aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSofian Brabez <sbz@FreeBSD.org>2021-05-24 15:14:29 +0000
committerSofian Brabez <sbz@FreeBSD.org>2021-05-24 15:38:06 +0000
commit9ecdfbcdb55b424ca0df02b4a7fd72fc298cf9bf (patch)
tree363b64961e869c0c81e4d8dcfd34680b52033890
parent31c1a83b5c002170ca78ef9e6e0e51864dc1ce89 (diff)
downloadports-9ecdfbcdb55b424ca0df02b4a7fd72fc298cf9bf.tar.gz
ports-9ecdfbcdb55b424ca0df02b4a7fd72fc298cf9bf.zip
security/crowdsec-firewall-bouncer: new port
Crowdsec bouncer written in golang for firewalls. cs-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add them in a blocklist used by supported firewalls. WWW: https://github.com/crowdsecurity/cs-firewall-bouncer
-rw-r--r--security/Makefile1
-rw-r--r--security/crowdsec-firewall-bouncer/Makefile39
-rw-r--r--security/crowdsec-firewall-bouncer/distinfo5
-rwxr-xr-xsecurity/crowdsec-firewall-bouncer/files/crowdsec_firewall.in25
-rw-r--r--security/crowdsec-firewall-bouncer/files/pkg-message.in21
-rw-r--r--security/crowdsec-firewall-bouncer/pkg-descr6
-rw-r--r--security/crowdsec-firewall-bouncer/pkg-plist2
7 files changed, 99 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index b6060eb1d6e4..ce92287f6e4d 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -102,6 +102,7 @@
SUBDIR += crackpkcs12
SUBDIR += create-cert
SUBDIR += crowdsec
+ SUBDIR += crowdsec-firewall-bouncer
SUBDIR += cryptlib
SUBDIR += cryptopp
SUBDIR += ct-submit
diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile
new file mode 100644
index 000000000000..cc954af98728
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/Makefile
@@ -0,0 +1,39 @@
+PORTNAME= crowdsec-firewall-bouncer
+PORTVERSION= 0.0.12
+DISTVERSIONPREFIX= v
+CATEGORIES= security
+
+MAINTAINER= sbz@FreeBSD.org
+COMMENT= Crowdsec bouncer written in golang for firewalls
+
+LICENSE= MIT
+LICENSE_FILE= ${WRKSRC}/LICENSE
+
+RUN_DEPENDS= crowdsec>0:security/crowdsec
+
+USES= go:modules
+
+USE_RC_SUBR= crowdsec_firewall
+
+GO_MODULE= github.com/crowdsecurity/cs-firewall-bouncer
+
+GO_BUILDFLAGS= -ldflags "-s -w \
+ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=v${PORTVERSION} \
+ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=freebsd"
+
+SUB_FILES= pkg-message
+
+post-patch:
+ ${REINPLACE_CMD} 's,$${BACKEND},pf,g' \
+ ${WRKSRC}/config/cs-firewall-bouncer.yaml
+
+do-install:
+ @${MKDIR} ${STAGEDIR}${ETCDIR}
+
+ ${INSTALL_DATA} ${WRKSRC}/config/cs-firewall-bouncer.yaml \
+ ${STAGEDIR}${ETCDIR}/cs-firewall-bouncer.yaml.sample
+
+ ${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec-firewall-bouncer \
+ ${STAGEDIR}${PREFIX}/bin/cs-firewall-bouncer
+
+.include <bsd.port.mk>
diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo
new file mode 100644
index 000000000000..ed0ddfb6c133
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1620824385
+SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.mod) = 62de12d4c417718ea7d7e009d7d06f103518c67e168db04c988808783e1e588d
+SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.mod) = 1335
+SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.zip) = 9a82915c2f2f8d4872ebfaf4cc6046cbdc1ab5af42e3a22a721b4a29007fa25c
+SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.12/v0.0.12.zip) = 143391
diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
new file mode 100755
index 000000000000..48aa4cb1e16d
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# PROVIDE: crowdsec_firewall
+# REQUIRE: LOGIN DAEMON NETWORKING
+# KEYWORD: shutdown
+#
+
+. /etc/rc.subr
+
+name=crowdsec_firewall
+desc="Crowdsec Firewall"
+rcvar=crowdsec_firewall_enable
+
+load_rc_config $name
+
+: ${crowdsec_firewall_enbable:="NO"}
+: ${crowdsec_firewall_config:="%%PREFIX%%/etc/crowdsec-firewall-bouncer/cs-firewall-bouncer.yaml"}
+
+pidfile=/var/run/$name.pid
+required_files="$crowdsec_firewall_config"
+procname="%%PREFIX%%/bin/cs-firewall-bouncer"
+command=/usr/sbin/daemon
+command_args="-fp $pidfile -t '$desc' -- '$procname' -c '$crowdsec_firewall_config'"
+
+run_rc_command "$1"
diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in
new file mode 100644
index 000000000000..77449b1567d1
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in
@@ -0,0 +1,21 @@
+[
+{ type: install
+ message: <<EOM
+
+crowdsec-firewall-bouncer is installed.
+
+You need to edit the config file %%ETCDIR%%/cs-firewall-bouncer.yaml, your pf
+config and enable rc via sysrc.
+
+Add the following in pf.conf to create the tables
+
+# create crowdsec ipv4 table
+table <crowdsec-blacklists> persist
+
+# create crowdsec ipv6 table
+table <crowdsec6-blacklists> persist
+
+# sysrc crowdsec_firewall_enable="YES"
+EOM
+}
+]
diff --git a/security/crowdsec-firewall-bouncer/pkg-descr b/security/crowdsec-firewall-bouncer/pkg-descr
new file mode 100644
index 000000000000..e666b29dbc2e
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/pkg-descr
@@ -0,0 +1,6 @@
+Crowdsec bouncer written in golang for firewalls.
+
+cs-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add
+them in a blocklist used by supported firewalls.
+
+WWW: https://github.com/crowdsecurity/cs-firewall-bouncer
diff --git a/security/crowdsec-firewall-bouncer/pkg-plist b/security/crowdsec-firewall-bouncer/pkg-plist
new file mode 100644
index 000000000000..d70a51ea77f3
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/pkg-plist
@@ -0,0 +1,2 @@
+@sample etc/crowdsec-firewall-bouncer/cs-firewall-bouncer.yaml.sample
+bin/cs-firewall-bouncer