head	1.9;
access;
symbols
	RELEASE_8_3_0:1.4
	RELEASE_9_0_0:1.3
	RELEASE_7_4_0:1.3
	RELEASE_8_2_0:1.3
	RELEASE_6_EOL:1.2
	RELEASE_8_1_0:1.2
	RELEASE_7_3_0:1.2
	RELEASE_8_0_0:1.2
	RELEASE_7_2_0:1.2
	RELEASE_7_1_0:1.2
	RELEASE_6_4_0:1.2;
locks; strict;
comment	@# @;


1.9
date	2013.03.01.17.42.53;	author svnexp;	state Exp;
branches;
next	1.8;

1.8
date	2012.11.28.00.11.25;	author svnexp;	state Exp;
branches;
next	1.7;

1.7
date	2012.11.17.06.01.04;	author svnexp;	state Exp;
branches;
next	1.6;

1.6
date	2012.07.25.11.24.09;	author cs;	state Exp;
branches;
next	1.5;

1.5
date	2012.06.30.12.36.10;	author az;	state Exp;
branches;
next	1.4;

1.4
date	2012.01.21.17.37.08;	author eadler;	state Exp;
branches;
next	1.3;

1.3
date	2010.12.16.02.34.01;	author glarkin;	state Exp;
branches;
next	1.2;

1.2
date	2008.06.13.11.20.13;	author edwin;	state Exp;
branches;
next	1.1;

1.1
date	2008.06.13.03.43.50;	author edwin;	state Exp;
branches;
next	;


desc
@@


1.9
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/313158
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@# Created by: Sean Greven <sean.greven@@gmail.com>
# $FreeBSD: head/security/fwknop/Makefile 313158 2013-03-01 17:19:32Z pawel $

PORTNAME=	fwknop
PORTVERSION=	2.0.4
CATEGORIES=	security
MASTER_SITES=	http://www.cipherdyne.org/fwknop/download/

MAINTAINER=	sean.greven@@gmail.com
COMMENT=	SPA implementation for Linux and FreeBSD

OPTIONS_DEFINE=		GPGME
OPTIONS_DEFAULT=	GPGME
GPGME_DESC=	Build support for gpgme
MAN8=		fwknop.8 fwknopd.8
INFO=		libfko
MANCOMPRESSED=	no
GNU_CONFIGURE=	yes
USE_RC_SUBR=	fwknopd
USE_LDCONFIG=	yes

.include <bsd.port.options.mk>

.if ${PORT_OPTIONS:MGPGME}
LIB_DEPENDS+=	gpgme:${PORTSDIR}/security/gpgme
.else
CONFIGURE_ARGS+=--without-gpgme
.endif

.include <bsd.port.mk>
@


1.8
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 307863
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r307863 | rakuco | 2012-11-27 21:41:29 +0000 (Tue, 27 Nov 2012) | 11 lines
## SVN ##
## SVN ## Update to 2.0.3.
## SVN ##
## SVN ## This new version includes a migration from Perl to C and support for
## SVN ## ipfw and pf.
## SVN ##
## SVN ## While here, trim the Makefile headers.
## SVN ##
## SVN ## PR:		ports/171951
## SVN ## Submitted by:	Sean Greven <sean.greven@@gmail.com> (maintainer)
## SVN ## Feature safe:	yes
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d2 1
a2 1
# $FreeBSD: head/security/fwknop/Makefile 307863 2012-11-27 21:41:29Z rakuco $
d5 1
a5 1
PORTVERSION=	2.0.3
d25 3
a27 1
BUILD_DEPENDS+=	gpgme:${PORTSDIR}/security/gpgme
@


1.7
log
@Switch exporter over
@
text
@d1 2
a2 7
# New ports collection makefile for:	fwknop
#
# Date created:				23 Nov 2007
# Whom:					Sean Greven<sean.greven@@gmail.com>
#
# $FreeBSD: head/security/fwknop/Makefile 301519 2012-07-25 11:24:09Z cs $
#
d5 1
a5 2
PORTVERSION=	1.8.3
PORTREVISION=	2
d12 15
a26 42
BUILD_DEPENDS=	p5-Net-IPv4Addr>=0:${PORTSDIR}/net-mgmt/p5-Net-IPv4Addr \
		p5-Unix-Syslog>=0:${PORTSDIR}/sysutils/p5-Unix-Syslog \
		p5-Term-ReadKey>=0:${PORTSDIR}/devel/p5-Term-ReadKey \
		p5-Net-Pcap>=0:${PORTSDIR}/net/p5-Net-Pcap \
		p5-List-MoreUtils>=0:${PORTSDIR}/lang/p5-List-MoreUtils \
		p5-Crypt-Rijndael>=0:${PORTSDIR}/security/p5-Crypt-Rijndael \
		p5-Class-MethodMaker>=0:${PORTSDIR}/devel/p5-Class-MethodMaker \
		p5-Net-RawIP>=0:${PORTSDIR}/net/p5-Net-RawIP \
		p5-GnuPG-Interface>=0:${PORTSDIR}/security/p5-GnuPG-Interface \
		p5-Crypt-CBC>=0:${PORTSDIR}/security/p5-Crypt-CBC \
		p5-NetPacket>=0:${PORTSDIR}/net/p5-NetPacket \
		p5-Net-Ping-External>=0:${PORTSDIR}/net/p5-Net-Ping-External
RUN_DEPENDS:=	${BUILD_DEPENDS}

