to ($int_if)
|
||||
#nat on ! $tun_if from $vpn_net to ! ($int_if) -> ($int_if)
|
||||
# Use a list in case Tunnelblick creates multiples utun interaces
|
||||
#tun_if = "{ utun0, utun1, utun2, utun3, utun4, utun5, utun6, utun7, utun8, utun9 }"
|
||||
#vpn# not_tun_if = "{ !utun0, !utun1, !utun2, !utun3, !utun4, !utun5, !utun6, !utun7, !utun8, !utun9 }"
|
||||
#vpn# no nat on $not_tun_if from $vpn_net to ($int_if)
|
||||
#vpn# nat on $not_tun_if from $vpn_net to ! ($int_if) -> ($int_if)
|
||||
#vpn# no nat on ! $tun_if inet from $vpn_net to ($int_if)
|
||||
#vpn# nat on ! $tun_if inet from $vpn_net to ! ($int_if) -> ($int_if)
|
||||
# This rule must be included below BEFORE these packets are passed by other rules:
|
||||
# pass in quick on $tun_if reply-to $tun_if from $vpn_net to $int_if
|
||||
# pass in quick on $tun_if reply-to $tun_if inet from $vpn_net to $int_if
|
||||
|
||||
nat-anchor "com.apple/*"
|
||||
rdr-anchor "com.apple/*"
|
||||
@@ -88,8 +86,8 @@ load anchor "com.apple" from "/etc/pf.anchors/com.apple"
|
||||
block all
|
||||
|
||||
# Debugging:
|
||||
#pass quick log (all, to pflog0) all
|
||||
#block log (all, to pflog0) all
|
||||
# pass quick log (all, to pflog0) all
|
||||
# block log (all, to pflog0) all
|
||||
|
||||
# debugging rules
|
||||
# $ sudo ifconfig pflog0 create
|
||||
@@ -97,20 +95,10 @@ block all
|
||||
# $ sudo ifconfig pflog0 destroy
|
||||
# block log (all, to pflog0) all
|
||||
|
||||
# Allow VPN connections to the VPN host:
|
||||
# Allow VPN connections to the VPN host and clients:
|
||||
# http://serverfault.com/questions/555594/troubleshoot-broken-tcp-from-openvpn-client-to-server-but-ping-traceroute-work
|
||||
# pass in quick on $tun_if reply-to $tun_if from $vpn_net to $int_if
|
||||
# Rule for a lot of utun interfaces in case Tunnelblick creates extras
|
||||
#vpn# pass in quick on utun0 reply-to utun0 from $vpn_net to $int_if
|
||||
#vpn# pass in quick on utun1 reply-to utun1 from $vpn_net to $int_if
|
||||
#vpn# pass in quick on utun2 reply-to utun2 from $vpn_net to $int_if
|
||||
#vpn# pass in quick on utun3 reply-to utun3 from $vpn_net to $int_if
|
||||
#vpn# pass in quick on utun4 reply-to utun4 from $vpn_net to $int_if
|
||||
#vpn# pass in quick on utun5 reply-to utun5 from $vpn_net to $int_if
|
||||
#vpn# pass in quick on utun6 reply-to utun6 from $vpn_net to $int_if
|
||||
#vpn# pass in quick on utun7 reply-to utun7 from $vpn_net to $int_if
|
||||
#vpn# pass in quick on utun8 reply-to utun8 from $vpn_net to $int_if
|
||||
#vpn# pass in quick on utun9 reply-to utun9 from $vpn_net to $int_if
|
||||
#vpn# pass in quick on $tun_if reply-to $tun_if inet from $vpn_net to $int_if
|
||||
#vpn# pass quick on $tun_if inet from $int_if:network to $vpn_net
|
||||
|
||||
# Local net
|
||||
table <lan_inet> const { 10/8, 172.16/12, 192.168/16 }
|
||||
@@ -141,13 +129,13 @@ block drop log quick from <bruteforce>
|
||||
|
||||
# Allow application-specific traffic over these interfaces
|
||||
# multicast DNS
|
||||
pass on $int_if proto { udp, tcp } to { 224.0.0.2, 224.0.0.18, 224.0.0.251 } port mdns
|
||||
pass on $int_if proto { tcp, udp } to { 224.0.0.2, 224.0.0.18, 224.0.0.251 } port mdns
|
||||
pass on $int_if proto igmp to { 224.0.0.1, 224.0.0.22, 224.0.0.251 }
|
||||
|
||||
# quick pass of Tor relay ports to avoid blocks below
|
||||
#tor_relay = "{ 9001, 9030 }"
|
||||
#pass in quick proto tcp from any to $int_if port $tor_relay
|
||||
#pass out quick proto tcp from $int_if port $tor_relay to any
|
||||
#pass in proto tcp from any to $int_if port $tor_relay
|
||||
#pass out proto tcp from $int_if port $tor_relay to any
|
||||
|
||||
# Open Source IP blocks
|
||||
# Refresh with pfctl -a blockips -T load -f @PREFIX@/etc/@NAME@/blockips.conf
|
||||
@@ -156,8 +144,8 @@ load anchor 'blockips' from '@PREFIX@/etc/@NAME@/blockips.conf'
|
||||
|
||||
# ICMP
|
||||
icmp_types = "echoreq"
|
||||
pass inet proto icmp from $int_if:network to any icmp-type $icmp_types
|
||||
pass inet proto icmp from any to $int_if icmp-type $icmp_types
|
||||
pass out inet proto icmp from $int_if:network to any icmp-type $icmp_types
|
||||
pass in inet proto icmp from any to $int_if icmp-type $icmp_types
|
||||
|
||||
# allow out the default range for traceroute(8):
|
||||
# "base+nhops*nqueries-1" (33434+64*3-1)
|
||||
@@ -168,38 +156,31 @@ pass in quick inet proto udp from port bootps to port bootpc
