From owner-freebsd-ports-bugs@FreeBSD.ORG Mon May 1 15:11:09 2006 Return-Path: X-Original-To: freebsd-ports-bugs@FreeBSD.org Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD7D216A407; Mon, 1 May 2006 15:11:09 +0000 (UTC) (envelope-from shaun@inerd.com) Received: from dione.picobyte.net (host-212-158-207-124.bulldogdsl.com [212.158.207.124]) by mx1.FreeBSD.org (Postfix) with SMTP id BC2C043D48; Mon, 1 May 2006 15:11:08 +0000 (GMT) (envelope-from shaun@inerd.com) Received: from charon.picobyte.net (charon.picobyte.net [IPv6:2001:4bd0:201e::fe03]) by dione.picobyte.net (Postfix) with ESMTP; Mon, 1 May 2006 16:11:06 +0100 (BST) Date: Mon, 1 May 2006 16:11:06 +0100 From: Shaun Amott To: Sergey Matveychuk Message-ID: <20060501151106.GA742@picobyte.net> References: <200605011355.k41DtPmZ024856@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <200605011355.k41DtPmZ024856@freefall.freebsd.org> User-Agent: Mutt/1.5.11 (FreeBSD i386) Cc: freebsd-ports-bugs@FreeBSD.org, bug-followup@FreeBSD.org Subject: Re: ports/94626: [NEW PORT] security/knock - flexible port knocking server and client X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 May 2006 15:11:10 -0000 On Mon, May 01, 2006 at 01:55:25PM +0000, Sergey Matveychuk wrote: > > Synopsis: [NEW PORT] security/knock - flexible port knocking server and client > > State-Changed-From-To: open->feedback > State-Changed-By: sem > State-Changed-When: Mon May 1 13:55:24 UTC 2006 > State-Changed-Why: > Ask for submitter fix. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=94626 > The author has completely restructured his site, and I can't find the distfile anywhere. I have re-made the port with my CVS patch integrated; I will host the distfile until the author releases a new version. Tinderbox tested on: 5.x (sparc64) ----- Begin knockd.shar ----- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # knock # knock/files # knock/files/knockd.sh.in # knock/files/patch-knockd.conf # knock/Makefile # knock/pkg-descr # knock/distinfo # echo c - knock mkdir -p knock > /dev/null 2>&1 echo c - knock/files mkdir -p knock/files > /dev/null 2>&1 echo x - knock/files/knockd.sh.in sed 's/^X//' >knock/files/knockd.sh.in << 'END-of-knock/files/knockd.sh.in' X#!/bin/sh X X# PROVIDE: knockd X# REQUIRE: DAEMON X# BEFORE: LOGIN X X. %%RC_SUBR%% X Xname="knockd" Xrcvar=`set_rcvar` Xload_rc_config $name X Xknockd_enable=${knockd_enable:-"NO"} Xknockd_flags=${knockd_flags:-"-d"} X Xcommand="%%PREFIX%%/bin/knockd" Xpidfile="%%RUNDIR%%/knockd.pid" Xrequired_files="%%PREFIX%%/etc/knockd.conf" X Xrun_rc_command "$1" END-of-knock/files/knockd.sh.in echo x - knock/files/patch-knockd.conf sed 's/^X//' >knock/files/patch-knockd.conf << 'END-of-knock/files/patch-knockd.conf' X--- knockd.conf.orig Thu May 6 22:56:03 2004 X+++ knockd.conf Fri Mar 17 23:39:01 2006 X@@ -1,15 +1,16 @@ X [options] X logfile = /var/log/knockd.log X+ interface = fxp0 X X [openSSH] X sequence = 7000,8000,9000 X seq_timeout = 5 X- command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT X+ command = /sbin/ipfw -q add pass proto tcp src-ip %IP% dst-port 22 X tcpflags = syn X X [closeSSH] X