head	1.21;
access;
symbols
	RELEASE_6_0_0:1.20
	RELEASE_5_4_0:1.20
	RELEASE_4_11_0:1.20
	RELEASE_5_3_0:1.20
	RELEASE_4_10_0:1.20
	RELEASE_5_2_1:1.16
	RELEASE_5_2_0:1.16
	RELEASE_4_9_0:1.10;
locks; strict;
comment	@# @;


1.21
date	2005.09.14.23.14.39;	author pav;	state dead;
branches;
next	1.20;

1.20
date	2004.03.14.11.46.59;	author obraun;	state Exp;
branches;
next	1.19;

1.19
date	2004.03.08.23.57.56;	author obraun;	state Exp;
branches;
next	1.18;

1.18
date	2004.01.29.15.15.57;	author clement;	state Exp;
branches;
next	1.17;

1.17
date	2004.01.13.20.41.18;	author pav;	state Exp;
branches;
next	1.16;

1.16
date	2003.11.25.14.08.02;	author bms;	state Exp;
branches;
next	1.15;

1.15
date	2003.11.19.14.31.36;	author bms;	state Exp;
branches;
next	1.14;

1.14
date	2003.11.09.16.00.17;	author jeh;	state Exp;
branches;
next	1.13;

1.13
date	2003.10.10.07.26.28;	author krion;	state Exp;
branches;
next	1.12;

1.12
date	2003.10.02.20.58.23;	author osa;	state Exp;
branches;
next	1.11;

1.11
date	2003.09.28.13.27.06;	author edwin;	state Exp;
branches;
next	1.10;

1.10
date	2003.08.29.03.14.03;	author edwin;	state Exp;
branches;
next	1.9;

1.9
date	2003.07.18.01.51.24;	author foxfair;	state Exp;
branches;
next	1.8;

1.8
date	2003.07.04.01.28.53;	author foxfair;	state Exp;
branches;
next	1.7;

1.7
date	2003.07.03.00.40.20;	author foxfair;	state Exp;
branches;
next	1.6;

1.6
date	2003.06.26.18.04.43;	author foxfair;	state Exp;
branches;
next	1.5;

1.5
date	2003.06.26.16.20.12;	author foxfair;	state Exp;
branches;
next	1.4;

1.4
date	2003.06.18.04.46.34;	author foxfair;	state Exp;
branches;
next	1.3;

1.3
date	2003.06.16.03.14.27;	author foxfair;	state Exp;
branches;
next	1.2;

1.2
date	2003.06.14.01.24.49;	author foxfair;	state Exp;
branches;
next	1.1;

1.1
date	2003.06.13.01.09.29;	author foxfair;	state Exp;
branches;
next	;


desc
@@


1.21
log
@- Remove security/pf and security/authpf ports. They were only useful on
  FreeBSD 5.0 - 5.2.1.

Requested by:	mlaier (maintainer) via linimon
@
text
@# New ports collection makefile for:	pf_freebsd
# Date created:		08 May 2003
# Whom:			Max Laier <max@@love2party.net>
#
# $FreeBSD: ports/security/pf/Makefile,v 1.20 2004/03/14 11:46:59 obraun Exp $
#

PORTNAME=	pf_freebsd
PORTVERSION=	2.03
CATEGORIES=	security ipv6
MASTER_SITES=	http://pf4freebsd.love2party.net/
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
PKGNAMESUFFIX=	-altq
.endif
DISTNAME=	${PORTNAME}_${PORTVERSION}

MAINTAINER=	mlaier@@freebsd.org
COMMENT=	OpenBSD pf as a kldmodule

.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
IS_INTERACTIVE= yes
.endif

STARTUP_SCRIPT= ${PREFIX}/etc/rc.d/pf.sh.sample
SAMPLE_CONFIG=  ${PREFIX}/etc/pf.conf.default
SAMPLE_PFOS=	${PREFIX}/etc/pf.os

MAN1=		pftcpdump.1
MAN4=		pf.4 pflog.4 pfsync.4
MAN5=		pf.conf.5 pf.os.5
MAN8=		ftp-proxy.8 pfctl.8 pflogd.8

MANCOMPRESSED=	maybe

KMODDIR?=	${PREFIX}/modules
MAKE_ARGS=	KMODDIR="${KMODDIR}" MANDIR="${PREFIX}/man/man"

