summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/pflkm/DESCR9
-rw-r--r--security/pflkm/MESSAGE18
-rw-r--r--security/pflkm/Makefile95
-rw-r--r--security/pflkm/PLIST32
-rw-r--r--security/pflkm/buildlink3.mk18
-rw-r--r--security/pflkm/builtin.mk41
-rw-r--r--security/pflkm/distinfo4
-rw-r--r--security/pflkm/files/pf.sh54
-rw-r--r--security/pflkm/files/pflogd.sh18
9 files changed, 289 insertions, 0 deletions
diff --git a/security/pflkm/DESCR b/security/pflkm/DESCR
new file mode 100644
index 00000000000..bb77023f0eb
--- /dev/null
+++ b/security/pflkm/DESCR
@@ -0,0 +1,9 @@
+Packet Filter (from here on referred to as PF) is OpenBSD's system for
+filtering TCP/IP traffic and doing Network Address Translation. PF is also
+capable of normalizing and conditioning TCP/IP traffic.
+
+PF was originally developed by Daniel Hartmeier and is now maintained and
+developed by Daniel and the rest of the OpenBSD team.
+
+This package includes a complete port (LKM and userland utilities) from
+OpenBSD 3.6 to NetBSD 2.0.
diff --git a/security/pflkm/MESSAGE b/security/pflkm/MESSAGE
new file mode 100644
index 00000000000..5b6ee4b3099
--- /dev/null
+++ b/security/pflkm/MESSAGE
@@ -0,0 +1,18 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1.1.1 2004/11/05 15:05:30 peter Exp $
+
+First create the /dev/pf device:
+
+# cd /dev
+# ./MAKEDEV pf
+
+Then load the kernel module:
+
+# modload ${PREFIX}/lkm/pf.o
+
+If you want PF to get loaded automatically at boot time, you need to set
+lkm=YES in /etc/rc.conf and add this line to /etc/lkm.conf:
+
+${PREFIX}/lkm/pf.o - - - - AFTERMOUNT
+
+===========================================================================
diff --git a/security/pflkm/Makefile b/security/pflkm/Makefile
new file mode 100644
index 00000000000..5813082cd3b
--- /dev/null
+++ b/security/pflkm/Makefile
@@ -0,0 +1,95 @@
+# $NetBSD: Makefile,v 1.1.1.1 2004/11/05 15:05:30 peter Exp $
+
+DISTNAME= pflkm-20041025
+CATEGORIES= security ipv6
+MASTER_SITES= http://nedbsd.nl/~ppostma/pf/
+
+MAINTAINER= peter@pointless.nl
+HOMEPAGE= http://nedbsd.nl/~ppostma/pf/
+COMMENT= OpenBSD Packet Filter as loadable kernel module for NetBSD
+
+ONLY_FOR_PLATFORM= NetBSD-[2-9]*-*
+
+USE_PKGINSTALL= yes
+USE_BUILDLINK3= yes
+NO_CONFIGURE= yes
+
+PKG_USERS= _pflogd:nogroup::pflogd\\ pseudo-user:${VARBASE}/chroot/pflogd:/sbin/nologin
+
+RCD_SCRIPTS= pf pflogd
+PKG_SYSCONFSUBDIR= pf
+CONF_FILES= ${PREFIX}/share/examples/${PKGBASE}/pf.conf \
+ ${PKG_SYSCONFDIR}/pf.conf
+CONF_FILES+= ${PREFIX}/share/examples/${PKGBASE}/pf.os \
+ ${PKG_SYSCONFDIR}/pf.os
+
+OWN_DIRS= ${PREFIX}/lkm ${VARBASE}/chroot/pflogd
+OWN_DIRS+= ${PREFIX}/share/examples/${PKGBASE}
+MAKE_DIRS= ${PREFIX}/include/net
+
+PKG_OPTIONS_VAR= PKG_OPTIONS.pf
+PKG_SUPPORTED_OPTIONS= ifevents
+
