[NEW] net/pftbld

Wed, 16 Sep 2020 04:43:47 -0700 

Any comments/OKs/commits are welcome.


Index: infrastructure/db/user.list
===================================================================
RCS file: /cvs/ports/infrastructure/db/user.list,v
retrieving revision 1.375
diff -u -p -u -p -r1.375 user.list
--- infrastructure/db/user.list 12 Sep 2020 15:33:51 -0000      1.375
+++ infrastructure/db/user.list 16 Sep 2020 11:07:04 -0000
@@ -368,3 +368,4 @@ id  user            group           port
 857 _web2ldap          _web2ldap       sysutils/web2ldap
 858 _purritobin                _purritobin     www/purritobin
 859 _miniflux          _miniflux       net/miniflux
+860 _pftbld            _pftbld         net/pftbld
Index: net/Makefile
===================================================================
RCS file: /cvs/ports/net/Makefile,v
retrieving revision 1.1222
diff -u -p -u -p -r1.1222 Makefile
--- net/Makefile        12 Sep 2020 15:33:31 -0000      1.1222
+++ net/Makefile        16 Sep 2020 11:07:04 -0000
@@ -513,6 +513,7 @@
      SUBDIR += pear-Services-oEmbed
      SUBDIR += pen
      SUBDIR += pfstat
+     SUBDIR += pftbld
      SUBDIR += php-weathermap
      SUBDIR += pidgin
      SUBDIR += pidgin,gtkspell
Index: net/pftbld/Makefile
===================================================================
RCS file: net/pftbld/Makefile
diff -N net/pftbld/Makefile
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ net/pftbld/Makefile 16 Sep 2020 11:07:04 -0000
@@ -0,0 +1,27 @@
+# $OpenBSD$
+
+COMMENT =              automate pf(4) table content management
+
+VERSION =              0.1.0
+DISTNAME =             pftbld-${VERSION}
+CATEGORIES =           net
+MAINTAINER =           Matthias Pressfreund <pft...@mpfr.net>
+
+HOMEPAGE =             https://github.com/mpfr/pftbld/
+
+PERMIT_PACKAGE =       Yes
+
+MASTER_SITES =         https://mpfr.net/downloads/ \
+                       ${HOMEPAGE}releases/download/v${VERSION}/
+
+WANTLIB +=             c pthread
+
+NO_TEST =              Yes
+
+EXAMPLES_DIR =         share/examples/pftbld
+
+post-install:
+       ${INSTALL_DATA_DIR} ${PREFIX}/${EXAMPLES_DIR}
+       ${INSTALL_DATA} ${FILESDIR}/pftbld.conf ${PREFIX}/${EXAMPLES_DIR}
+
+.include <bsd.port.mk>
Index: net/pftbld/distinfo
===================================================================
RCS file: net/pftbld/distinfo
diff -N net/pftbld/distinfo
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ net/pftbld/distinfo 16 Sep 2020 11:07:04 -0000
@@ -0,0 +1,2 @@
+SHA256 (pftbld-0.1.0.tar.gz) = u8RovHxLIh0Odea3TVcFSq/dTdby/CrGcU25ae5l3o0=
+SIZE (pftbld-0.1.0.tar.gz) = 40372
Index: net/pftbld/files/pftbld.conf
===================================================================
RCS file: net/pftbld/files/pftbld.conf
diff -N net/pftbld/files/pftbld.conf
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ net/pftbld/files/pftbld.conf        16 Sep 2020 11:07:04 -0000
@@ -0,0 +1,34 @@
+#log "/var/log/pftbld.log"
+
+exclude {
+       localhosts
+#      net "10.0.0/24"
+}
+
+drop 3w
+
+target "www" {
+       persist "/etc/pftbld/clientaddr-www.list"
+#      exclude keyterms "/etc/pftbld/keyterms-www.list"
+
+       socket "/var/www/run/pftbld-www.sock" {
+               owner "www"
+               group "www"
+       }
+
+       cascade {
+               table "attackers"
+               hits 4
+               expire 1h
+
+               step {
+                       hits 12
+                       expire 6h
+               }
+               step {
+                       expire 5d
+                       no drop
+                       kill nodes
+               }
+       }
+}
Index: net/pftbld/pkg/DESCR
===================================================================
RCS file: net/pftbld/pkg/DESCR
diff -N net/pftbld/pkg/DESCR
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ net/pftbld/pkg/DESCR        16 Sep 2020 11:07:04 -0000
@@ -0,0 +1,8 @@
+The pftbld(8) program was primarily designed to automate the
+management of dynamic firewall blacklists.  It listens on UNIX-domain
+sockets for incoming IP addresses, usually sent by client programs
+such as network services and applications, and makes them traverse
+pf(4) tables according to its configuration and the history of their
+occurrance.  As pftbld(8) can persist managed addresses and meta-data,
+it is capable of restoring its runtime status and corresponding
+pf(4) tables through system reboots and migrations.
Index: net/pftbld/pkg/PLIST
===================================================================
RCS file: net/pftbld/pkg/PLIST
diff -N net/pftbld/pkg/PLIST
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ net/pftbld/pkg/PLIST        16 Sep 2020 11:07:04 -0000
@@ -0,0 +1,11 @@
+@comment $OpenBSD: PLIST,v$
+@newgroup _pftbld:860
+@newuser _pftbld:860:_pftbld::pftbld unprivileged user:/var/empty:/sbin/nologin
+@rcscript ${RCDIR}/pftbld
+@man man/man5/pftbld.conf.5
+@man man/man8/pftblctl.8
+@man man/man8/pftbld.8
+@bin sbin/pftblctl
+@bin sbin/pftbld
+share/examples/pftbld/
+share/examples/pftbld/pftbld.conf
Index: net/pftbld/pkg/pftbld.rc
===================================================================
RCS file: net/pftbld/pkg/pftbld.rc
diff -N net/pftbld/pkg/pftbld.rc
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ net/pftbld/pkg/pftbld.rc    16 Sep 2020 11:07:04 -0000
@@ -0,0 +1,9 @@
+#!/bin/ksh
+#
+# $OpenBSD$
+
+daemon="${PREFIX}/sbin/pftbld"
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1

Reply via email to