Update to 2.0.3.

This new version includes a migration from Perl to C and support for
ipfw and pf.

While here, trim the Makefile headers.

PR:		ports/171951
Submitted by:	Sean Greven <sean.greven@gmail.com> (maintainer)
Feature safe:	yes

20 files changed, 68 insertions, 555 deletions

diff --git a/security/fwknop/Makefile b/security/fwknop/Makefile
index 40d989c90753..78a0ddbd75c7 100644
--- a/security/fwknop/Makefile
+++ b/security/fwknop/Makefile
@@ -1,61 +1,28 @@
-# New ports collection makefile for:	fwknop
-#
-# Date created:				23 Nov 2007
-# Whom:					Sean Greven<sean.greven@gmail.com>
-#
+# Created by: Sean Greven <sean.greven@gmail.com>
 # $FreeBSD$
-#
 
 PORTNAME=	fwknop
-PORTVERSION=	1.8.3
-PORTREVISION=	2
+PORTVERSION=	2.0.3
 CATEGORIES=	security
 MASTER_SITES=	http://www.cipherdyne.org/fwknop/download/
 
 MAINTAINER=	sean.greven@gmail.com
 COMMENT=	SPA implementation for Linux and FreeBSD
 
-BUILD_DEPENDS=	p5-Net-IPv4Addr>=0:${PORTSDIR}/net-mgmt/p5-Net-IPv4Addr \
-		p5-Unix-Syslog>=0:${PORTSDIR}/sysutils/p5-Unix-Syslog \
-		p5-Term-ReadKey>=0:${PORTSDIR}/devel/p5-Term-ReadKey \
-		p5-Net-Pcap>=0:${PORTSDIR}/net/p5-Net-Pcap \
-		p5-List-MoreUtils>=0:${PORTSDIR}/lang/p5-List-MoreUtils \
-		p5-Crypt-Rijndael>=0:${PORTSDIR}/security/p5-Crypt-Rijndael \
-		p5-Class-MethodMaker>=0:${PORTSDIR}/devel/p5-Class-MethodMaker \
-		p5-Net-RawIP>=0:${PORTSDIR}/net/p5-Net-RawIP \
-		p5-GnuPG-Interface>=0:${PORTSDIR}/security/p5-GnuPG-Interface \
-		p5-Crypt-CBC>=0:${PORTSDIR}/security/p5-Crypt-CBC \
-		p5-NetPacket>=0:${PORTSDIR}/net/p5-NetPacket \
-		p5-Net-Ping-External>=0:${PORTSDIR}/net/p5-Net-Ping-External
-RUN_DEPENDS:=	${BUILD_DEPENDS}
-
-MAN8=		fwknop.8 fwknopd.8 knopmd.8 knopwatchd.8
-MANCOMPRESSED=	yes
-
-NO_BUILD=	yes
-IS_INTERACTIVE=	yes
-USE_PERL5_BUILD=yes
-
-post-patch:
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/access.conf
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop.8
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop.conf
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop_serv
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknopd
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknopd.8
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/install.pl
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.8
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.c
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.conf
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopspoof
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knoptm
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopwatchd.8
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopwatchd.c
-	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/init-scripts/fwknop-init.freebsd
-
-do-install:
-	cd ${WRKSRC} && ./install.pl
-	@${ECHO_MSG} "Configuration files in ${LOCALBASE}/etc/fwknop";
+OPTIONS_DEFINE=		GPGME
+OPTIONS_DEFAULT=	GPGME
+GPGME_DESC=	Build support for gpgme
+MAN8=		fwknop.8 fwknopd.8
+INFO=		libfko
+MANCOMPRESSED=	no
+GNU_CONFIGURE=	yes
+USE_RC_SUBR=	fwknopd
+USE_LDCONFIG=	yes
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MGPGME}
+BUILD_DEPENDS+=	gpgme:${PORTSDIR}/security/gpgme
+.endif
 
 .include <bsd.port.mk>
diff --git a/security/fwknop/distinfo b/security/fwknop/distinfo
index f82e6a2b27a5..3257068e9813 100644
--- a/security/fwknop/distinfo
+++ b/security/fwknop/distinfo
@@ -1,2 +1,2 @@
-SHA256 (fwknop-1.8.3.tar.gz) = 366dbb0c9ae38973cee960408eb1a76ed6ff544f15855affaed93331face9491
-SIZE (fwknop-1.8.3.tar.gz) = 471949
+SHA256 (fwknop-2.0.3.tar.gz) = f7f306a66c641020e7c7a820eaa3743e2700ddee6e26cca37440db95df56b986
+SIZE (fwknop-2.0.3.tar.gz) = 904769
diff --git a/security/fwknop/files/fwknopd.in b/security/fwknop/files/fwknopd.in
new file mode 100644
index 000000000000..023656d1d3e4
--- /dev/null
+++ b/security/fwknop/files/fwknopd.in
@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: fwknopd
+# REQUIRE: LOGIN
+
+#