+.include "../../mk/bsd.options.mk"
+.include "../../mk/bsd.prefs.mk"
+
+.if !empty(PKG_OPTIONS:Mifevents)
+MAKE_ENV+= IFEVENTS=yes
+.endif
+
+post-install:
+ ${INSTALL_DATA} ${WRKSRC}/etc/pf.conf \
+ ${PREFIX}/share/examples/${PKGBASE}/pf.conf
+ ${INSTALL_DATA} ${WRKSRC}/etc/pf.os \
+ ${PREFIX}/share/examples/${PKGBASE}/pf.os
+
+do-install:
+ ${INSTALL_DATA} ${WRKSRC}/include/net/if_pflog.h ${PREFIX}/include/net/if_pflog.h
+ ${INSTALL_DATA} ${WRKSRC}/include/net/if_pfsync.h ${PREFIX}/include/net/if_pfsync.h
+ ${INSTALL_DATA} ${WRKSRC}/include/net/pfvar.h ${PREFIX}/include/net/pfvar.h
+ ${INSTALL_PROGRAM} ${WRKSRC}/libexec/ftp-proxy/ftp-proxy ${PREFIX}/libexec/ftp-proxy
+ ${INSTALL_MAN} ${WRKSRC}/libexec/ftp-proxy/ftp-proxy.cat8 ${PREFIX}/man/cat8/ftp-proxy.0
+ ${INSTALL_MAN} ${WRKSRC}/libexec/ftp-proxy/ftp-proxy.8 ${PREFIX}/man/man8/ftp-proxy.8
+ ${INSTALL_DATA} ${WRKSRC}/lkm/pf.o ${PREFIX}/lkm/pf.o
+ ${INSTALL_MAN} ${WRKSRC}/man/pf.cat4 ${PREFIX}/man/cat4/pf.0
+ ${INSTALL_MAN} ${WRKSRC}/man/pflog.cat4 ${PREFIX}/man/cat4/pflog.0
+ ${INSTALL_MAN} ${WRKSRC}/man/pfsync.cat4 ${PREFIX}/man/cat4/pfsync.0
+ ${INSTALL_MAN} ${WRKSRC}/man/pf.conf.cat5 ${PREFIX}/man/cat5/pf.conf.0
+ ${INSTALL_MAN} ${WRKSRC}/man/pf.os.cat5 ${PREFIX}/man/cat5/pf.os.0
+ ${INSTALL_MAN} ${WRKSRC}/man/pf.4 ${PREFIX}/man/man4/pf.4
+ ${INSTALL_MAN} ${WRKSRC}/man/pflog.4 ${PREFIX}/man/man4/pflog.4
+ ${INSTALL_MAN} ${WRKSRC}/man/pfsync.4 ${PREFIX}/man/man4/pfsync.4
+ ${INSTALL_MAN} ${WRKSRC}/man/pf.conf.5 ${PREFIX}/man/man5/pf.conf.5
+ ${INSTALL_MAN} ${WRKSRC}/man/pf.os.5 ${PREFIX}/man/man5/pf.os.5
+ ${INSTALL_PROGRAM} ${WRKSRC}/sbin/pfctl/pfctl ${PREFIX}/sbin/pfctl
+ ${INSTALL_MAN} ${WRKSRC}/sbin/pfctl/pfctl.cat8 ${PREFIX}/man/cat8/pfctl.0
+ ${INSTALL_MAN} ${WRKSRC}/sbin/pfctl/pfctl.8 ${PREFIX}/man/man8/pfctl.8
+ ${INSTALL_PROGRAM} ${WRKSRC}/sbin/pflogd/pflogd ${PREFIX}/sbin/pflogd
+ ${INSTALL_MAN} ${WRKSRC}/sbin/pflogd/pflogd.cat8 ${PREFIX}/man/cat8/pflogd.0
+ ${INSTALL_MAN} ${WRKSRC}/sbin/pflogd/pflogd.8 ${PREFIX}/man/man8/pflogd.8
+ ${INSTALL_PROGRAM} ${WRKSRC}/usr.sbin/authpf/authpf ${PREFIX}/sbin/authpf
+ ${INSTALL_MAN} ${WRKSRC}/usr.sbin/authpf/authpf.cat8 ${PREFIX}/man/cat8/authpf.0
+ ${INSTALL_MAN} ${WRKSRC}/usr.sbin/authpf/authpf.8 ${PREFIX}/man/man8/authpf.8
+ ${INSTALL_PROGRAM} ${WRKSRC}/usr.sbin/tcpdump/pftcpdump ${PREFIX}/sbin/pftcpdump
+ ${INSTALL_MAN} ${WRKSRC}/usr.sbin/tcpdump/pftcpdump.cat8 ${PREFIX}/man/cat8/pftcpdump.0
+ ${INSTALL_MAN} ${WRKSRC}/usr.sbin/tcpdump/pftcpdump.8 ${PREFIX}/man/man8/pftcpdump.8
+
+SUBST_CLASSES= path
+SUBST_STAGE.path= post-patch
+SUBST_FILES.path= man/pfsync.4 man/pf.conf.5
+SUBST_FILES.path+= sbin/pfctl/pfctl.8 sbin/pfctl/pfctl_parser.h
+SUBST_FILES.path+= usr.sbin/authpf/authpf.8 usr.sbin/authpf/pathnames.h
