From owner-freebsd-ports-bugs@freebsd.org Sat Jul 4 05:52:25 2015 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4941995F0B for ; Sat, 4 Jul 2015 05:52:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9077622A7 for ; Sat, 4 Jul 2015 05:52:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t645qPgV084645 for ; Sat, 4 Jul 2015 05:52:25 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 201323] security/sshguard convert to OPTIONS & add new null backend Date: Sat, 04 Jul 2015 05:52:24 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: agh@fastmail.fm X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: feld@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jul 2015 05:52:25 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201323 Bug ID: 201323 Summary: security/sshguard convert to OPTIONS & add new null backend Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: feld@FreeBSD.org Reporter: agh@fastmail.fm Flags: maintainer-feedback?(feld@FreeBSD.org) Assignee: feld@FreeBSD.org Created attachment 158319 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=158319&action=edit Convert all sshguard ports into one port & make use the OPTIONS framework Hi, Patch that converts the sshguard(8) port to use the OPTIONS framework which eliminates the slave ports. Patch also includes support for the NULL backend. The NULL back does not call any firewall command at all, it can however, be used to call a custom script or binary. Users can specify a custom script or binary by: # sysrc sshguard_flags="-e /usr/local/sbin/sshguard-null" Attached is the patch to convert all sshguard ports into one port. Following is sample custom script to call ipfw(4) making use of the table name sshguard instead of a table number: $ cat /usr/local/sbin/sshguard-null #!/bin/sh # Sourced from: # https://sourceforge.net/p/sshguard/mailman/message/34151601/ fwcmd="/sbin/ipfw" table_id="sshguard" print_debug="0" fwcmd_debug() { if [ ${print_debug} -gt 0 ]; then /usr/bin/logger -i -p local0.notice -t sshguard-null ${@} fi } fwcmd_debug "${0}: Incoming sshguard(8) action" case ${SSHG_ACTION} in init) fwcmd_debug "${SSHG_ACTION}" ;; fin) fwcmd_debug "${fwcmd} table ${table_id} flush" ${fwcmd} table ${table_id} flush ;; block) fwcmd_debug "${fwcmd} table ${table_id} add ${SSHG_ADDR}" ${fwcmd} table ${table_id} add ${SSHG_ADDR} ;; block_list) for a in `echo ${SSHG_ADDR} | sed 's/,/ /g'` ; do fwcmd_debug "${fwcmd} table ${table_id} add ${a}" ${fwcmd} table ${table_id} add ${a} done ;; release) fwcmd_debug "${fwcmd} table ${table_id} delete ${SSHG_ADDR}" ${fwcmd} table ${table_id} delete ${SSHG_ADDR} ;; flush) fwcmd_debug "${fwcmd} table ${table_id} flush" ${fwcmd} table ${table_id} flush ;; *) fwcmd_debug "${SSHG_ACTION} unsupported" ;; esac exit 0 -- You are receiving this mail because: You are the assignee for the bug.