- Include configuration file for pf.

- Add patch for supporting syslogd -v or -vv.

PR:		ports/157318
Submitted by:	Nick Hilliard <nick@foobar.org>
Approved by:	maintainer timeout

4 files changed, 78 insertions, 0 deletions

diff --git a/security/py-fail2ban/Makefile b/security/py-fail2ban/Makefile
index 1ccdc5f08d74..f71b312d681e 100644
--- a/security/py-fail2ban/Makefile
+++ b/security/py-fail2ban/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	fail2ban
 PORTVERSION=	0.8.4
+PORTREVISION=	1
 CATEGORIES=	security python
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}-stable/${PORTNAME}-${PORTVERSION}
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
diff --git a/security/py-fail2ban/files/patch-common.conf b/security/py-fail2ban/files/patch-common.conf
new file mode 100644
index 000000000000..9cf5a4098aa1
--- /dev/null
+++ b/security/py-fail2ban/files/patch-common.conf
@@ -0,0 +1,17 @@
+--- config/filter.d/common.conf.orig	2011-05-25 14:25:33.000000000 +0100
++++ config/filter.d/common.conf	2011-05-25 14:25:42.000000000 +0100
+@@ -32,10 +32,13 @@
+ # EXAMPLES: sshd[31607], pop(pam_unix)[4920]
+ __daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
+ 
++# Logging facility and priority for BSD "-v" verbose mode
++__bsd_verbose_mode = (?:\s*\<\S+\.\S+\>\s*)
++
+ #
+ # Common line prefixes (beginnings) which could be used in filters
+ #
+ #       [hostname] [vserver tag] daemon_id spaces
+ # this can be optional (for instance if we match named native log files)
+-__prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
++__prefix_line = \s*%(__bsd_verbose_mode)s(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
+ 
diff --git a/security/py-fail2ban/files/patch-pf.conf b/security/py-fail2ban/files/patch-pf.conf
new file mode 100644
index 000000000000..dbb6bb99d321
--- /dev/null
+++ b/security/py-fail2ban/files/patch-pf.conf
@@ -0,0 +1,59 @@
+--- /dev/null   2010-01-12 16:33:00.000000000 -0500
++++ ./config/action.d/pf.conf     2010-01-12 16:26:51.000000000 -0500
+@@ -0,0 +1,56 @@
++# Fail2Ban configuration file
++#
++# OpenBSD pf ban/unban
++#
++# Author: Nick Hilliard <nick@foobar.org>
++#
++#
++
++[Definition]
++
++# Option:  actionstart
++# Notes.:  command executed once at the start of Fail2Ban.
++# Values:  CMD
++#
++# we don't enable PF automatically, as it will be enabled elsewhere
++actionstart = 
++
++
++# Option:  actionstop
++# Notes.:  command executed once at the end of Fail2Ban
++# Values:  CMD
++#
++# we don't disable PF automatically either
++actionstop = 
++
++
++# Option:  actioncheck
++# Notes.:  command executed once before each actionban command
++# Values:  CMD
++#
++actioncheck = 
++
++
++# Option:  actionban
++# Notes.:  command executed when banning an IP. Take care that the
++#          command is executed with Fail2Ban user rights.
++# Tags:    <ip>  IP address
++#          <failures>  number of failures
++#          <time>  unix timestamp of the ban time
++# Values:  CMD
++#
++actionban = /sbin/pfctl -t fail2ban -T add <ip>/32
++
++
++# Option:  actionunban
++# Notes.:  command executed when unbanning an IP. Take care that the
++#          command is executed with Fail2Ban user rights.
++# Tags:    <ip>  IP address
++#          <failures>  number of failures
++#          <time>  unix timestamp of the ban time
++# Values:  CMD
++#
++# note -r option used to remove matching rule
++actionunban = /sbin/pfctl -t fail2ban -T delete <ip>/32
++
++[Init]
diff --git a/security/py-fail2ban/pkg-plist b/security/py-fail2ban/pkg-plist
index 72164591fdeb..b3758e367d6c 100644
--- a/security/py-fail2ban/pkg-plist
+++ b/security/py-fail2ban/pkg-plist
@@ -14,6 +14,7 @@
 %%ETCDIR%%/action.d/mail-whois.conf
 %%ETCDIR%%/action.d/mail.conf
 %%ETCDIR%%/action.d/mynetwatchman.conf
+%%ETCDIR%%/action.d/pf.conf
 %%ETCDIR%%/action.d/sendmail-buffered.conf
 %%ETCDIR%%/action.d/sendmail-whois-lines.conf
 %%ETCDIR%%/action.d/sendmail-whois.conf