sequence = 9000,8000,7000 X seq_timeout = 5 X- command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT X+ command = /sbin/ipfw -q delete pass proto tcp src-ip %IP% dst-port 22 X tcpflags = syn X END-of-knock/files/patch-knockd.conf echo x - knock/Makefile sed 's/^X//' >knock/Makefile << 'END-of-knock/Makefile' X# New ports collection makefile for: knock X# Date Created: 2006-03-17 X# Whom: Shaun Amott X# X# $FreeBSD$ X# X XPORTNAME= knock XPORTVERSION= 0.5.20051124 XCATEGORIES= security XMASTER_SITES= http://mirror.inerd.com/FreeBSD/distfiles/${PORTNAME}/ X XMAINTAINER= shaun@inerd.com XCOMMENT= A flexible port-knocking server and client X XGNU_CONFIGURE= yes X XOPTIONS= SERVER "Install knockd server" on \ X CLIENT "Install knock client" on X XRUNDIR= /var/run XSUB_LIST= RUNDIR=${RUNDIR} X X.include X X.if defined(WITH_SERVER) XMAN1= knockd.1 XUSE_RC_SUBR= knockd.sh XPLIST_FILES+= bin/knockd XPLIST_FILES+= etc/knockd.conf.sample X.endif X X.if defined(WITH_CLIENT) XMAN1+= knock.1 XPLIST_FILES+= bin/knock X.endif X Xpre-configure: X.if defined(WITHOUT_SERVER) && defined(WITHOUT_CLIENT) XIGNORE= at least one component must be selected for installation X.endif X Xpost-patch: X @${REINPLACE_CMD} -e "s#%%PREFIX%%#${PREFIX}#g" \ X -e "s#%%RUNDIR%%#${RUNDIR}#g" \ X -e "s#eth0#fxp0#g" \ X ${WRKSRC}/src/knockd.c X X @${REINPLACE_CMD} -e "s/#VERSION#/${PORTVERSION}/g" \ X -e "s#eth0#fxp0#g" \ X ${WRKSRC}/doc/knock.1.in \ X ${WRKSRC}/doc/knockd.1.in X Xdo-install: X.if defined(WITH_SERVER) X ${INSTALL_PROGRAM} ${WRKSRC}/knockd ${PREFIX}/bin X ${INSTALL_DATA} ${WRKSRC}/knockd.conf ${PREFIX}/etc/knockd.conf.sample X.endif X X.if defined(WITH_CLIENT) X ${INSTALL_PROGRAM} ${WRKSRC}/knock ${PREFIX}/bin X.endif X Xpost-install-script: X.if defined(WITH_SERVER) X ${INSTALL_MAN} ${WRKSRC}/doc/knockd.1.in ${MAN1PREFIX}/man/man1/knockd.1 X.endif X X.if defined(WITH_CLIENT) X ${INSTALL_MAN} ${WRKSRC}/doc/knock.1.in ${MAN1PREFIX}/man/man1/knock.1 X.endif X X.include END-of-knock/Makefile echo x - knock/pkg-descr sed 's/^X//' >knock/pkg-descr << 'END-of-knock/pkg-descr' Xknockd is a port-knock server. It listens to all traffic on an ethernet X(or PPP) interface, looking for special "knock" sequences of port-hits. X XA client makes these port-hits by sending a TCP (or UDP) packet to a Xport on the server. This port need not be open -- since knockd listens Xat the link-layer level, it sees all traffic even if it's destined for Xa closed port. When the server detects a specific sequence of port-hits Xport-hits, it runs a command defined in its configuration file. This Xcan be used to open up holes in a firewall for quick access. X XWWW: http://www.zeroflux.org/cgi-bin/cvstrac/knock/wiki/ END-of-knock/pkg-descr echo x - knock/distinfo sed 's/^X//' >knock/distinfo << 'END-of-knock/distinfo' XMD5 (knock-0.5.20051124.tar.gz) = 0ab0c51687b1d99ea7141b3a86b8e963 XSHA256 (knock-0.5.20051124.tar.gz) = 15aa6a5d152a7cdb5b52d1e9de9e77d7f52156ce3e5d5c80dd9b76e40f6a84aa XSIZE (knock-0.5.20051124.tar.gz) = 86607 END-of-knock/distinfo exit ----- End knockd.shar ----- -- Shaun Amott [ PGP: 0x6B387A9A ] Scientia Est Potentia.