Any comments/OKs/commits are welcome.
Index: infrastructure/db/user.list =================================================================== RCS file: /cvs/ports/infrastructure/db/user.list,v retrieving revision 1.375 diff -u -p -u -p -r1.375 user.list --- infrastructure/db/user.list 12 Sep 2020 15:33:51 -0000 1.375 +++ infrastructure/db/user.list 16 Sep 2020 11:07:04 -0000 @@ -368,3 +368,4 @@ id user group port 857 _web2ldap _web2ldap sysutils/web2ldap 858 _purritobin _purritobin www/purritobin 859 _miniflux _miniflux net/miniflux +860 _pftbld _pftbld net/pftbld Index: net/Makefile =================================================================== RCS file: /cvs/ports/net/Makefile,v retrieving revision 1.1222 diff -u -p -u -p -r1.1222 Makefile --- net/Makefile 12 Sep 2020 15:33:31 -0000 1.1222 +++ net/Makefile 16 Sep 2020 11:07:04 -0000 @@ -513,6 +513,7 @@ SUBDIR += pear-Services-oEmbed SUBDIR += pen SUBDIR += pfstat + SUBDIR += pftbld SUBDIR += php-weathermap SUBDIR += pidgin SUBDIR += pidgin,gtkspell Index: net/pftbld/Makefile =================================================================== RCS file: net/pftbld/Makefile diff -N net/pftbld/Makefile --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/pftbld/Makefile 16 Sep 2020 11:07:04 -0000 @@ -0,0 +1,27 @@ +# $OpenBSD$ + +COMMENT = automate pf(4) table content management + +VERSION = 0.1.0 +DISTNAME = pftbld-${VERSION} +CATEGORIES = net +MAINTAINER = Matthias Pressfreund <pft...@mpfr.net> + +HOMEPAGE = https://github.com/mpfr/pftbld/ + +PERMIT_PACKAGE = Yes + +MASTER_SITES = https://mpfr.net/downloads/ \ + ${HOMEPAGE}releases/download/v${VERSION}/ + +WANTLIB += c pthread + +NO_TEST = Yes + +EXAMPLES_DIR = share/examples/pftbld + +post-install: + ${INSTALL_DATA_DIR} ${PREFIX}/${EXAMPLES_DIR} + ${INSTALL_DATA} ${FILESDIR}/pftbld.conf ${PREFIX}/${EXAMPLES_DIR} + +.include <bsd.port.mk> Index: net/pftbld/distinfo =================================================================== RCS file: net/pftbld/distinfo diff -N net/pftbld/distinfo --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/pftbld/distinfo 16 Sep 2020 11:07:04 -0000 @@ -0,0 +1,2 @@ +SHA256 (pftbld-0.1.0.tar.gz) = u8RovHxLIh0Odea3TVcFSq/dTdby/CrGcU25ae5l3o0= +SIZE (pftbld-0.1.0.tar.gz) = 40372 Index: net/pftbld/files/pftbld.conf =================================================================== RCS file: net/pftbld/files/pftbld.conf diff -N net/pftbld/files/pftbld.conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/pftbld/files/pftbld.conf 16 Sep 2020 11:07:04 -0000 @@ -0,0 +1,34 @@ +#log "/var/log/pftbld.log" + +exclude { + localhosts +# net "10.0.0/24" +} + +drop 3w + +target "www" { + persist "/etc/pftbld/clientaddr-www.list" +# exclude keyterms "/etc/pftbld/keyterms-www.list" + + socket "/var/www/run/pftbld-www.sock" { + owner "www" + group "www" + } + + cascade { + table "attackers" + hits 4 + expire 1h + + step { + hits 12 + expire 6h + } + step { + expire 5d + no drop + kill nodes + } + } +} Index: net/pftbld/pkg/DESCR =================================================================== RCS file: net/pftbld/pkg/DESCR diff -N net/pftbld/pkg/DESCR --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/pftbld/pkg/DESCR 16 Sep 2020 11:07:04 -0000 @@ -0,0 +1,8 @@ +The pftbld(8) program was primarily designed to automate the +management of dynamic firewall blacklists. It listens on UNIX-domain +sockets for incoming IP addresses, usually sent by client programs +such as network services and applications, and makes them traverse +pf(4) tables according to its configuration and the history of their +occurrance. As pftbld(8) can persist managed addresses and meta-data, +it is capable of restoring its runtime status and corresponding +pf(4) tables through system reboots and migrations. Index: net/pftbld/pkg/PLIST =================================================================== RCS file: net/pftbld/pkg/PLIST diff -N net/pftbld/pkg/PLIST --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/pftbld/pkg/PLIST 16 Sep 2020 11:07:04 -0000 @@ -0,0 +1,11 @@ +@comment $OpenBSD: PLIST,v$ +@newgroup _pftbld:860 +@newuser _pftbld:860:_pftbld::pftbld unprivileged user:/var/empty:/sbin/nologin +@rcscript ${RCDIR}/pftbld +@man man/man5/pftbld.conf.5 +@man man/man8/pftblctl.8 +@man man/man8/pftbld.8 +@bin sbin/pftblctl +@bin sbin/pftbld +share/examples/pftbld/ +share/examples/pftbld/pftbld.conf Index: net/pftbld/pkg/pftbld.rc =================================================================== RCS file: net/pftbld/pkg/pftbld.rc diff -N net/pftbld/pkg/pftbld.rc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/pftbld/pkg/pftbld.rc 16 Sep 2020 11:07:04 -0000 @@ -0,0 +1,9 @@ +#!/bin/ksh +# +# $OpenBSD$ + +daemon="${PREFIX}/sbin/pftbld" + +. /etc/rc.d/rc.subr + +rc_cmd $1