SRC_BASE?=	/usr/src
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
SYS_ALTQ?=	${SRC_BASE}/sys.altq
MAKE_ARGS+=	WITH_ALTQ="yes" SYS_ALTQ="${SYS_ALTQ}"
PLIST_SUB+=	WITH_ALTQ=""
.else
PLIST_SUB+=	WITH_ALTQ="@@comment "
.endif

.include <bsd.port.pre.mk>

.if ${OSVERSION} < 500000
IGNORE=		"Only for 5.0 and above"
.endif

.if ${OSVERSION} > 502105
IGNORE=		"pf moved to the base system, please build it from there"
.endif

.if !exists(${SRC_BASE}/sys/Makefile) && \
    (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile))
IGNORE=		"Kernel source files required"
.endif

.if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes")
pre-fetch:
	@@${ECHO_MSG} "======================================================="
	@@${ECHO_MSG} "* If you have ALTQ support from:                      *"
	@@${ECHO_MSG} "*   http://www.nipsi.de/altq/index.html          or   *"
	@@${ECHO_MSG} "*   http://www.rofug.ro/projects/freebsd-altq/        *"
	@@${ECHO_MSG} "* You can define WITH_ALTQ=yes to make use of it      *"
	@@${ECHO_MSG} "* Please define SYS_ALTQ to point to the patched src  *"
	@@${ECHO_MSG} "*                                                     *"
	@@${ECHO_MSG} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *"
	@@${ECHO_MSG} "*                                                     *"
	@@${ECHO_MSG} "======================================================="
	@@sleep 2
.endif

post-patch:
	@@${CP} ${WRKSRC}/pfctl/pfctl_parser.h \
		${WRKSRC}/pfctl/pfctl_parser.h.orig
	@@${SED} -e 's!%%PREFIX%%!${PREFIX}!' 		\
		${WRKSRC}/pfctl/pfctl_parser.h.orig > 	\
		${WRKSRC}/pfctl/pfctl_parser.h
pre-su-install:
	${MKDIR} ${KMODDIR}
	${MKDIR} ${PREFIX}/include/pf
	${MKDIR} ${PREFIX}/include/pf/net
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
	${MKDIR} ${PREFIX}/include/pf/altq
.endif
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
	@@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
.endif

post-install:
	${ECHO_MSG} "Installing include files ..."
	${INSTALL_DATA} ${WRKSRC}/include/net/pfvar.h 			\
		${PREFIX}/include/pf/net
	${INSTALL_DATA} ${WRKSRC}/include/net/if_pflog.h 		\
		${PREFIX}/include/pf/net
	${INSTALL_DATA} ${WRKSRC}/include/net/if_pfsync.h 		\
		${PREFIX}/include/pf/net
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
	${INSTALL_DATA} ${WRKSRC}/include/altq/*.h			\
		${PREFIX}/include/pf/altq
.endif
	@@if [ -f ${WRKSRC}/man/pf.4.gz ]; then				\
		${ECHO_MSG} "Installing pftcpdump(1) man page.";	\
		${GZIP_CMD} -cn ${WRKSRC}/freebsd_tcpdump/tcpdump.1 >	\
			 ${WRKSRC}/freebsd_tcpdump/tcpdump.1.gz ;	\
		${INSTALL_MAN} ${WRKSRC}/freebsd_tcpdump/tcpdump.1.gz	\
			${PREFIX}/man/man1/pftcpdump.1.gz ;		\
	else								\
		${ECHO_MSG} "Installing pftcpdump(1) man page.";	\
		${INSTALL_MAN} ${WRKSRC}/freebsd_tcpdump/tcpdump.1	\
			${PREFIX}/man/man1/pftcpdump.1 ;		\
	fi
	@@if [ ! -f ${STARTUP_SCRIPT} ]; then				\
		${ECHO_MSG} "Installing ${STARTUP_SCRIPT} startup file." ; \
		${INSTALL_SCRIPT} ${FILESDIR}/pf.sh.sample		\
			${STARTUP_SCRIPT} ;				\
	fi
	@@if [ ! -f ${SAMPLE_CONFIG} ]; then				\
		${ECHO_MSG} "Installing ${SAMPLE_CONFIG} config file." ; \
		${INSTALL_DATA} ${FILESDIR}/pf.conf.default		\
			${SAMPLE_CONFIG};				\
	fi
	@@if [ ! -f ${SAMPLE_PFOS} ]; then				\
		${ECHO_MSG} "Installing ${SAMPLE_PFOS} config file.";	\
		${INSTALL_DATA} ${FILESDIR}/pf.os.default		\
			${SAMPLE_PFOS};					\
	fi
	${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PKGMESSAGE}

.include <bsd.port.post.mk>
@


1.20
log
@Change maintainer address to maintainers @@freebsd.org address.

