Damien, I have put together the patch that adds fwknopd to openwrt. It may need a few tweaks, but I'm volunteering to keep the openwrt version up to date.
I've sent it on to the openwrt guys. Hopefully it will get added soon-ish. I have a bit more testing to do before I'm totally satisfied, but it is running on my router right now. I've opted to just compile the server half of the program, and not include the gpg authentication in this first version. I'd like to go back and try to add gpg as an option in the openwrt build. (and add the client as a separate package) Feel free to add any comments. ~Jonathan Bennett Just in case you want it, here's the patch Index: net/fwknop/Makefile =================================================================== --- net/fwknop/Makefile (revision 0) +++ net/fwknop/Makefile (revision 0) @@ -0,0 +1,61 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=fwknopd +PKG_VERSION:=2.0.0rc2 +PKG_RELEASE:=1 + +PKG_BUILD_DIR:=$(BUILD_DIR)/fwknop-$(PKG_VERSION) +PKG_SOURCE:=fwknop-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download +PKG_MD5SUM:=c78252216fa9627cacf61b453da915a8 +PKG_CAT:=zcat +include $(INCLUDE_DIR)/package.mk + +define Package/fwknopd + SECTION:=net + CATEGORY:=Network + DEFAULT:=n + TITLE:=Firewall Knock Operator Daemon + URL:=http://http://www.cipherdyne.org/fwknop/ + MAINTAINER:=Jonathan Bennett <[email protected]> + DEPENDS:=+libpcap +libgdbm +iptables +endef + +define Package/fwknopd/description + Firewall Knock Operator Daemon + Fwknop implements an authorization scheme known as Single Packet + Authorization (SPA) for Linux systems running iptables. This mechanism + requires only a single encrypted and non-replayed packet to communicate + various pieces of information including desired access through an iptables + policy. The main application of this program is to use iptables in a + default-drop stance to protect services such as SSH with an additional + layer of security in order to make the exploitation of vulnerabilities + (both 0-day and unpatched code) much more difficult. +endef + +define Package/Conffiles + fwknopd.conf +endef + +CONFIGURE_ARGS += \ + --disable-client \ + --without-gpgme \ + --with-iptables=/usr/sbin/iptables + + + +define Package/fwknopd/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_DIR) $(1)/etc/fwknop + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DIR) $(1)/usr/lib + $(INSTALL_BIN) $(PKG_BUILD_DIR)/extras/fwknop.init.openwrt $(1)/etc/init.d/fwknopd + $(INSTALL_BIN) $(PKG_BUILD_DIR)/server/.libs/fwknopd $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/lib/.libs/libfko.so.0.0.2 $(1)/usr/lib/libfko.so.0 + $(INSTALL_BIN) $(PKG_BUILD_DIR)/lib/.libs/libfko.so.0.0.2 $(1)/usr/lib/libfko.so.0.0.2 + $(INSTALL_CONF) $(PKG_BUILD_DIR)/server/fwknopd.conf $(1)/etc/fwknop/ + $(INSTALL_CONF) $(PKG_BUILD_DIR)/server/access.conf $(1)/etc/fwknop/ + +endef + +$(eval $(call BuildPackage,fwknopd)) ------------------------------------------------------------------------------ 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