+# Add the following lines to /etc/rc.conf to enable fwknopd:
+#
+# fwknopd_enable="YES"
+#
+# See fwknopd(8) for flags
+#
+
+. /etc/rc.subr
+
+name=fwknopd
+rcvar=fwknopd_enable
+
+command=%%PREFIX%%/sbin/fwknopd
+required_files=%%PREFIX%%/etc/fwknop/access.conf
+
+start_precmd=start_precmd
+stop_postcmd=stop_postcmd
+
+extra_commands="reload"
+
+start_precmd()
+{
+}
+
+stop_postcmd()
+{
+}
+
+# read settings, set default values
+load_rc_config $name
+: ${fwknopd_enable="NO"}
+
+run_rc_command "$1"
diff --git a/security/fwknop/files/patch-access.conf b/security/fwknop/files/patch-access.conf
deleted file mode 100644
index 6c5249bdff18..000000000000
--- a/security/fwknop/files/patch-access.conf
+++ /dev/null
@@ -1,20 +0,0 @@
---- access.conf.orig   2007-11-21 20:59:13.000000000 +0200
-+++ access.conf        2007-11-21 21:00:47.000000000 +0200
-@@ -5,7 +5,7 @@
- #
- # Purpose: This file defines how fwknop will modify iptables access controls
- #          for specific IPs/networks.  It gets installed by default at
--#          /etc/fwknop/access.conf and is consulted by fwknop when run in
-+#          %%PREFIX%%/etc/fwknop/access.conf and is consulted by fwknop when run in
- #          "access control mode", which is the default (i.e. when fwknop is
- #          run from the command line without any command line arguments).
- #          The corresponding file ~/.fwknoprc defines how fwknop will
-@@ -96,7 +96,7 @@
- #    fwknopd to read packets from a file that is written to by a sniffer
- #    process or by something like the ulogd pcap writer (use ULOG_PCAP for
- #    this).  The specific file path is defined by the PCAP_FILE keyword in
--#    /etc/fwknop/fwknop.conf).  We also require that the username on the
-+#    %%PREFIX%%/etc/fwknop/fwknop.conf).  We also require that the username on the
- #    system that generates the authorization packet is "mbr":
- #
- #   SOURCE: ANY;
diff --git a/security/fwknop/files/patch-fwknop b/security/fwknop/files/patch-fwknop
deleted file mode 100644
index 46555550e603..000000000000
--- a/security/fwknop/files/patch-fwknop
+++ /dev/null
@@ -1,20 +0,0 @@
---- fwknop.orig        2007-11-21 20:59:13.000000000 +0200
-+++ fwknop     2007-11-21 21:01:29.000000000 +0200
-@@ -37,7 +37,7 @@
- # $Id: fwknop 586 2006-11-04 20:45:49Z mbr $
- #
- 
--use lib '/usr/lib/fwknop';
-+use lib '%%PREFIX%%/lib/fwknop';
- use Crypt::CBC;
- use Net::IPv4Addr qw(ipv4_in_network);
- use Net::Ping::External qw(ping);
-@@ -975,7 +975,7 @@
-         } else {
-             print
- "[+] Enter an encryption key. This key must match a key in the file\n",
--"    /etc/fwknop/access.conf on the remote system.\n\n" unless $quiet;
-+"    %%PREFIX%%/etc/fwknop/access.conf on the remote system.\n\n" unless $quiet;
-         }
-         my $try = 0;
-         my $max_tries = 20;
diff --git a/security/fwknop/files/patch-fwknop.8 b/security/fwknop/files/patch-fwknop.8
deleted file mode 100644
index 0caefd89cadd..000000000000
--- a/security/fwknop/files/patch-fwknop.8
+++ /dev/null
@@ -1,65 +0,0 @@
---- fwknop.8.orig      2007-11-21 20:59:13.000000000 +0200
-+++ fwknop.8   2007-11-21 21:01:07.000000000 +0200
-@@ -43,7 +43,7 @@
- or via GnuPG and associated asymmetric ciphers.  If the symmetric encryption
- method is chosen, then the encryption key is shared between between the
- client and server (see the
--.I /etc/fwknop/access.conf
-+.I %%PREFIX%%/etc/fwknop/access.conf
- file).  If the GnuPG
- method is chosen, then the encryption keys are derived from GnuPG key
- rings.  SPA packets generated by fwknop running as a client adhere
-@@ -76,7 +76,7 @@
- this can be tuned via the
- .B ALERTING_METHODS
- variable in the
--.I /etc/fwknop/fwknop.conf
-+.I %%PREFIX%%/etc/fwknop/fwknop.conf
- file).  By default, the
- .B fwknop
- client sends authorization packets over UDP
-@@ -310,7 +310,7 @@
- .B REQUIRE_USERNAME
- keyword that might
- be specified in
--.I /etc/fwknop/access.conf.