Submitted by:	maintainer
@
text
@d5 1
a5 1
# $FreeBSD$
@


1.19
log
@pf has been included in the base system, since OSVERSION > 502105.

PR:		ports/63949
Submitted by:	maintainer
@
text
@d17 1
a17 1
MAINTAINER=	max@@love2party.net
@


1.18
log
@Update to 2.0.3

Submitted by:	max@@love2party.net (maintainer)
@
text
@d53 4
@


1.17
log
@- Update to 2.02
  * Fix severe byte order related problem with "route-to" rules
    (much help from Joris Vandalon with testing here)
  * Make tcpdump's -w flag work for if_pfsync
  * Fix byte order and drop lock for icmp_error() calls.
    (note that it is necessary to allow icmp_error messages - from
    "block-policy return" - as FreeBSD does not know about pf's
    special tags, yet).

- update ALTQ-message to point to the new 5.2R-patchset from rofug.ro
  as well

PR:		ports/61318
Submitted by:	Max Laier <max@@love2party.net> (maintainer)
@
text
@d9 1
a9 1
PORTVERSION=	2.02
@


1.16
log
@Supersedes ports/59442 and previous hasty-fix, and fixes the following:
 - Build with __FreeBSD_version > 501114 (see bms commit)
 - Build with new route.h (no RTF_PRCLONING)
 - Don't use hardware assistance on framentation when DF is set.
 - Allow pftcpdump -w to be used with pfsync.

Found-by:	bento / Pyun YongHyeon
Submitted by:	Max Laier
PR:		ports/59548
@
text
@d9 1
a9 2
PORTVERSION=	2.00
PORTREVISION=	1
d62 3
a64 2
	@@${ECHO_MSG} "*   http://www.nipsi.de/altq/index.html               *"
	@@${ECHO_MSG} "* You can may define WITH_ALTQ=yes to make use of it  *"
@


1.15
log
@Fix pf for ${OSVERSION} >= 501114, i.e. the 5.2 freeze point, when andre@@'s
tcp hostcache changes took place.
@
text
@d10 1
a51 4
.endif

.if ${OSVERSION} >= 501114
EXTRA_PATCHES+=	${PATCHDIR}/extra-patch-pf::pf.c
@


1.14
log
@Bump port version to 2.00:
 - Build again with FreeBSD_version > 501113 (if_xname)
 - Fix some byte order problems with route-to rules
 - Stable release

PR:		589037
Submitted By:	MAINTAINER
@
text
@d53 4
@


1.13
log
@- Add patch to fix a build problem with NOINET6 defined.
- Bump PORTREVISION

PR:		57812
Submitted by:	maintainer
@
text
@d9 1
a9 2
PORTVERSION=	1.66
PORTREVISION=	1
@


1.12
log
@Update to 1.66

PR:		ports/57452
Submitted by	Max Laier <max@@love2party.net> (maintainer)
@
text
@d10 1
@


1.11
log
@Update port: security/pf - OpenBSD 3.4 pf

	Port update after API change in PFIL_HOOKS in -current and
	OpenBSD 3.4 Release.

PR:		 ports/57305
Submitted by:	Max Laier <max@@love2party.net>
@
text
@d9 1
a9 1
PORTVERSION=	1.65
@


1.10
log
@FIXUP for possible remote DoS w/ scrub rules
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c?sortby=date

