Date: Sat, 04 Jul 2015 05:52:24 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 201323] security/sshguard convert to OPTIONS & add new null backend Message-ID: <bug-201323-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201323 Bug ID: 201323 Summary: security/sshguard convert to OPTIONS & add new null backend Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: feld@FreeBSD.org Reporter: agh@fastmail.fm Flags: maintainer-feedback?(feld@FreeBSD.org) Assignee: feld@FreeBSD.org Created attachment 158319 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=158319&action=edit Convert all sshguard ports into one port & make use the OPTIONS framework Hi, Patch that converts the sshguard(8) port to use the OPTIONS framework which eliminates the slave ports. Patch also includes support for the NULL backend. The NULL back does not call any firewall command at all, it can however, be used to call a custom script or binary. Users can specify a custom script or binary by: # sysrc sshguard_flags="-e /usr/local/sbin/sshguard-null" Attached is the patch to convert all sshguard ports into one port. Following is sample custom script to call ipfw(4) making use of the table name sshguard instead of a table number: $ cat /usr/local/sbin/sshguard-null #!/bin/sh # Sourced from: # https://sourceforge.net/p/sshguard/mailman/message/34151601/ fwcmd="/sbin/ipfw" table_id="sshguard" print_debug="0" fwcmd_debug() { if [ ${print_debug} -gt 0 ]; then /usr/bin/logger -i -p local0.notice -t sshguard-null ${@} fi } fwcmd_debug "${0}: Incoming sshguard(8) action" case ${SSHG_ACTION} in init) fwcmd_debug "${SSHG_ACTION}" ;; fin) fwcmd_debug "${fwcmd} table ${table_id} flush" ${fwcmd} table ${table_id} flush ;; block) fwcmd_debug "${fwcmd} table ${table_id} add ${SSHG_ADDR}" ${fwcmd} table ${table_id} add ${SSHG_ADDR} ;; block_list) for a in `echo ${SSHG_ADDR} | sed 's/,/ /g'` ; do fwcmd_debug "${fwcmd} table ${table_id} add ${a}" ${fwcmd} table ${table_id} add ${a} done ;; release) fwcmd_debug "${fwcmd} table ${table_id} delete ${SSHG_ADDR}" ${fwcmd} table ${table_id} delete ${SSHG_ADDR} ;; flush) fwcmd_debug "${fwcmd} table ${table_id} flush" ${fwcmd} table ${table_id} flush ;; *) fwcmd_debug "${SSHG_ACTION} unsupported" ;; esac exit 0 -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-201323-13>