From owner-dev-commits-ports-main@freebsd.org Mon May 24 15:39:59 2021 Return-Path: Delivered-To: dev-commits-ports-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C30B8636E5C; Mon, 24 May 2021 15:39:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FphH32tYHz3JyP; Mon, 24 May 2021 15:39:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4733345F7; Mon, 24 May 2021 15:39:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14OFdxvp012256; Mon, 24 May 2021 15:39:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14OFdxBd012255; Mon, 24 May 2021 15:39:59 GMT (envelope-from git) Date: Mon, 24 May 2021 15:39:59 GMT Message-Id: <202105241539.14OFdxBd012255@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Sofian Brabez Subject: git: 9ecdfbcdb55b - main - security/crowdsec-firewall-bouncer: new port MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: sbz X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9ecdfbcdb55b424ca0df02b4a7fd72fc298cf9bf Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the main branch of the FreeBSD ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 May 2021 15:39:59 -0000 The branch main has been updated by sbz: URL: https://cgit.FreeBSD.org/ports/commit/?id=9ecdfbcdb55b424ca0df02b4a7fd72fc298cf9bf commit 9ecdfbcdb55b424ca0df02b4a7fd72fc298cf9bf Author: Sofian Brabez AuthorDate: 2021-05-24 15:14:29 +0000 Commit: Sofian Brabez CommitDate: 2021-05-24 15:38:06 +0000 security/crowdsec-firewall-bouncer: new port Crowdsec bouncer written in golang for firewalls. cs-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add them in a blocklist used by supported firewalls. WWW: https://github.com/crowdsecurity/cs-firewall-bouncer --- security/Makefile | 1 + security/crowdsec-firewall-bouncer/Makefile | 39 ++++++++++++++++++++++ security/crowdsec-firewall-bouncer/distinfo | 5 +++ .../files/crowdsec_firewall.in | 25 ++++++++++++++ .../crowdsec-firewall-bouncer/files/pkg-message.in | 21 ++++++++++++ security/crowdsec-firewall-bouncer/pkg-descr | 6 ++++ security/crowdsec-firewall-bouncer/pkg-plist | 2 ++ 7 files changed, 99 insertions(+) diff --git a/security/Makefile b/security/Makefile index b6060eb1d6e4..ce92287f6e4d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -102,6 +102,7 @@ SUBDIR += crackpkcs12 SUBDIR += create-cert SUBDIR += crowdsec + SUBDIR += crowdsec-firewall-bouncer SUBDIR += cryptlib SUBDIR += cryptopp SUBDIR += ct-submit diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile new file mode 100644 index 000000000000..cc954af98728 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/Makefile @@ -0,0 +1,39 @@ +PORTNAME= crowdsec-firewall-bouncer +PORTVERSION= 0.0.12 +DISTVERSIONPREFIX= v +CATEGORIES= security + +MAINTAINER= sbz@FreeBSD.org +COMMENT= Crowdsec bouncer written in golang for firewalls + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE + +RUN_DEPENDS= crowdsec>0:security/crowdsec + +USES= go:modules + +USE_RC_SUBR= crowdsec_firewall + +GO_MODULE= github.com/crowdsecurity/cs-firewall-bouncer + +GO_BUILDFLAGS= -ldflags "-s -w \ + -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=v${PORTVERSION} \ + -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=freebsd" + +SUB_FILES= pkg-message + +post-patch: + ${REINPLACE_CMD} 's,$${BACKEND},pf,g' \ + ${WRKSRC}/config/cs-firewall-bouncer.yaml + +do-install: + @${MKDIR} ${STAGEDIR}${ETCDIR} + + ${INSTALL_DATA} ${WRKSRC}/config/cs-firewall-bouncer.yaml \ + ${STAGEDIR}${ETCDIR}/cs-firewall-bouncer.yaml.sample + + ${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec-firewall-bouncer \ + ${STAGEDIR}${PREFIX}/bin/cs-firewall-bouncer + +.include diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo new file mode 100644 index 000000000000..ed0ddfb6c133 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1620824385 +SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.mod) = 62de12d4c417718ea7d7e009d7d06f103518c67e168db04c988808783e1e588d +SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.mod) = 1335 +SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.zip) = 9a82915c2f2f8d4872ebfaf4cc6046cbdc1ab5af42e3a22a721b4a29007fa25c +SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.zip) = 143391 diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in new file mode 100755 index 000000000000..48aa4cb1e16d --- /dev/null +++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in @@ -0,0 +1,25 @@ +#!/bin/sh +# +# PROVIDE: crowdsec_firewall +# REQUIRE: LOGIN DAEMON NETWORKING +# KEYWORD: shutdown +# + +. /etc/rc.subr + +name=crowdsec_firewall +desc="Crowdsec Firewall" +rcvar=crowdsec_firewall_enable + +load_rc_config $name + +: ${crowdsec_firewall_enbable:="NO"} +: ${crowdsec_firewall_config:="%%PREFIX%%/etc/crowdsec-firewall-bouncer/cs-firewall-bouncer.yaml"} + +pidfile=/var/run/$name.pid +required_files="$crowdsec_firewall_config" +procname="%%PREFIX%%/bin/cs-firewall-bouncer" +command=/usr/sbin/daemon +command_args="-fp $pidfile -t '$desc' -- '$procname' -c '$crowdsec_firewall_config'" + +run_rc_command "$1" diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in new file mode 100644 index 000000000000..77449b1567d1 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in @@ -0,0 +1,21 @@ +[ +{ type: install + message: < persist + +# create crowdsec ipv6 table +table persist + +# sysrc crowdsec_firewall_enable="YES" +EOM +} +] diff --git a/security/crowdsec-firewall-bouncer/pkg-descr b/security/crowdsec-firewall-bouncer/pkg-descr new file mode 100644 index 000000000000..e666b29dbc2e --- /dev/null +++ b/security/crowdsec-firewall-bouncer/pkg-descr @@ -0,0 +1,6 @@ +Crowdsec bouncer written in golang for firewalls. + +cs-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add +them in a blocklist used by supported firewalls. + +WWW: https://github.com/crowdsecurity/cs-firewall-bouncer diff --git a/security/crowdsec-firewall-bouncer/pkg-plist b/security/crowdsec-firewall-bouncer/pkg-plist new file mode 100644 index 000000000000..d70a51ea77f3 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/pkg-plist @@ -0,0 +1,2 @@ +@sample etc/crowdsec-firewall-bouncer/cs-firewall-bouncer.yaml.sample +bin/cs-firewall-bouncer