bakabtw/packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[packages] fwknop: update to 2.0.0rc4

Browse Source 
* add client package, InstallDev & license
 * fix config defaults & daemon conffiles
 * use PKG_INSTALL
 * cleanup Makefile


git-svn-id: svn://svn.openwrt.org/openwrt/packages@28201 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
swalker 2011-09-09 00:37:04 +00:00
parent e5464cface
commit de63f50258
2 changed files with 121 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
net/fwknop/Makefile
View File

@ -1,60 +1,119 @@
#
# Copyright (C) 2011 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=fwknopd PKG_NAME:=fwknop
PKG_VERSION:=2.0.0rc2 PKG_VERSION:=2.0.0rc4
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/fwknop-$(PKG_VERSION) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE:=fwknop-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download
PKG_MD5SUM:=c78252216fa9627cacf61b453da915a8 PKG_MD5SUM:=4f5d45187429ca56d3b444ab96c57fb6
PKG_CAT:=zcat
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
define Package/fwknop/Default
TITLE:=FireWall KNock OPerator
URL:=http://www.cipherdyne.org/fwknop/
MAINTAINER:=Jonathan Bennett <jbscience87@gmail.com>
endef
define Package/fwknop/Default/description
Fwknop implements an authorization scheme known as Single Packet Authorization
(SPA) for Linux systems running iptables. This mechanism requires only a
single encrypted and non-replayed packet to communicate various pieces of
information including desired access through an iptables policy. The main
application of this program is to use iptables in a default-drop stance to
protect services such as SSH with an additional layer of security in order to
make the exploitation of vulnerabilities (both 0-day and unpatched code) much
more difficult.
endef
define Package/fwknopd define Package/fwknopd
$(call Package/fwknop/Default)
SECTION:=net SECTION:=net
CATEGORY:=Network CATEGORY:=Network
TITLE:=Firewall Knock Operator Daemon SUBMENU:=Firewall
URL:=http://http://www.cipherdyne.org/fwknop/ TITLE+= Daemon
MAINTAINER:=Jonathan Bennett <jbscience87@gmail.com> DEPENDS:=+iptables +libfko +libpcap
DEPENDS:=+libpcap +libgdbm +iptables
endef endef
define Package/fwknopd/description define Package/fwknopd/description
Firewall Knock Operator Daemon $(call Package/fwknop/Default/description)
Fwknop implements an authorization scheme known as Single Packet This package contains the fwknop daemon.
Authorization (SPA) for Linux systems running iptables. This
mechanism requires only a single encrypted and non-replayed
packet to communicate various pieces of information including
desired access through an iptables policy. The main application
of this program is to use iptables in a default-drop stance to
protect services such as SSH with an additional layer
of security in order to make the exploitation of vulnerabilities
(both 0-day and unpatched code) much more difficult.
endef endef
define Package/conffiles define Package/fwknopd/conffiles
/etc/fwknop/fwknopd.conf
/etc/fwknop/access.conf /etc/fwknop/access.conf
/etc/fwknop/fwknopd.conf
endef
define Package/fwknop
$(call Package/fwknop/Default)
SECTION:=net
CATEGORY:=Network
SUBMENU:=Firewall
TITLE+= Client
DEPENDS:=+libfko
endef
define Package/fwknop/description
$(call Package/fwknop/Default/description)
This package contains the fwknop client.
endef
define Package/libfko
$(call Package/fwknop/Default)
SECTION:=libs
CATEGORY:=Libraries
SUBMENU:=Firewall
TITLE+= Library
endef
define Package/libfko/description
$(call Package/fwknop/Default/description)
This package contains the libfko shared library.
endef endef
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \
--disable-client \
--without-gpgme \ --without-gpgme \
--with-iptables=/usr/sbin/iptables --with-iptables=/usr/sbin/iptables
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/fko.h $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfko.{a,la,so*} $(1)/usr/lib/
endef
define Package/fwknopd/install define Package/fwknopd/install
$(INSTALL_DIR) $(1)/etc/fwknop
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/fwknop/{access,fwknopd}.conf \
$(1)/etc/fwknop/
$(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) $(PKG_BUILD_DIR)/extras/fwknop.init.openwrt \ $(INSTALL_BIN) $(PKG_BUILD_DIR)/extras/fwknop.init.openwrt \
$(1)/etc/init.d/fwknopd $(1)/etc/init.d/fwknopd
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/server/.libs/fwknopd $(1)/usr/sbin/ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/fwknopd $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/lib endef
$(CP) $(PKG_BUILD_DIR)/lib/.libs/libfko.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/etc/fwknop
$(INSTALL_CONF) $(PKG_BUILD_DIR)/server/fwknopd.conf $(1)/etc/fwknop/
$(INSTALL_CONF) $(PKG_BUILD_DIR)/server/access.conf $(1)/etc/fwknop/
define Package/fwknop/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fwknop $(1)/usr/bin/
endef
define Package/libfko/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfko.so.* $(1)/usr/lib/
endef endef
$(eval $(call BuildPackage,fwknopd)) $(eval $(call BuildPackage,fwknopd))
$(eval $(call BuildPackage,fwknop))
$(eval $(call BuildPackage,libfko))

33
net/fwknop/patches/001-fix_config.patch Normal file
View File

@ -0,0 +1,33 @@
@@ -0,0 +1,32 @@
--- a/server/fwknopd.conf
+++ b/server/fwknopd.conf
@@ -30,7 +30,12 @@
# Define the ethernet interface on which we will sniff packets.
# Default if not set is eth0.
#
-#PCAP_INTF eth0;
+
+# The following line is changed specifically for Openwrt.
+# Openwrt defaults to using eth1 as its wan port. If using PPPoE,
+# Then this needs to be set to pppoe-wan.
+
+PCAP_INTF eth1;
# By default fwknopd does not put the pcap interface into promiscuous mode.
# Set this to 'Y' to enable promiscuous sniffing.
@@ -239,8 +244,13 @@
# The IPT_FORWARD_ACCESS variable is only used if ENABLE_IPT_FORWARDING is
# enabled.
#
-#IPT_FORWARD_ACCESS ACCEPT, filter, FORWARD, 1, FWKNOP_FORWARD, 1;
-#IPT_DNAT_ACCESS DNAT, nat, PREROUTING, 1, FWKNOP_PREROUTING, 1;
+
+# These two lines are changed specifically for Openwrt, due to
+# different naming conventions. IPT_FORWARD is still disabled
+# by default, and must be enabled earlier in this file to be used.
+
+IPT_FORWARD_ACCESS ACCEPT, filter, zone_wan_forward, 1, FWKNOP_FORWARD, 1;
+IPT_DNAT_ACCESS DNAT, nat, zone_wan_prerouting, 1, FWKNOP_PREROUTING, 1;
# The IPT_SNAT_ACCESS variable is not used unless both ENABLE_IPT_SNAT and
# ENABLE_IPT_FORWARDING are enabled. Also, the external static IP must be