diff options
| -rw-r--r-- | security/Makefile | 1 | ||||
| -rw-r--r-- | security/crowdsec-firewall-bouncer/Makefile | 39 | ||||
| -rw-r--r-- | security/crowdsec-firewall-bouncer/distinfo | 5 | ||||
| -rwxr-xr-x | security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in | 25 | ||||
| -rw-r--r-- | security/crowdsec-firewall-bouncer/files/pkg-message.in | 21 | ||||
| -rw-r--r-- | security/crowdsec-firewall-bouncer/pkg-descr | 6 | ||||
| -rw-r--r-- | security/crowdsec-firewall-bouncer/pkg-plist | 2 |
7 files changed, 99 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index b6060eb1d6e4..ce92287f6e4d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -102,6 +102,7 @@ SUBDIR += crackpkcs12 SUBDIR += create-cert SUBDIR += crowdsec + SUBDIR += crowdsec-firewall-bouncer SUBDIR += cryptlib SUBDIR += cryptopp SUBDIR += ct-submit diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile new file mode 100644 index 000000000000..cc954af98728 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/Makefile @@ -0,0 +1,39 @@ +PORTNAME= crowdsec-firewall-bouncer +PORTVERSION= 0.0.12 +DISTVERSIONPREFIX= v +CATEGORIES= security + +MAINTAINER= sbz@FreeBSD.org +COMMENT= Crowdsec bouncer written in golang for firewalls + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE + +RUN_DEPENDS= crowdsec>0:security/crowdsec + +USES= go:modules + +USE_RC_SUBR= crowdsec_firewall + +GO_MODULE= github.com/crowdsecurity/cs-firewall-bouncer + +GO_BUILDFLAGS= -ldflags "-s -w \ + -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=v${PORTVERSION} \ + -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=freebsd" + +SUB_FILES= pkg-message + +post-patch: + ${REINPLACE_CMD} 's,$${BACKEND},pf,g' \ + ${WRKSRC}/config/cs-firewall-bouncer.yaml + +do-install: + @${MKDIR} ${STAGEDIR}${ETCDIR} + + ${INSTALL_DATA} ${WRKSRC}/config/cs-firewall-bouncer.yaml \ + ${STAGEDIR}${ETCDIR}/cs-firewall-bouncer.yaml.sample + + ${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec-firewall-bouncer \ + ${STAGEDIR}${PREFIX}/bin/cs-firewall-bouncer + +.include <bsd.port.mk> diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo new file mode 100644 index 000000000000..ed0ddfb6c133 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1620824385 +SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.mod) = 62de12d4c417718ea7d7e009d7d06f103518c67e168db04c988808783e1e588d +SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.mod) = 1335 +SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.zip) = 9a82915c2f2f8d4872ebfaf4cc6046cbdc1ab5af42e3a22a721b4a29007fa25c +SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.zip) = 143391 diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in new file mode 100755 index 000000000000..48aa4cb1e16d --- /dev/null +++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in @@ -0,0 +1,25 @@ +#!/bin/sh +# +# PROVIDE: crowdsec_firewall +# REQUIRE: LOGIN DAEMON NETWORKING +# KEYWORD: shutdown +# + +. /etc/rc.subr + +name=crowdsec_firewall +desc="Crowdsec Firewall" +rcvar=crowdsec_firewall_enable + +load_rc_config $name + +: ${crowdsec_firewall_enbable:="NO"} +: ${crowdsec_firewall_config:="%%PREFIX%%/etc/crowdsec-firewall-bouncer/cs-firewall-bouncer.yaml"} + +pidfile=/var/run/$name.pid +required_files="$crowdsec_firewall_config" +procname="%%PREFIX%%/bin/cs-firewall-bouncer" +command=/usr/sbin/daemon +command_args="-fp $pidfile -t '$desc' -- '$procname' -c '$crowdsec_firewall_config'" + +run_rc_command "$1" diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in new file mode 100644 index 000000000000..77449b1567d1 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in @@ -0,0 +1,21 @@ +[ +{ type: install + message: <<EOM + +crowdsec-firewall-bouncer is installed. + +You need to edit the config file %%ETCDIR%%/cs-firewall-bouncer.yaml, your pf +config and enable rc via sysrc. + +Add the following in pf.conf to create the tables + +# create crowdsec ipv4 table +table <crowdsec-blacklists> persist + +# create crowdsec ipv6 table +table <crowdsec6-blacklists> persist + +# sysrc crowdsec_firewall_enable="YES" +EOM +} +] diff --git a/security/crowdsec-firewall-bouncer/pkg-descr b/security/crowdsec-firewall-bouncer/pkg-descr new file mode 100644 index 000000000000..e666b29dbc2e --- /dev/null +++ b/security/crowdsec-firewall-bouncer/pkg-descr @@ -0,0 +1,6 @@ +Crowdsec bouncer written in golang for firewalls. + +cs-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add +them in a blocklist used by supported firewalls. + +WWW: https://github.com/crowdsecurity/cs-firewall-bouncer diff --git a/security/crowdsec-firewall-bouncer/pkg-plist b/security/crowdsec-firewall-bouncer/pkg-plist new file mode 100644 index 000000000000..d70a51ea77f3 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/pkg-plist @@ -0,0 +1,2 @@ +@sample etc/crowdsec-firewall-bouncer/cs-firewall-bouncer.yaml.sample +bin/cs-firewall-bouncer |