MAN8=		fwknop.8 fwknopd.8 knopmd.8 knopwatchd.8
MANCOMPRESSED=	yes

NO_BUILD=	yes
IS_INTERACTIVE=	yes
USE_PERL5_BUILD=yes

post-patch:
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/access.conf
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop.8
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop.conf
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop_serv
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknopd
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknopd.8
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/install.pl
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.8
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.c
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.conf
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopspoof
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knoptm
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopwatchd.8
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopwatchd.c
	@@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/init-scripts/fwknop-init.freebsd

do-install:
	cd ${WRKSRC} && ./install.pl
	@@${ECHO_MSG} "Configuration files in ${LOCALBASE}/etc/fwknop";
@


1.6
log
@SVN rev 301519 on 2012-07-25 11:24:09Z by cs

Fix typos in COMMENT
@
text
@d6 1
a6 1
# $FreeBSD$
@


1.5
log
@- Remove SITE_PERL from *_DEPENDS

Approved by: portmgr@@ (bapt@@)
@
text
@d16 1
a16 1
COMMENT=	An SPA implimentation for Linux and FreeBSD
@


1.4
log
@At the moment 1385 ports use BUILD_DEPENDS= ${RUN_DEPENDS} and 450
ports use BUILD_DEPENDS:= ${RUN_DEPENDS}. This patch fixes ports that are
currently broken. This is a temporary measure until we organically stop using
:= or someone(s) spend a lot of time changing all the ports over.

Explicit duplication > := > = and this just moves ports one step to the left

Approved by:	portmgr
@
text
@d18 12
a29 12
BUILD_DEPENDS=	${SITE_PERL}/Net/IPv4Addr.pm:${PORTSDIR}/net-mgmt/p5-Net-IPv4Addr \
		${SITE_PERL}/${PERL_ARCH}/Unix/Syslog.pm:${PORTSDIR}/sysutils/p5-Unix-Syslog \
		${SITE_PERL}/${PERL_ARCH}/Term/ReadKey.pm:${PORTSDIR}/devel/p5-Term-ReadKey \
		${SITE_PERL}/${PERL_ARCH}/Net/Pcap.pm:${PORTSDIR}/net/p5-Net-Pcap \
		${SITE_PERL}/${PERL_ARCH}/List/MoreUtils.pm:${PORTSDIR}/lang/p5-List-MoreUtils \
		${SITE_PERL}/${PERL_ARCH}/Crypt/Rijndael.pm:${PORTSDIR}/security/p5-Crypt-Rijndael \
		${SITE_PERL}/${PERL_ARCH}/Class/MethodMaker.pm:${PORTSDIR}/devel/p5-Class-MethodMaker \
		${SITE_PERL}/${PERL_ARCH}/Net/RawIP.pm:${PORTSDIR}/net/p5-Net-RawIP \
		${SITE_PERL}/GnuPG/Key.pm:${PORTSDIR}/security/p5-GnuPG-Interface \
		${SITE_PERL}/Crypt/CBC.pm:${PORTSDIR}/security/p5-Crypt-CBC \
		${SITE_PERL}/NetPacket.pm:${PORTSDIR}/net/p5-NetPacket \
		${SITE_PERL}/Net/Ping/External.pm:${PORTSDIR}/net/p5-Net-Ping-External
@


1.3
log
@- Chase security/libksba shlib version bump

Requested by:	kwm
Pointyhat to:	glarkin
@
text
@d30 1
a30 1
RUN_DEPENDS=	${BUILD_DEPENDS}
@


1.2
log
@Temporary fix "building" by setting IS_INTERACTIVE
@
text
@d11 1
a11 1
PORTREVISION=	1
@


1.1
log
@New port: security/fwknop fwknop,"FireWall KNock OPerator", implements
Single Packet Authorization (SPA).

	fwknop stands for the "FireWall KNock OPerator", and
	implements an authorization scheme called Single Packet
	Authorization (SPA). This method of authorization is based
	around a default-drop packet filter (fwknop supports both
	iptables on Linux systems and ipfw on FreeBSD and Mac OS X
	systems) and libpcap.

	SPA requires only a single encrypted packet in order to
	communicate various pieces of information including desired
	access through an iptables policy and/or complete commands
	to execute on the target system. By using iptables to
	maintain a "default drop" stance, the main application of
	this program is to protect services such as OpenSSH with
	an additional layer of security in order to make the
	exploitation of vulnerabilities (both 0-day and unpatched
	code) much more difficult. With fwknop deployed, anyone
	using nmap to look for sshd can't even tell that it is
	listening; it makes no difference if they have a 0-day
	exploit or not. The authorization server passively monitors
	authorization packets via libcap and hence there is no
	"server" to which to connect in the traditional sense.
	Access to a protected service is only granted after a valid
	encrypted and non-replayed packet is monitored from an
	fwknop client (see the following network diagram; the SSH
	session can only take place after the SPA packet is monitored):

PR:		ports/118229
Submitted by:	Sean Greven <sean.greven@@gmail.com>
@
text
@d11 1
d36 1
@