|
||||
pass out quick inet proto udp from port bootpc to port bootps
|
||||
|
||||
# LAN services: block access, except from localnet
|
||||
lan_udp_services = "{ domain, net-assistant, 5001, 5900, postgresql }"
|
||||
lan_tcp_services = "{ domain, auth, nntp, www, \
|
||||
311, 3128, net-assistant, 5001, 5900, privoxy, postgresql, \
|
||||
311, net-assistant, 5001, 5900, privoxy, postgresql, \
|
||||
8123, 8180, 8181, 9150, 9151 }"
|
||||
lan_udp_services = "{ domain, net-assistant, 5001, 5900, postgresql }"
|
||||
block in proto tcp from any to $int_if port $lan_tcp_services
|
||||
block in proto udp from any to $int_if port $lan_udp_services
|
||||
|
||||
pass in inet proto udp from $int_if:network to $int_if port $lan_udp_services
|
||||
pass in inet proto tcp from $int_if:network to $int_if port $lan_tcp_services
|
||||
pass out proto udp from $int_if port $lan_udp_services to $int_if:network
|
||||
pass in inet proto udp from $int_if:network to $int_if port $lan_udp_services
|
||||
pass out proto tcp from $int_if port $lan_tcp_services to $int_if:network
|
||||
pass out proto udp from $int_if port $lan_udp_services to $int_if:network
|
||||
|
||||
# Add vpn_net if running OpenVPN
|
||||
#vpn# pass in inet proto udp from $vpn_net to $int_if port $lan_udp_services
|
||||
#vpn# pass in inet proto tcp from $vpn_net to $int_if port $lan_tcp_services
|
||||
#vpn# pass out proto udp from $int_if port $lan_udp_services to $vpn_net
|
||||
#vpn# pass in inet proto udp from $vpn_net to $int_if port $lan_udp_services
|
||||
#vpn# pass out proto tcp from $int_if port $lan_tcp_services to $vpn_net
|
||||
#vpn# pass out proto udp from $int_if port $lan_udp_services to $vpn_net
|
||||
|
||||
# Internet services
|
||||
internet_udp_services = "{ https, 500, openvpn, \
|
||||
1701, 4500, 5060, 5190, 5297, 5298, 5678, 16384 }"
|
||||
internet_tcp_services = "{ 995, 1640, 1723, 2195, \
|
||||
2196, 4190, 5218, 5223, 5190, 5220, 5222, 5298, \
|
||||
8008, 8443, 8800, 8843, 9001, 9030 }"
|
||||
pass in proto udp from any to $int_if port $internet_udp_services
|
||||
pass in proto tcp from any to $int_if port $internet_tcp_services
|
||||
pass out inet proto udp from $int_if to any port $internet_udp_services
|
||||
pass out inet proto tcp from $int_if to any port $internet_tcp_services
|
||||
|
||||
#apns_services = "{ 2195, 2196 }"
|
||||
#pass in proto tcp from any port $apns_services to <lan_inet>
|
||||
#pass out inet proto tcp to any port $apns_services from <lan_inet>
|
||||
# internet_tcp_services = "{ 9030, 49160:49163 }"
|
||||
#vpn# internet_udp_services = "{ https }"
|
||||
# pass in inet proto tcp from any to $int_if port $internet_tcp_services
|
||||
# pass in inet proto udp from any to $int_if port $internet_udp_services
|
||||
# pass out inet proto tcp from $int_if to any port $internet_tcp_services
|
||||
# pass out inet proto udp from $int_if to any port $internet_udp_services
|
||||
|
||||
# ssh really restrictive
|
||||
pass in inet proto tcp from any to $int_if port ssh \
|
||||
@@ -207,15 +188,17 @@ pass in inet proto tcp from any to $int_if port ssh \
|
||||
overload <bruteforce> flush global)
|
||||
pass out inet proto tcp from $int_if port ssh
|
||||
|
||||
# web, mail more restrictive
|
||||
# web, mail, calendarservice more restrictive
|
||||
webmailcalcard_tcp_services = "{ smtp, www, imap, https, submission, imaps, \
|
||||
cert-responder, sieve, 8008, 8443, 8800, 8843 }"
|
||||
pass in inet proto tcp from any to $int_if \
|
||||
port { smtp, https, imap, submission, imaps } \
|
||||
port $webmailcalcard_tcp_services \
|
||||
keep state (max-src-nodes 50, max-src-conn 200, max-src-conn-rate 100/10, \
|
||||
overload <bruteforce> flush global)
|
||||
pass out inet proto tcp from $int_if to any \
|
||||
port { smtp, imap4-ssl, imap, submission, imaps }
|
||||
pass out inet proto tcp from $int_if to any \
|
||||
port $webmailcalcard_tcp_services
|
||||
|
||||
# I2P
|
||||
#i2p_port = "65530"
|
||||
#pass in inet proto { udp, tcp } from any to $int_if port $i2p_port
|
||||
#pass out inet proto { udp, tcp } from $int_if port $i2p_port to any
|
||||
#pass in inet proto { tcp, udp } from any to $int_if port $i2p_port
|
||||
#pass out inet proto { tcp, udp } from $int_if port $i2p_port to any
|
||||
|
||||
Reference in New Issue
Block a user