-+.I %%PREFIX%%/etc/fwknop/access.conf.
- .TP
- .BR \-\^\-Spoof-user\ \<user>
- Specify the username that is included within SPA packet.  This allows
-@@ -352,7 +352,7 @@
- and have it execute the command). This option is not needed when trying to
- gain access to a service via the SPA mechanism.  To use this feature, please
- ensure that ENABLE_CMD_EXEC; is set in the file
--.I /etc/fwknop/access.conf
-+.I %%PREFIX%%/etc/fwknop/access.conf
- on the
- .B fwknopd
- server you are sending the command to.
-@@ -363,7 +363,7 @@
- server, which will execute the command as root.  Command execution is enabled only
- if the
- .B ENABLE_CMD_EXEC keyword is given in
--.I /etc/fwknop/access.conf
-+.I %%PREFIX%%/etc/fwknop/access.conf
- (note that commands can easily be restricted with the
- .B CMD_REGEX
- keyword as well).
-@@ -502,7 +502,7 @@
- .RS
- .B NOTE:
- Please ensure that ENABLE_CMD_EXEC; is set in the file
--.I /etc/fwknop/access.conf
-+.I %%PREFIX%%/etc/fwknop/access.conf
- on the
- .B fwknopd
- server you are attempting to connect to.
-@@ -563,7 +563,7 @@
- will read the sequence out of the file
- .B ~/.fwknoprc
- and the server will read the sequence out of
--.B /etc/fwknop/access.conf:
-+.B %%PREFIX%%/etc/fwknop/access.conf:
- .PP
- .B $ fwknop --Server-mode 'knock' -D 10.11.11.123
- .RE
diff --git a/security/fwknop/files/patch-fwknop.conf b/security/fwknop/files/patch-fwknop.conf
deleted file mode 100644
index ba8ec4b07230..000000000000
--- a/security/fwknop/files/patch-fwknop.conf
+++ /dev/null
@@ -1,45 +0,0 @@
---- fwknop.conf.orig   2007-11-23 22:37:27.000000000 +0200
-+++ fwknop.conf        2007-11-23 22:40:56.000000000 +0200
-@@ -10,7 +10,7 @@
- #
- # Note there are no access control directives in this file.  All access
- # control directives are located in the file
--# /etc/fwknop/access.conf.  You will need to edit the access.conf file in
-+# %%PREFIX%%/etc/fwknop/access.conf.  You will need to edit the access.conf file in
- # order for fwknop to function correctly.
- #
- #############################################################################
-@@ -90,7 +90,7 @@
- 
- ### If GPG keys are used instead of a Rijndael symmetric key, this is
- ### the default GPG keys directory.  Note that each access block in
--### /etc/fwknop/access.conf can specify its own GPG directory to override
-+### %%PREFIX%%/etc/fwknop/access.conf can specify its own GPG directory to override
- ### this default.
