kissbac
/
packages
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Add fwknop to packages feed and update to latest version

Jonathan Bennett 10 years ago
parent
f0e44cb3da
commit
fd6a30d07b
3 changed files with 153 additions and 0 deletions
Split View Show Diff Stats
  1. 118
    0
      net/fwknop/Makefile
  2. 18
    0
      net/fwknop/patches/001-fix_config.patch
  3. 17
    0
      net/fwknop/patches/002-fix_init.patch

+ 118
- 0
net/fwknop/Makefile View File 

@@ -0,0 +1,118 @@
1 
+#
2 
+# Copyright (C) 2011-2012 OpenWrt.org
3 
+#
4 
+# This is free software, licensed under the GNU General Public License v2.
5 
+# See /LICENSE for more information.
6 
+#
7 
+
8 
+include $(TOPDIR)/rules.mk
9 
+
10 
+PKG_NAME:=fwknop
11 
+PKG_VERSION:=2.6.2
12 
+PKG_RELEASE:=1
13 
+
14 
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
15 
+PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download
16 
+PKG_MD5SUM:=4c68128297f76ee536a446fcdd496435
17 
+PKG_MAINTAINER:=Jonathan Bennett <JBennett@incomsystems.biz>
18 
+PKG_INSTALL:=1
19 
+
20 
+include $(INCLUDE_DIR)/package.mk
21 
+
22 
+define Package/fwknop/Default
23 
+  TITLE:=FireWall KNock OPerator
24 
+  URL:=http://www.cipherdyne.org/fwknop/
25 
+endef
26 
+
27 
+define Package/fwknop/Default/description
28 
+  Fwknop implements an authorization scheme known as Single Packet Authorization
29 
+  (SPA) for Linux systems running iptables.  This mechanism requires only a
30 
+  single encrypted and non-replayed packet to communicate various pieces of
31 
+  information including desired access through an iptables policy. The main
32 
+  application of this program is to use iptables in a default-drop stance to
33 
+  protect services such as SSH with an additional layer of security in order to
34 
+  make the exploitation of vulnerabilities (both 0-day and unpatched code) much
35 
+  more difficult.
36 
+endef
37 
+
38 
+define Package/fwknopd
39 
+  $(call Package/fwknop/Default)
40 
+  SECTION:=net
41 
+  CATEGORY:=Network
42 
+  SUBMENU:=Firewall
43 
+  TITLE+= Daemon
44 
+  DEPENDS:=+iptables +libfko +libpcap
45 
+endef
46 
+
47 
+define Package/fwknopd/description
48 
+  $(call Package/fwknop/Default/description)
49 
+  This package contains the fwknop daemon.
50 
+endef
51 
+
52 
+define Package/fwknopd/conffiles
53 
+/etc/fwknop/access.conf
54 
+/etc/fwknop/fwknopd.conf
55 
+endef
56 
+
57 
+define Package/fwknop
58 
+  $(call Package/fwknop/Default)
59 
+  SECTION:=net
60 
+  CATEGORY:=Network
61 
+  SUBMENU:=Firewall
62 
+  TITLE+= Client
63 
+  DEPENDS:=+libfko
64 
+endef
65 
+
66 
+define Package/fwknop/description
67 
+  $(call Package/fwknop/Default/description)
68 
+  This package contains the fwknop client.
69 
+endef
70 
+
71 
+define Package/libfko
72 
+  $(call Package/fwknop/Default)
73 
+  SECTION:=libs
74 
+  CATEGORY:=Libraries
75 
+  SUBMENU:=Firewall
76 
+  TITLE+= Library
77 
+endef
78 
+
79 
+define Package/libfko/description
80 
+  $(call Package/fwknop/Default/description)
81 
+  This package contains the libfko shared library.
82 
+endef
83 
+
84 
+CONFIGURE_ARGS += \
85 
+	--without-gpgme \
86 
+	--with-iptables=/usr/sbin/iptables
87 
+
88 
+define Build/InstallDev
89 
+	$(INSTALL_DIR) $(1)/usr/include
90 
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/fko.h $(1)/usr/include/
91 
+	$(INSTALL_DIR) $(1)/usr/lib
92 
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfko.{a,la,so*} $(1)/usr/lib/
93 
+endef
94 
+
95 
+define Package/fwknopd/install
96 
+	$(INSTALL_DIR) $(1)/etc/fwknop
97 
+	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/fwknop/{access,fwknopd}.conf \
98 
+		$(1)/etc/fwknop/
99 
+	$(INSTALL_DIR) $(1)/etc/init.d
100 
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/extras/fwknop.init.openwrt \
101 
+		$(1)/etc/init.d/fwknopd
102 
+	$(INSTALL_DIR) $(1)/usr/sbin
103 
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/fwknopd $(1)/usr/sbin/
104 
+endef
105 
+
106 
+define Package/fwknop/install
107 
+	$(INSTALL_DIR) $(1)/usr/bin
108 
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fwknop $(1)/usr/bin/
109 
+endef
110 
+
111 
+define Package/libfko/install
112 
+	$(INSTALL_DIR) $(1)/usr/lib
113 
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfko.so.* $(1)/usr/lib/
114 
+endef
115 
+
116 
+$(eval $(call BuildPackage,fwknopd))
117 
+$(eval $(call BuildPackage,fwknop))
118 
+$(eval $(call BuildPackage,libfko))

+ 18
- 0
net/fwknop/patches/001-fix_config.patch View File 

@@ -0,0 +1,18 @@
1 
+--- a/server/fwknopd.conf.inst
2 
++++ b/server/fwknopd.conf.inst
3 
+@@ -284,8 +284,13 @@
4 
+ # The IPT_FORWARD_ACCESS variable is only used if ENABLE_IPT_FORWARDING is
5 
+ # enabled.
6 
+ #
7 
+-#IPT_FORWARD_ACCESS      ACCEPT, filter, FORWARD, 1, FWKNOP_FORWARD, 1;
8 
+-#IPT_DNAT_ACCESS         DNAT, nat, PREROUTING, 1, FWKNOP_PREROUTING, 1;
9 
++
10 
++# These two lines are changed specifically for Openwrt, due to
11 
++# different naming conventions. IPT_FORWARD is still disabled
12 
++# by default, and must be enabled earlier in this file to be used.
13 
++
14 
++IPT_FORWARD_ACCESS      ACCEPT, filter, zone_wan_forward, 1, FWKNOP_FORWARD, 1;
15 
++IPT_DNAT_ACCESS         DNAT, nat, zone_wan_prerouting, 1, FWKNOP_PREROUTING, 1;
16 
+
17 
+ # The IPT_SNAT_ACCESS variable is not used unless both ENABLE_IPT_SNAT and
18 
+ # ENABLE_IPT_FORWARDING are enabled.  Also, the external static IP must be

+ 17
- 0
net/fwknop/patches/002-fix_init.patch View File 

@@ -0,0 +1,17 @@
1 
+--- a/extras/openwrt/package/fwknop/files/fwknopd.init
2 
++++ b/extras/openwrt/package/fwknop/files/fwknopd.init
3 
+@@ -11,12 +11,12 @@ FWKNOPD_BIN=/usr/sbin/fwknopd
4 
+
5 
+ start()
6 
+ {
7 
+-	$FWKNOPD_BIN
8 
++	service_start $FWKNOPD_BIN
9 
+ }
10 
+
11 
+ stop()
12 
+ {
13 
+-	$FWKNOPD_BIN -K
14 
++	service_stop $FWKNOPD_BIN -K
15 
+ }
16 
+
17 
+ restart()