+SUBST_SED.path= -e 's,/etc/pf.os,${PKG_SYSCONFDIR}/pf.os,g'
+SUBST_SED.path+= -e 's,/etc/pf.conf,${PKG_SYSCONFDIR}/pf.conf,g'
+SUBST_SED.path+= -e 's,/etc/authpf/authpf.conf,${PKG_SYSCONFDIR}/authpf.conf,g'
+SUBST_SED.path+= -e 's,/etc/authpf/authpf.allow,${PKG_SYSCONFDIR}/authpf.allow,g'
+SUBST_SED.path+= -e 's,/etc/authpf/authpf.rules,${PKG_SYSCONFDIR}/authpf.rules,g'
+SUBST_SED.path+= -e 's,/etc/authpf/authpf.problem,${PKG_SYSCONFDIR}/authpf.problem,g'
+SUBST_SED.path+= -e 's,/etc/authpf/authpf.message,${PKG_SYSCONFDIR}/authpf.message,g'
+SUBST_SED.path+= -e 's,/etc/authpf/users,${PKG_SYSCONFDIR}/users,g'
+SUBST_SED.path+= -e 's,/etc/authpf/banned,${PKG_SYSCONFDIR}/banned,g'
+SUBST_SED.path+= -e 's,/usr/sbin/authpf,${PREFIX}/sbin/authpf,g'
+SUBST_SED.path+= -e 's,/sbin/pfctl,${PREFIX}/sbin/pfctl,g'
+SUBST_MESSAGE.path= "Fixing hardcoded dirs."
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/pflkm/PLIST b/security/pflkm/PLIST
new file mode 100644
index 00000000000..02b156a1ef4
--- /dev/null
+++ b/security/pflkm/PLIST
@@ -0,0 +1,32 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2004/11/05 15:05:30 peter Exp $
+include/net/if_pflog.h
+include/net/if_pfsync.h
+include/net/pfvar.h
+libexec/ftp-proxy
+lkm/pf.o
+man/cat4/pf.0
+man/cat4/pflog.0
+man/cat4/pfsync.0
+man/cat5/pf.conf.0
+man/cat5/pf.os.0
+man/cat8/authpf.0
+man/cat8/ftp-proxy.0
+man/cat8/pfctl.0
+man/cat8/pflogd.0
+man/cat8/pftcpdump.0
+man/man4/pf.4
+man/man4/pflog.4
+man/man4/pfsync.4
+man/man5/pf.conf.5
+man/man5/pf.os.5
+man/man8/authpf.8
+man/man8/ftp-proxy.8
+man/man8/pfctl.8
+man/man8/pflogd.8
+man/man8/pftcpdump.8
+sbin/authpf
+sbin/pfctl
+sbin/pflogd
+sbin/pftcpdump
+share/examples/${PKGBASE}/pf.conf
+share/examples/${PKGBASE}/pf.os
diff --git a/security/pflkm/buildlink3.mk b/security/pflkm/buildlink3.mk
new file mode 100644
index 00000000000..87c0c9568c4
--- /dev/null
+++ b/security/pflkm/buildlink3.mk
@@ -0,0 +1,18 @@
+# $NetBSD: buildlink3.mk,v 1.1.1.1 2004/11/05 15:05:30 peter Exp $
+
+BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
+PFLKM_BUILDLINK3_MK:= ${PFLKM_BUILDLINK3_MK}+
+
+.if !empty(BUILDLINK_DEPTH:M+)
+BUILDLINK_DEPENDS+= pflkm
+.endif
+
+BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Npflkm}
+BUILDLINK_PACKAGES+= pflkm
+
+.if !empty(PFLKM_BUILDLINK3_MK:M+)
+BUILDLINK_DEPENDS.pflkm+= pflkm>=20041025
+BUILDLINK_PKGSRCDIR.pflkm?= ../../security/pflkm
+.endif # PFLKM_BUILDLINK3_MK
+
+BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH:S/+$//}
diff --git a/security/pflkm/builtin.mk b/security/pflkm/builtin.mk
new file mode 100644
index 00000000000..9ac188bf36d
--- /dev/null
+++ b/security/pflkm/builtin.mk
@@ -0,0 +1,41 @@
+# $NetBSD: builtin.mk,v 1.1.1.1 2004/11/05 15:05:30 peter Exp $
+
+_PF_VERSION= 3.6 # pkg default
+_PF_PFVAR_H= /usr/include/net/pfvar.h
