From dd4fcfa4179e616105e0548de02304fddd4a6a07 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Thu, 12 Jun 2014 08:46:08 +0000 Subject: [PATCH] fwknob: moved to github SVN-Revision: 41151 --- net/fwknop/Makefile | 119 ------------------------ net/fwknop/patches/001-fix_config.patch | 32 ------- net/fwknop/patches/002-fix_init.patch | 17 ---- 3 files changed, 168 deletions(-) delete mode 100644 net/fwknop/Makefile delete mode 100644 net/fwknop/patches/001-fix_config.patch delete mode 100644 net/fwknop/patches/002-fix_init.patch diff --git a/net/fwknop/Makefile b/net/fwknop/Makefile deleted file mode 100644 index 24d7385e5b..0000000000 --- a/net/fwknop/Makefile +++ /dev/null @@ -1,119 +0,0 @@ -# -# Copyright (C) 2011-2012 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=fwknop -PKG_VERSION:=2.0 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download -PKG_MD5SUM:=96de4c5a4ae75a8618ef80269c6a70ad - -PKG_INSTALL:=1 - -include $(INCLUDE_DIR)/package.mk - -define Package/fwknop/Default - TITLE:=FireWall KNock OPerator - URL:=http://www.cipherdyne.org/fwknop/ - MAINTAINER:=Jonathan Bennett -endef - -define Package/fwknop/Default/description - Fwknop implements an authorization scheme known as Single Packet Authorization - (SPA) for Linux systems running iptables. This mechanism requires only a - single encrypted and non-replayed packet to communicate various pieces of - information including desired access through an iptables policy. The main - application of this program is to use iptables in a default-drop stance to - protect services such as SSH with an additional layer of security in order to - make the exploitation of vulnerabilities (both 0-day and unpatched code) much - more difficult. -endef - -define Package/fwknopd - $(call Package/fwknop/Default) - SECTION:=net - CATEGORY:=Network - SUBMENU:=Firewall - TITLE+= Daemon - DEPENDS:=+iptables +libfko +libpcap -endef - -define Package/fwknopd/description - $(call Package/fwknop/Default/description) - This package contains the fwknop daemon. -endef - -define Package/fwknopd/conffiles -/etc/fwknop/access.conf -/etc/fwknop/fwknopd.conf -endef - -define Package/fwknop - $(call Package/fwknop/Default) - SECTION:=net - CATEGORY:=Network - SUBMENU:=Firewall - TITLE+= Client - DEPENDS:=+libfko -endef - -define Package/fwknop/description - $(call Package/fwknop/Default/description) - This package contains the fwknop client. -endef - -define Package/libfko - $(call Package/fwknop/Default) - SECTION:=libs - CATEGORY:=Libraries - SUBMENU:=Firewall - TITLE+= Library -endef - -define Package/libfko/description - $(call Package/fwknop/Default/description) - This package contains the libfko shared library. -endef - -CONFIGURE_ARGS += \ - --without-gpgme \ - --with-iptables=/usr/sbin/iptables - -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include - $(CP) $(PKG_INSTALL_DIR)/usr/include/fko.h $(1)/usr/include/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libfko.{a,la,so*} $(1)/usr/lib/ -endef - -define Package/fwknopd/install - $(INSTALL_DIR) $(1)/etc/fwknop - $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/fwknop/{access,fwknopd}.conf \ - $(1)/etc/fwknop/ - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) $(PKG_BUILD_DIR)/extras/fwknop.init.openwrt \ - $(1)/etc/init.d/fwknopd - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/fwknopd $(1)/usr/sbin/ -endef - -define Package/fwknop/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fwknop $(1)/usr/bin/ -endef - -define Package/libfko/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libfko.so.* $(1)/usr/lib/ -endef - -$(eval $(call BuildPackage,fwknopd)) -$(eval $(call BuildPackage,fwknop)) -$(eval $(call BuildPackage,libfko)) diff --git a/net/fwknop/patches/001-fix_config.patch b/net/fwknop/patches/001-fix_config.patch deleted file mode 100644 index 5ae4a94852..0000000000 --- a/net/fwknop/patches/001-fix_config.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- a/server/fwknopd.conf -+++ b/server/fwknopd.conf -@@ -29,7 +29,12 @@ - # Define the ethernet interface on which we will sniff packets. - # Default if not set is eth0. - # --#PCAP_INTF eth0; -+ -+# The following line is changed specifically for Openwrt. -+# Openwrt defaults to using eth1 as its wan port. If using PPPoE, -+# Then this needs to be set to pppoe-wan. -+ -+PCAP_INTF eth1; - - # By default fwknopd does not put the pcap interface into promiscuous mode. - # Set this to 'Y' to enable promiscuous sniffing. -@@ -252,8 +257,13 @@ - # The IPT_FORWARD_ACCESS variable is only used if ENABLE_IPT_FORWARDING is - # enabled. - # --#IPT_FORWARD_ACCESS ACCEPT, filter, FORWARD, 1, FWKNOP_FORWARD, 1; --#IPT_DNAT_ACCESS DNAT, nat, PREROUTING, 1, FWKNOP_PREROUTING, 1; -+ -+# These two lines are changed specifically for Openwrt, due to -+# different naming conventions. IPT_FORWARD is still disabled -+# by default, and must be enabled earlier in this file to be used. -+ -+IPT_FORWARD_ACCESS ACCEPT, filter, zone_wan_forward, 1, FWKNOP_FORWARD, 1; -+IPT_DNAT_ACCESS DNAT, nat, zone_wan_prerouting, 1, FWKNOP_PREROUTING, 1; - - # The IPT_SNAT_ACCESS variable is not used unless both ENABLE_IPT_SNAT and - # ENABLE_IPT_FORWARDING are enabled. Also, the external static IP must be diff --git a/net/fwknop/patches/002-fix_init.patch b/net/fwknop/patches/002-fix_init.patch deleted file mode 100644 index 9efda57516..0000000000 --- a/net/fwknop/patches/002-fix_init.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- a/extras/openwrt/package/fwknop/files/fwknopd.init -+++ b/extras/openwrt/package/fwknop/files/fwknopd.init -@@ -8,12 +8,12 @@ FWKNOPD_BIN=/usr/sbin/fwknopd - - start() - { -- $FWKNOPD_BIN -+ service_start $FWKNOPD_BIN - } - - stop() - { -- $FWKNOPD_BIN -K -+ service_stop $FWKNOPD_BIN -K - } - - restart() -- 2.30.2