- GPG_DEFAULT_HOME_DIR        /root/.gnupg;
- 
-@@ -184,8 +184,8 @@
- FWKNOP_DIR                  /var/log/fwknop;
- FWKNOP_RUN_DIR              /var/run/fwknop;
- FWKNOP_LIB_DIR              /var/lib/fwknop; # for legacy port knocking mode
--FWKNOP_MOD_DIR              /usr/lib/fwknop;
--FWKNOP_CONF_DIR             /etc/fwknop;
-+FWKNOP_MOD_DIR              %%PREFIX%%/lib/fwknop;
-+FWKNOP_CONF_DIR             %%PREFIX%%/etc/fwknop;
- FWKNOP_ERR_DIR              $FWKNOP_DIR/errs;
- 
- ### Files
-@@ -216,8 +216,8 @@
- mknodCmd         /bin/mknod;
- iptablesCmd      /sbin/iptables;
- ipfwCmd          /sbin/ipfw;  ### BSD and Mac OS X only
--fwknopdCmd       /usr/sbin/fwknopd;
--fwknop_servCmd   /usr/sbin/fwknop_serv;
--knopmdCmd        /usr/sbin/knopmd;
--knoptmCmd        /usr/sbin/knoptm;
--knopwatchdCmd    /usr/sbin/knopwatchd;
-+fwknopdCmd       %%PREFIX%%/sbin/fwknopd;
-+fwknop_servCmd   %%PREFIX%%/sbin/fwknop_serv;
-+knopmdCmd        %%PREFIX%%/sbin/knopmd;
-+knoptmCmd        %%PREFIX%%/sbin/knoptm;
-+knopwatchdCmd    %%PREFIX%%/sbin/knopwatchd;
diff --git a/security/fwknop/files/patch-fwknop_serv b/security/fwknop/files/patch-fwknop_serv
deleted file mode 100644
index d8a4f83fba7c..000000000000
--- a/security/fwknop/files/patch-fwknop_serv
+++ /dev/null
@@ -1,11 +0,0 @@
---- fwknop_serv.orig   2007-11-21 20:59:13.000000000 +0200
-+++ fwknop_serv        2007-11-21 21:02:08.000000000 +0200
-@@ -22,7 +22,7 @@
- use POSIX;
- use strict;
- 
--my $config_file = '/etc/fwknop/fwknop.conf';
-+my $config_file = '%%PREFIX%%/etc/fwknop/fwknop.conf';
- my %config = ();
- 
- my @required_vars = qw(
diff --git a/security/fwknop/files/patch-fwknopd b/security/fwknop/files/patch-fwknopd
deleted file mode 100644
index 49dcf270273a..000000000000
--- a/security/fwknop/files/patch-fwknopd
+++ /dev/null
@@ -1,20 +0,0 @@
---- fwknopd.orig       2007-11-21 20:59:13.000000000 +0200
-+++ fwknopd    2007-11-21 21:02:31.000000000 +0200
-@@ -40,7 +40,7 @@
- # $Id: fwknopd 583 2006-11-04 20:43:01Z mbr $
- #
- 
--use lib '/usr/lib/fwknop';
-+use lib '%%PREFIX%%/lib/fwknop';
- use Crypt::CBC;
- use Unix::Syslog qw(:subs :macros);
- use Net::IPv4Addr qw(ipv4_in_network);
-@@ -59,7 +59,7 @@
- use Getopt::Long;
- use strict;
- 
--my $config_file = '/etc/fwknop/fwknop.conf';
-+my $config_file = '%%PREFIX%%/etc/fwknop/fwknop.conf';
- 
- my $version = '1.8.3';
- my $revision_svn = '$Revision: 809 $';
diff --git a/security/fwknop/files/patch-fwknopd.8 b/security/fwknop/files/patch-fwknopd.8
deleted file mode 100644
index e8c4a485e7cc..000000000000
--- a/security/fwknop/files/patch-fwknopd.8
+++ /dev/null
@@ -1,112 +0,0 @@
---- fwknopd.8.orig     2007-11-21 20:59:13.000000000 +0200
-+++ fwknopd.8  2007-11-21 21:02:20.000000000 +0200
-@@ -26,7 +26,7 @@
- and
- .B access.conf
- within the
--.B /etc/fwknop
-+.B %%PREFIX%%/etc/fwknop
- directory, and configuration variables within these files are desribed below.
- .SH OPTIONS
- .TP
-@@ -34,7 +34,7 @@
- When run in server mode
- .B fwknop
- references the file
--.B /etc/fwknop/fwknop.conf
-+.B %%PREFIX%%/etc/fwknop/fwknop.conf
- for various run-time configuration
- variables.  The path to this file can be changed through the use of the
- .B --config
-@@ -42,7 +42,7 @@
- .TP
- .BR \-i "\fR,\fP " \-\^\-intf\ \<interface>
- Manually specify interface on which to sniff, e.g. "-i eth0".  This option
--is not usually needed because the PCAP_INTF keyword in /etc/fwknop/fwknop.conf
-+is not usually needed because the PCAP_INTF keyword in %%PREFIX%%/etc/fwknop/fwknop.conf
- file defines the sniffing interface.