+
+.if !defined(IS_BUILTIN.pflkm)
+IS_BUILTIN.pflkm= no
+. if exists(${_PF_PFVAR_H})
+IS_BUILTIN.pflkm= yes
+
+# OpenBSD 3.6: pf_cksum_fixup added
+_PF_3_6!= ${GREP} -c pf_cksum_fixup ${_PF_PFVAR_H} || ${TRUE}
+
+.if ${_PF_3_6} == "1"
+BUILTIN_PKG.pflkm= 3.6
+.else
+BUILTIN_PKG.pflkm= 3.5
+.endif
+
+_PF_VERSION= ${BUILTIN_PKG.pflkm}
+
+.endif # exists(${_PF_PFVAR_H})
+
+.if !defined(USE_BUILTIN.pflkm)
+USE_BUILTIN.pflkm?= ${IS_BUILTIN.pflkm}
+
+. if defined(BUILTIN_PKG.pflkm)
+USE_BUILTIN.pflkm= yes
+. for _depend_ in ${BUILDLINK_DEPENDS.pflkm}
+. if !empty(USE_BUILTIN.pflkm:M[yY][eE][sS])
+USE_BUILTIN.pflkm!= \
+ if ${PKG_ADMIN} pmatch '${_depend_}' ${BUILTIN_PKG.pflkm}; then \
+ ${ECHO} "yes"; \
+ else \
+ ${ECHO} "no"; \
+ fi
+. endif
+. endfor
+. endif
+.endif # USE_BUILTIN.pflkm
+.endif # IS_BUILTIN.pflkm
diff --git a/security/pflkm/distinfo b/security/pflkm/distinfo
new file mode 100644
index 00000000000..a168f2910de
--- /dev/null
+++ b/security/pflkm/distinfo
@@ -0,0 +1,4 @@
+$NetBSD: distinfo,v 1.1.1.1 2004/11/05 15:05:30 peter Exp $
+
+SHA1 (pflkm-20041025.tar.gz) = 4f0720bb8fab1d4bde0d68e6927970d98c3628ad
+Size (pflkm-20041025.tar.gz) = 792281 bytes
diff --git a/security/pflkm/files/pf.sh b/security/pflkm/files/pf.sh
new file mode 100644
index 00000000000..c47750c0890
--- /dev/null
+++ b/security/pflkm/files/pf.sh
@@ -0,0 +1,54 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: pf.sh,v 1.1.1.1 2004/11/05 15:05:30 peter Exp $
+#
+# PROVIDE: pf
+# REQUIRE: DAEMON
+#
+
+. /etc/rc.subr
+
+name="pf"
+rcvar=$name
+pfctl="@PREFIX@/sbin/pfctl"
+config="@PKG_SYSCONFDIR@/pf.conf"
+start_cmd="pf_start"
+stop_cmd="pf_stop"
+reload_cmd="pf_reload"
+status_cmd="pf_status"
+extra_commands="reload status"
+
+pf_start()
+{
+ echo "Enabling pf firewall."
+ ${pfctl} -q -e
+ if [ -f ${config} ]; then
+ ${pfctl} -q -f ${config}
+ else
+ warn "pf.conf not found; no pf rules loaded."
+ fi
+}
+
+pf_stop()
+{
+ echo "Disabling pf firewall."
+ ${pfctl} -q -d
+}
+
+pf_reload()
+{
+ echo "Reloading pf rules."
+ if [ -f ${config} ]; then
+ ${pfctl} -q -f ${config}
+ else
+ warn "pf.conf not found; no pf rules loaded."
+ fi
+}
+
+pf_status()
+{
+ ${pfctl} -s info
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/security/pflkm/files/pflogd.sh b/security/pflkm/files/pflogd.sh
new file mode 100644
index 00000000000..a0692e44da8
--- /dev/null
+++ b/security/pflkm/files/pflogd.sh
@@ -0,0 +1,18 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: pflogd.sh,v 1.1.1.1 2004/11/05 15:05:30 peter Exp $
+#
+# PROVIDE: pflogd
+# REQUIRE: DAEMON
+#
+
+. /etc/rc.subr
+
+name="pflogd"
+rcvar=$name
+command="@PREFIX@/sbin/${name}"
+start_precmd="/sbin/ifconfig pflog0 up"
+pidfile="/var/run/${name}.pid"
+
+load_rc_config $name
+run_rc_command "$1"