[packages] fwknop: update to 2.0.0rc4
* add client package, InstallDev & license * fix config defaults & daemon conffiles * use PKG_INSTALL * cleanup Makefile git-svn-id: svn://svn.openwrt.org/openwrt/packages@28201 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
swalker
parent
e5464cface
commit
de63f50258
@ -1,60 +1,119 @@
|
||||
#
|
||||
# Copyright (C) 2011 OpenWrt.org
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
#
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fwknopd
|
||||
PKG_VERSION:=2.0.0rc2
|
||||
PKG_NAME:=fwknop
|
||||
PKG_VERSION:=2.0.0rc4
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_BUILD_DIR:=$(BUILD_DIR)/fwknop-$(PKG_VERSION)
|
||||
PKG_SOURCE:=fwknop-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||
PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download
|
||||
PKG_MD5SUM:=c78252216fa9627cacf61b453da915a8
|
||||
PKG_CAT:=zcat
|
||||
PKG_MD5SUM:=4f5d45187429ca56d3b444ab96c57fb6
|
||||
|
||||
PKG_INSTALL:=1
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/fwknop/Default
|
||||
TITLE:=FireWall KNock OPerator
|
||||
URL:=http://www.cipherdyne.org/fwknop/
|
||||
MAINTAINER:=Jonathan Bennett <jbscience87@gmail.com>
|
||||
endef
|
||||
|
||||
define Package/fwknop/Default/description
|
||||
Fwknop implements an authorization scheme known as Single Packet Authorization
|
||||
(SPA) for Linux systems running iptables. This mechanism requires only a
|
||||
single encrypted and non-replayed packet to communicate various pieces of
|
||||
information including desired access through an iptables policy. The main
|
||||
application of this program is to use iptables in a default-drop stance to
|
||||
protect services such as SSH with an additional layer of security in order to
|
||||
make the exploitation of vulnerabilities (both 0-day and unpatched code) much
|
||||
more difficult.
|
||||
endef
|
||||
|
||||
define Package/fwknopd
|
||||
$(call Package/fwknop/Default)
|
||||
SECTION:=net
|
||||
CATEGORY:=Network
|
||||
TITLE:=Firewall Knock Operator Daemon
|
||||
URL:=http://http://www.cipherdyne.org/fwknop/
|
||||
MAINTAINER:=Jonathan Bennett <jbscience87@gmail.com>
|
||||
DEPENDS:=+libpcap +libgdbm +iptables
|
||||
SUBMENU:=Firewall
|
||||
TITLE+= Daemon
|
||||
DEPENDS:=+iptables +libfko +libpcap
|
||||
endef
|
||||
|
||||
define Package/fwknopd/description
|
||||
Firewall Knock Operator Daemon
|
||||
Fwknop implements an authorization scheme known as Single Packet
|
||||
Authorization (SPA) for Linux systems running iptables. This
|
||||
mechanism requires only a single encrypted and non-replayed
|
||||
packet to communicate various pieces of information including
|
||||
desired access through an iptables policy. The main application
|
||||
of this program is to use iptables in a default-drop stance to
|
||||
protect services such as SSH with an additional layer
|
||||
of security in order to make the exploitation of vulnerabilities
|
||||
(both 0-day and unpatched code) much more difficult.
|
||||
$(call Package/fwknop/Default/description)
|
||||
This package contains the fwknop daemon.
|
||||
endef
|
||||
|
||||
define Package/conffiles
|
||||
/etc/fwknop/fwknopd.conf
|
||||
define Package/fwknopd/conffiles
|
||||
/etc/fwknop/access.conf
|
||||
/etc/fwknop/fwknopd.conf
|
||||
endef
|
||||
|
||||
define Package/fwknop
|
||||
$(call Package/fwknop/Default)
|
||||
SECTION:=net
|
||||
CATEGORY:=Network
|
||||
SUBMENU:=Firewall
|
||||
TITLE+= Client
|
||||
DEPENDS:=+libfko
|
||||
endef
|
||||
|
||||
define Package/fwknop/description
|
||||
$(call Package/fwknop/Default/description)
|
||||
This package contains the fwknop client.
|
||||
endef
|
||||
|
||||
define Package/libfko
|
||||
$(call Package/fwknop/Default)
|
||||
SECTION:=libs
|
||||
CATEGORY:=Libraries
|
||||
SUBMENU:=Firewall
|
||||
TITLE+= Library
|
||||
endef
|
||||
|
||||
define Package/libfko/description
|
||||
$(call Package/fwknop/Default/description)
|
||||
This package contains the libfko shared library.