- .TP
- .BR \-\^\-fw-list
-@@ -80,32 +80,32 @@
- .BR \-V "\fR,\fP " \-\^\-Version
- Display version information and exit.
- .SH FILES
--.B /etc/fwknop/fwknop.conf
-+.B %%PREFIX%%/etc/fwknop/fwknop.conf
- .RS
- The main configuration file for
- .B fwknop.
- .RE
- 
--.B /etc/fwknop/access.conf
-+.B %%PREFIX%%/etc/fwknop/access.conf
- .RS
- Defines all knock sequences and access control directives.
- .RE
- 
--.B /etc/fwknop/pf.os
-+.B %%PREFIX%%/etc/fwknop/pf.os
- .RS
- Defines p0f signatures used by fwknop.
- .RE
- .SH FWKNOP CONFIG AND ACCESS VARIABLES
- .B fwknop
- references the file
--.B /etc/fwknop/fwknop.conf
-+.B %%PREFIX%%/etc/fwknop/fwknop.conf
- for configuration variables such as the path to the firewall logfile,
- the sleep interval fwknop uses to check for new log messages, and
- paths to system binaries, etc.  The
- .B fwknop
- config file does not define any access control directives; they are
- located in the file
--.B /etc/fwknop/access.conf.
-+.B %%PREFIX%%/etc/fwknop/access.conf.
- Access control directives define encryption keys and level of access that
- is granted to an fwknop client that has generated the appropriate encrypted
- message.  This file is referenced for this information when run in either
-@@ -116,7 +116,7 @@
- legacy knock sequence) will be accepted.  The string "ANY" is also
- accepted if a valid authorization packet should be honored from any source
- IP.  Every authorization stanza in
--.B /etc/fwknop/access.conf
-+.B %%PREFIX%%/etc/fwknop/access.conf
- definition must start with the SOURCE keyword.  Networks can be
- specified in either CIDR (e.g. "192.168.10.0/24") or regular (e.g.
- "192.168.10.0/255.255.255.0") notation, and individual IP addresses
-@@ -178,7 +178,7 @@
- on the client, but each fwknopd server should have its own gpg key that is
- generated specifically for fwknop communications.  The reason for this is
- that the decryption password for the server key must be placed within the
--.B /etc/fwknop/access.conf
-+.B %%PREFIX%%/etc/fwknop/access.conf
- file for fwknopd to function (it has to be able to decrypt SPA messages that
- have been encrypted with the server's public key).  For more information on
- using fwknop with GnuPG keys, see the following link:
-@@ -204,7 +204,7 @@
- Define the path to the GnuPG directory to be used by the
- .B fwknopd
- server.  If this keyword is not specified within
--.B /etc/fwknop/access.conf
-+.B %%PREFIX%%/etc/fwknop/access.conf
- then fwknopd will default to using the /root/.gnupg directory for the server key(s).
- .TP
- .B FW_ACCESS_TIMEOUT: <seconds>
-@@ -235,7 +235,7 @@
- "Linux:2.4::Linux 2.4/2.6" or "OpenBSD:3.0-3.5::OpenBSD 3.0-3.5"
- before a knock sequence will be accepted.  The fingerprints are listed
- in
--.B /etc/fwknop/pf.os.
-+.B %%PREFIX%%/etc/fwknop/pf.os.
- Note that the corresponding knock sequence must utilize the tcp protocol
- (this is only be an issue for shared sequences since encrypted sequences
- use tcp by default) since OS fingerprinting requires tcp syn packets.
-@@ -281,7 +281,7 @@
- starting at a default port of 61000.  This value can be changed
- through the use of the PORT_OFFSET variable.  The PORT_OFFSET
- is optional and will be set to 61000 by fwknop if it is not specified
--in /etc/fwknop/access.conf.
-+in %%PREFIX%%/etc/fwknop/access.conf.
