Date: Mon, 24 May 2021 15:44:30 GMT From: Sofian Brabez <sbz@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: git: e78459a378dc - 2021Q2 - security/crowdsec-firewall-bouncer: new port Message-ID: <202105241544.14OFiUm3025292@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch 2021Q2 has been updated by sbz: URL: https://cgit.FreeBSD.org/ports/commit/?id=e78459a378dc5a5997ca0d938e3fceeb43e11c05 commit e78459a378dc5a5997ca0d938e3fceeb43e11c05 Author: Sofian Brabez <sbz@FreeBSD.org> AuthorDate: 2021-05-24 15:14:29 +0000 Commit: Sofian Brabez <sbz@FreeBSD.org> CommitDate: 2021-05-24 15:43:10 +0000 security/crowdsec-firewall-bouncer: new port Crowdsec bouncer written in golang for firewalls. cs-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add them in a blocklist used by supported firewalls. WWW: https://github.com/crowdsecurity/cs-firewall-bouncer (cherry picked from commit 9ecdfbcdb55b424ca0df02b4a7fd72fc298cf9bf) --- security/Makefile | 1 + security/crowdsec-firewall-bouncer/Makefile | 39 ++++++++++++++++++++++ security/crowdsec-firewall-bouncer/distinfo | 5 +++ .../files/crowdsec_firewall.in | 25 ++++++++++++++ .../crowdsec-firewall-bouncer/files/pkg-message.in | 21 ++++++++++++ security/crowdsec-firewall-bouncer/pkg-descr | 6 ++++ security/crowdsec-firewall-bouncer/pkg-plist | 2 ++ 7 files changed, 99 insertions(+) diff --git a/security/Makefile b/security/Makefile index e375845d1fc8..d6ffc058e624 100644 --- a/security/Makefile +++ b/security/Makefile @@ -105,6 +105,7 @@ SUBDIR += crackpkcs12 SUBDIR += create-cert SUBDIR += crowdsec + SUBDIR += crowdsec-firewall-bouncer SUBDIR += cryptlib SUBDIR += cryptopp SUBDIR += ct-submit diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile new file mode 100644 index 000000000000..cc954af98728 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/Makefile @@ -0,0 +1,39 @@ +PORTNAME= crowdsec-firewall-bouncer +PORTVERSION= 0.0.12 +DISTVERSIONPREFIX= v +CATEGORIES= security + +MAINTAINER= sbz@FreeBSD.org +COMMENT= Crowdsec bouncer written in golang for firewalls + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE + +RUN_DEPENDS= crowdsec>0:security/crowdsec + +USES= go:modules + +USE_RC_SUBR= crowdsec_firewall + +GO_MODULE= github.com/crowdsecurity/cs-firewall-bouncer + +GO_BUILDFLAGS= -ldflags "-s -w \ + -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=v${PORTVERSION} \ + -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=freebsd" + +SUB_FILES= pkg-message + +post-patch: + ${REINPLACE_CMD} 's,$${BACKEND},pf,g' \ + ${WRKSRC}/config/cs-firewall-bouncer.yaml + +do-install: + @${MKDIR} ${STAGEDIR}${ETCDIR} + + ${INSTALL_DATA} ${WRKSRC}/config/cs-firewall-bouncer.yaml \ + ${STAGEDIR}${ETCDIR}/cs-firewall-bouncer.yaml.sample + + ${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec-firewall-bouncer \ + ${STAGEDIR}${PREFIX}/bin/cs-firewall-bouncer + +.include <bsd.port.mk> diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo new file mode 100644 index 000000000000..ed0ddfb6c133 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1620824385 +SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.mod) = 62de12d4c417718ea7d7e009d7d06f103518c67e168db04c988808783e1e588d +SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.mod) = 1335 +SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.zip) = 9a82915c2f2f8d4872ebfaf4cc6046cbdc1ab5af42e3a22a721b4a29007fa25c +SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.zip) = 143391 diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in new file mode 100755 index 000000000000..48aa4cb1e16d --- /dev/null +++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in @@ -0,0 +1,25 @@ +#!/bin/sh +# +# PROVIDE: crowdsec_firewall +# REQUIRE: LOGIN DAEMON NETWORKING +# KEYWORD: shutdown +# + +. /etc/rc.subr + +name=crowdsec_firewall +desc="Crowdsec Firewall" +rcvar=crowdsec_firewall_enable + +load_rc_config $name + +: ${crowdsec_firewall_enbable:="NO"} +: ${crowdsec_firewall_config:="%%PREFIX%%/etc/crowdsec-firewall-bouncer/cs-firewall-bouncer.yaml"} + +pidfile=/var/run/$name.pid +required_files="$crowdsec_firewall_config" +procname="%%PREFIX%%/bin/cs-firewall-bouncer" +command=/usr/sbin/daemon +command_args="-fp $pidfile -t '$desc' -- '$procname' -c '$crowdsec_firewall_config'" + +run_rc_command "$1" diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in new file mode 100644 index 000000000000..77449b1567d1 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in @@ -0,0 +1,21 @@ +[ +{ type: install + message: <<EOM + +crowdsec-firewall-bouncer is installed. + +You need to edit the config file %%ETCDIR%%/cs-firewall-bouncer.yaml, your pf +config and enable rc via sysrc. + +Add the following in pf.conf to create the tables + +# create crowdsec ipv4 table +table <crowdsec-blacklists> persist + +# create crowdsec ipv6 table +table <crowdsec6-blacklists> persist + +# sysrc crowdsec_firewall_enable="YES" +EOM +} +] diff --git a/security/crowdsec-firewall-bouncer/pkg-descr b/security/crowdsec-firewall-bouncer/pkg-descr new file mode 100644 index 000000000000..e666b29dbc2e --- /dev/null +++ b/security/crowdsec-firewall-bouncer/pkg-descr @@ -0,0 +1,6 @@ +Crowdsec bouncer written in golang for firewalls. + +cs-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add +them in a blocklist used by supported firewalls. + +WWW: https://github.com/crowdsecurity/cs-firewall-bouncer diff --git a/security/crowdsec-firewall-bouncer/pkg-plist b/security/crowdsec-firewall-bouncer/pkg-plist new file mode 100644 index 000000000000..d70a51ea77f3 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/pkg-plist @@ -0,0 +1,2 @@ +@sample etc/crowdsec-firewall-bouncer/cs-firewall-bouncer.yaml.sample +bin/cs-firewall-bouncer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202105241544.14OFiUm3025292>