|
||||
endef
|
||||
|
||||
CONFIGURE_ARGS += \
|
||||
--disable-client \
|
||||
--without-gpgme \
|
||||
--with-iptables=/usr/sbin/iptables
|
||||
|
||||
define Build/InstallDev
|
||||
$(INSTALL_DIR) $(1)/usr/include
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/include/fko.h $(1)/usr/include/
|
||||
$(INSTALL_DIR) $(1)/usr/lib
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfko.{a,la,so*} $(1)/usr/lib/
|
||||
endef
|
||||
|
||||
define Package/fwknopd/install
|
||||
$(INSTALL_DIR) $(1)/etc/fwknop
|
||||
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/fwknop/{access,fwknopd}.conf \
|
||||
$(1)/etc/fwknop/
|
||||
$(INSTALL_DIR) $(1)/etc/init.d
|
||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/extras/fwknop.init.openwrt \
|
||||
$(1)/etc/init.d/fwknopd
|
||||
$(INSTALL_DIR) $(1)/usr/sbin
|
||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/server/.libs/fwknopd $(1)/usr/sbin/
|
||||
$(INSTALL_DIR) $(1)/usr/lib
|
||||
$(CP) $(PKG_BUILD_DIR)/lib/.libs/libfko.so* $(1)/usr/lib/
|
||||
$(INSTALL_DIR) $(1)/etc/fwknop
|
||||
$(INSTALL_CONF) $(PKG_BUILD_DIR)/server/fwknopd.conf $(1)/etc/fwknop/
|
||||
$(INSTALL_CONF) $(PKG_BUILD_DIR)/server/access.conf $(1)/etc/fwknop/
|
||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/fwknopd $(1)/usr/sbin/
|
||||
endef
|
||||
|
||||
define Package/fwknop/install
|
||||
$(INSTALL_DIR) $(1)/usr/bin
|
||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fwknop $(1)/usr/bin/
|
||||
endef
|
||||
|
||||
define Package/libfko/install
|
||||
$(INSTALL_DIR) $(1)/usr/lib
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfko.so.* $(1)/usr/lib/
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,fwknopd))
|
||||
$(eval $(call BuildPackage,fwknop))
|
||||
$(eval $(call BuildPackage,libfko))
|
||||
|
||||
33
net/fwknop/patches/001-fix_config.patch
Normal file
33
net/fwknop/patches/001-fix_config.patch
Normal file
@ -0,0 +1,33 @@
|
||||
@@ -0,0 +1,32 @@
|
||||
--- a/server/fwknopd.conf
|
||||
+++ b/server/fwknopd.conf
|
||||
@@ -30,7 +30,12 @@
|
||||
# Define the ethernet interface on which we will sniff packets.
|
||||
# Default if not set is eth0.
|
||||
#
|
||||
-#PCAP_INTF eth0;
|
||||
+
|
||||
+# The following line is changed specifically for Openwrt.
|
||||
+# Openwrt defaults to using eth1 as its wan port. If using PPPoE,
|
||||
+# Then this needs to be set to pppoe-wan.
|
||||
+
|
||||
+PCAP_INTF eth1;
|
||||
|
||||
# By default fwknopd does not put the pcap interface into promiscuous mode.
|
||||
# Set this to 'Y' to enable promiscuous sniffing.
|
||||
@@ -239,8 +244,13 @@
|
||||
# The IPT_FORWARD_ACCESS variable is only used if ENABLE_IPT_FORWARDING is
|
||||
# enabled.
|
||||
#
|
||||
-#IPT_FORWARD_ACCESS ACCEPT, filter, FORWARD, 1, FWKNOP_FORWARD, 1;
|
||||
-#IPT_DNAT_ACCESS DNAT, nat, PREROUTING, 1, FWKNOP_PREROUTING, 1;
|
||||
+
|
||||
+# These two lines are changed specifically for Openwrt, due to
|
||||
+# different naming conventions. IPT_FORWARD is still disabled
|
||||
+# by default, and must be enabled earlier in this file to be used.
|
||||
+
|
||||
+IPT_FORWARD_ACCESS ACCEPT, filter, zone_wan_forward, 1, FWKNOP_FORWARD, 1;
|
||||
+IPT_DNAT_ACCESS DNAT, nat, zone_wan_prerouting, 1, FWKNOP_PREROUTING, 1;
|
||||
|
||||
# The IPT_SNAT_ACCESS variable is not used unless both ENABLE_IPT_SNAT and
|
||||
# ENABLE_IPT_FORWARDING are enabled. Also, the external static IP must be
|
||||
Loading…
x
Reference in New Issue
Block a user