- .TP
- .B MIN_TIME_DIFF: <seconds>
- Set the minimum number of seconds that must pass between successive
diff --git a/security/fwknop/files/patch-init-scripts-fwknop-init.freebsd b/security/fwknop/files/patch-init-scripts-fwknop-init.freebsd
deleted file mode 100644
index b4638c6db6e3..000000000000
--- a/security/fwknop/files/patch-init-scripts-fwknop-init.freebsd
+++ /dev/null
@@ -1,18 +0,0 @@
---- init-scripts/fwknop-init.freebsd.orig	2007-06-01 02:55:08.000000000 +0000
-+++ init-scripts/fwknop-init.freebsd	2008-06-13 02:47:25.000000000 +0000
-@@ -14,13 +14,13 @@
- fwknop_start()
- {
- 	echo "Starting fwknop."
--	/usr/sbin/fwknopd
-+	%%PREFIX%%/sbin/fwknopd
- }
- 
- fwknop_stop()
- {
- 	echo "Stopping fwknop."
--	/usr/sbin/fwknopd --Kill
-+	%%PREFIX%%/sbin/fwknopd --Kill
- }
- 
- load_rc_config $name
diff --git a/security/fwknop/files/patch-install.pl b/security/fwknop/files/patch-install.pl
deleted file mode 100644
index 10bd6d33dec8..000000000000
--- a/security/fwknop/files/patch-install.pl
+++ /dev/null
@@ -1,60 +0,0 @@
---- install.pl	2007-10-24 00:32:29.000000000 +0000
-+++ install.pl	2008-06-13 02:52:36.000000000 +0000
-@@ -38,8 +38,8 @@
- 
- #========================== config ===========================
- my $INIT_DIR    = '/etc/init.d';
--my $USRBIN_DIR  = '/usr/bin';
--my $URRSBIN_DIR = '/usr/sbin';
-+my $USRBIN_DIR  = '%%PREFIX%%/bin';
-+my $URRSBIN_DIR = '%%PREFIX%%/sbin';
- 
- my $RUNLEVEL;    ### This should only be set if install.pl
-                  ### cannot determine the correct runlevel
-@@ -302,7 +302,7 @@
-             &stop_fwknop();
-         }
- 
--        for my $dir qw| /usr/lib /var/run /var/log /var/lib | {
-+        for my $dir qw| %%PREFIX%%/lib /usr/lib /var/run /var/log /var/lib | {
-             unless (-d $dir) {
-                 mkdir $dir or die "[*] Could not mkdir $dir: $!";
-             }
-@@ -463,7 +463,7 @@
-             "$USRBIN_DIR/fwknop.tmp: $!";
-         for my $line (@lines) {
-             ### change the lib dir to new homedir path
--            if ($line =~ m|^\s*use\s+lib\s+\'/usr/lib/fwknop\';|) {
-+            if ($line =~ m|^\s*use\s+lib\s+\'%%PREFIX%%/lib/fwknop\';|) {
-                 print P "use lib '", $config{'FWKNOP_MOD_DIR'}, "';\n";
-             } else {
-                 print P $line;
-@@ -725,8 +725,8 @@
-     unless (-d $INIT_DIR) {
-         if (-d '/etc/rc.d/init.d') {
-             $INIT_DIR = '/etc/rc.d/init.d';
--        } elsif (-d '/etc/rc.d') {
--            $INIT_DIR = '/etc/rc.d';
-+        } elsif (-d '%%PREFIX%%/etc/rc.d') {
-+            $INIT_DIR = '%%PREFIX%%/etc/rc.d';
-         } elsif (-d '/etc/init.d') {
-             $INIT_DIR = '/etc/init.d';
-         } else {
-@@ -1010,7 +1010,7 @@
- 
-     ### default location to put man pages, but check with
-     ### /etc/man.config
--    my $mpath = '/usr/share/man/man8';
-+    my $mpath = '%%PREFIX%%/man/man8';
-     if (-e '/etc/man.config') {
-         ### prefer to install $manpage in /usr/local/man/man8 if
-         ### this directory is configured in /etc/man.config
-@@ -1202,7 +1202,7 @@
-             print "[+] Module $mod_name is already installed in the ",
-                 "system perl tree, skipping.\n";
-         } else {
--            ### install the module in the /usr/lib/fwknop directory because
-+            ### install the module in the %%PREFIX%%/lib/fwknop directory because
-             ### it is not already installed.