PR:		-
Submitted by:	mlaier@@#bsdcode
Obtained from:	OpenBSD-Current
@
text
@d9 1
a9 2
PORTVERSION=	1.0
PORTREVISION=	7
d26 1
d30 2
a31 2
MAN5=		pf.conf.5
MAN8=		ftp-proxy.8 pfctl.8 pflogd.8 pftop.8
d60 9
a68 9
	@@${ECHO_CMD} "======================================================="
	@@${ECHO_CMD} "* If you have ALTQ support from:                      *"
	@@${ECHO_CMD} "*   http://www.rofug.ro/projects/freebsd-altq/        *"
	@@${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it  *"
	@@${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src  *"
	@@${ECHO_CMD} "*                                                     *"
	@@${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=${SRC_BASE}/sys.altq *"
	@@${ECHO_CMD} "*                                                     *"
	@@${ECHO_CMD} "======================================================="
d72 7
a78 1
pre-install:
d82 3
d90 1
a90 1
	${ECHO} "Installing include files ..."
d92 1
a92 1
	${PREFIX}/include/pf/net
d94 1
a94 1
	${PREFIX}/include/pf/net
d96 5
a100 1
	${PREFIX}/include/pf/net
d102 1
a102 1
		${ECHO} "Installing pftcpdump(1) man page.";		\
d106 1
a106 1
		${PREFIX}/man/man1/pftcpdump.1.gz ;			\
d108 1
a108 1
		${ECHO} "Installing pftcpdump(1) man page.";		\
d110 1
a110 1
		${PREFIX}/man/man1/pftcpdump.1 ;			\
d113 1
a113 1
		${ECHO} "Installing ${STARTUP_SCRIPT} startup file." ;	\
d115 1
a115 1
		${STARTUP_SCRIPT} ;					\
d118 1
a118 1
		${ECHO} "Installing ${SAMPLE_CONFIG} config file." ;	\
d120 6
a125 1
		${SAMPLE_CONFIG};					\
@


1.9
log
@PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
Add a patch to fix a u_int_16 overflow after new merged gcc.

Submitted by:		Pyun YongHyeon <yongari@@kt-is.co.kr>
Reviewed by:		maintainer
tested ok by:		all current platforms
@
text
@d10 1
a10 1
PORTREVISION=	6
@


1.8
log
@PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
Add a critical patch to fix a problem with normalization, which does not
cause problems in normal operation but might lead to a pagefault => crash.

Submitted by:	Pyun YongHyeon <yongari@@kt-is.co.kr>
Approved by:	maintainer
@
text
@d10 1
a10 1
PORTREVISION=	5
@


1.7
log
@PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
Fix 'make index' warning.

Pointed out by: parv_fm@@emailgroups.net
@
text
@d10 1
a10 1
PORTREVISION=	4
@


1.6
log
@Use a better comment in system passwd file when we create the user 'proxy'
at first time. No necessary to bump PRTREVISION so only force commit in
Makefile.
@
text
@d54 1
a54 1
    (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile)
@


1.5
log
@Approved by:	maintainer
Reformat pkg-install & pkg-message, and add 64-bit platform fix.
Note: pf now register its user as proxy:proxy which uid/gid is 62:62.
@
text
@@


1.4
log
@PR:
Submitted by:	maintainer
Reviewed by:
Approved by:
Obtained from:
MFC after:
Add two patches to solve the following problems:

patch-ab
 - resolves a problem with a mbuf-tag in 5.1
 - Submitted by: Pyun YongHyeon <yongari@@kt-is.co.kr>

patch-ac
 - pulls in two critical fixes from OpenBSD patch branch
 - Obtained from: OpenBSD

Change BROKEN to IGNORE tag in Makefile, suggested by: kris@@
&& bump PORTREVISION.
@
text
@d10 1
a10 1
PORTREVISION=	3
@


1.3
log
@Submitted by:	maintainer
Obtained from:	Andrzej Tobola <san@@iem.pw.edu.pl>
Fix build if NOINET6 is defined, and bump PORTREVISION to aware this.
@
text
@d10 1
a10 1
PORTREVISION=	2
d50 1
a50 1
BROKEN=	"Only for 5.0 and above"
d55 1
a55 1
BROKEN=	"Kernel source files required"
@


1.2
log
@Submitted by:	Kjell <la3sg@@frisurf.no>
Reviewed by:	maintainer
Correct wording in pkg-message to avoid a possible copy & paste
problem, and bump PORTREVISION.
@
text
@d10 1
a10 1
PORTREVISION=	1
@


1.1
log
@Add pf 1.0, OpenBSD's pf (packetfilter) as in OpenBSD 3.3 as a loadable
kernel module.

PR:		52121
Submitted by:	Max Laier <max@@love2party.net>
@
text
@d10 1
@