-             $install_module = 1;
-         }
diff --git a/security/fwknop/files/patch-knopmd.8 b/security/fwknop/files/patch-knopmd.8
deleted file mode 100644
index 5ed896df4407..000000000000
--- a/security/fwknop/files/patch-knopmd.8
+++ /dev/null
@@ -1,11 +0,0 @@
---- knopmd.8.orig      2007-11-21 20:59:13.000000000 +0200
-+++ knopmd.8   2007-11-21 21:03:11.000000000 +0200
-@@ -13,7 +13,7 @@
- cannot detect port knocking sequences without knopmd running on the machine.
- .B knopmd
- uses the knopmd.conf configuration file which by default is
--located at /etc/fwknop/knopmd.conf, but a different path can be specified
-+located at %%PREFIX%%/etc/fwknop/knopmd.conf, but a different path can be specified
- on the command line.
- 
- .SH SEE ALSO
diff --git a/security/fwknop/files/patch-knopmd.c b/security/fwknop/files/patch-knopmd.c
deleted file mode 100644
index 52ed151adb17..000000000000
--- a/security/fwknop/files/patch-knopmd.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- knopmd.c.orig      2007-11-21 20:59:13.000000000 +0200
-+++ knopmd.c   2007-11-21 21:03:20.000000000 +0200
-@@ -39,7 +39,7 @@
- #include <getopt.h>
- 
- /* defines */
--#define FWKNOP_CONF "/etc/fwknop/fwknop.conf"
-+#define FWKNOP_CONF "%%PREFIX%%/etc/fwknop/fwknop.conf"
- 
- /* globals */
- static volatile sig_atomic_t received_sighup = 0;
diff --git a/security/fwknop/files/patch-knopmd.conf b/security/fwknop/files/patch-knopmd.conf
deleted file mode 100644
index 3c8b5b2ce0a2..000000000000
--- a/security/fwknop/files/patch-knopmd.conf
+++ /dev/null
@@ -1,11 +0,0 @@
---- knopmd.conf.orig   2007-11-21 20:59:13.000000000 +0200
-+++ knopmd.conf        2007-11-21 21:03:26.000000000 +0200
-@@ -3,7 +3,7 @@
- #
- #  This is the configuration file for fwknop knopmd daemon (for more
- #  information, read the knopmd man page).  Normally this file gets
--#  installed at /etc/fwknop/knopmd.conf, but can be put anywhere in the
-+#  installed at %%PREFIX%%/etc/fwknop/knopmd.conf, but can be put anywhere in the
- #  filesystem and then the path can be specified on the command line
- #  argument "-c <file>" to knopmd.  The syntax of this file is as follows:
- #
diff --git a/security/fwknop/files/patch-knopspoof b/security/fwknop/files/patch-knopspoof
deleted file mode 100644
index d3a3d9b5cfc4..000000000000
--- a/security/fwknop/files/patch-knopspoof
+++ /dev/null
@@ -1,11 +0,0 @@
---- knopspoof.orig     2007-11-21 20:59:13.000000000 +0200
-+++ knopspoof  2007-11-21 21:03:35.000000000 +0200
-@@ -36,7 +36,7 @@
- # $Id: knopspoof 346 2005-09-13 02:23:08Z mbr $
- #
- 
--use lib '/usr/lib/fwknop';
-+use lib '%%PREFIX%%/lib/fwknop';
- use Net::RawIP;
- use strict;
- 
diff --git a/security/fwknop/files/patch-knoptm b/security/fwknop/files/patch-knoptm
deleted file mode 100644
index a4f9ecbbd441..000000000000
--- a/security/fwknop/files/patch-knoptm
+++ /dev/null
@@ -1,20 +0,0 @@
---- knoptm.orig        2007-11-21 20:59:13.000000000 +0200
-+++ knoptm     2007-11-21 21:03:43.000000000 +0200
-@@ -35,7 +35,7 @@
- # $Id: knoptm 771 2007-09-15 13:52:22Z mbr $
- #
- 
--use lib '/usr/lib/fwknop';
-+use lib '%%PREFIX%%/lib/fwknop';
- use Unix::Syslog qw(:subs :macros);
- use Net::IPv4Addr qw(ipv4_in_network);
- use IO::Socket;
-@@ -46,7 +46,7 @@
- use Getopt::Long;
- use strict;
- 
--my $config_file  = '/etc/fwknop/fwknop.conf';
-+my $config_file  = '%%PREFIX%%/etc/fwknop/fwknop.conf';
- my $user_rc_file = '';
- 
- my $version = '1.8.2';
diff --git a/security/fwknop/files/patch-knopwatchd.8 b/security/fwknop/files/patch-knopwatchd.8
deleted file mode 100644
index 76d7b31a1703..000000000000
--- a/security/fwknop/files/patch-knopwatchd.8
+++ /dev/null
@@ -1,15 +0,0 @@
---- knopwatchd.8.orig  2007-11-21 20:59:13.000000000 +0200
-+++ knopwatchd.8       2007-11-21 21:03:49.000000000 +0200
-@@ -11,10 +11,10 @@
- and fwknop are running on the box.  If any of the three daemons
- have died, knopwatchd will restart the daemon and notify each
- email address listed in the EMAIL_ADDRESSES variable (see
--/etc/fwknop/knopwatchd.conf) that the daemon has been restarted.
-+%%PREFIX%%/fwknop/knopwatchd.conf) that the daemon has been restarted.
- .B knopwatchd
- uses the knopwatchd.conf configuration file which by default is
--located at /etc/fwknop/knopwatchd.conf, but a different path can be specified
-+located at %%PREFIX%%/etc/fwknop/knopwatchd.conf, but a different path can be specified
- on the command line.
- 
- .SH SEE ALSO
diff --git a/security/fwknop/files/patch-knopwatchd.c b/security/fwknop/files/patch-knopwatchd.c
deleted file mode 100644
index 2182d4a3d2ad..000000000000
--- a/security/fwknop/files/patch-knopwatchd.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- knopwatchd.c.orig  2007-11-21 20:59:13.000000000 +0200
-+++ knopwatchd.c       2007-11-21 21:03:55.000000000 +0200
-@@ -38,7 +38,7 @@
- #include "fwknop.h"
- 
- /* defines */
--#define FWKNOP_CONF "/etc/fwknop/fwknop.conf"
-+#define FWKNOP_CONF "%%PREFIX%%/etc/fwknop/fwknop.conf"
- 
- /* globals */
- unsigned short int fwknopd_syscalls_ctr = 0;
diff --git a/security/fwknop/pkg-plist b/security/fwknop/pkg-plist
index 349f40427291..70b84cc87e5b 100644
--- a/security/fwknop/pkg-plist
+++ b/security/fwknop/pkg-plist
@@ -1,44 +1,10 @@
 bin/fwknop
-sbin/fwknop_serv
+%%ETCDIR%%/access.conf
+%%ETCDIR%%/fwknopd.conf
+include/fko.h
+lib/libfko.a
+lib/libfko.la
+lib/libfko.so
+lib/libfko.so.0
 sbin/fwknopd
-sbin/knopmd
-sbin/knoptm
-sbin/knopwatchd
-
-etc/fwknop/access.conf
-etc/fwknop/fwknop.conf
-etc/fwknop/pf.os
-etc/rc.d/fwknop
-
-lib/fwknop/NetPacket.pm
-lib/fwknop/NetPacket/ARP.pm
-lib/fwknop/NetPacket/Ethernet.pm
-lib/fwknop/NetPacket/ICMP.pm
-lib/fwknop/NetPacket/IGMP.pm
-lib/fwknop/NetPacket/IP.pm
-lib/fwknop/NetPacket/TCP.pm
-lib/fwknop/NetPacket/UDP.pm
-lib/fwknop/i386-freebsd-64int/auto/NetPacket/.packlist
-lib/fwknop/i386-freebsd-64int/perllocal.pod
-lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket.3
-lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::ARP.3
-lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::Ethernet.3
-lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::ICMP.3
-lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::IGMP.3
-lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::IP.3
-lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::TCP.3
-lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::UDP.3
-
-@dirrm lib/fwknop/lib/perl5/5.8.8/man/man3
-@dirrm lib/fwknop/lib/perl5/5.8.8/man
-@dirrm lib/fwknop/lib/perl5/5.8.8
-@dirrm lib/fwknop/lib/perl5
-@dirrm lib/fwknop/lib
-@dirrm lib/fwknop/i386-freebsd-64int/auto/NetPacket
-@dirrm lib/fwknop/i386-freebsd-64int/auto
-@dirrm lib/fwknop/i386-freebsd-64int
-@dirrm lib/fwknop/NetPacket
-@dirrm lib/fwknop
-@dirrm etc/fwknop/archive
-@dirrm etc/fwknop
-
+@dirrm %%ETCDIR%%