From owner-freebsd-ports-bugs@FreeBSD.ORG  Mon May 12 08:20:10 2003
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E8F3937B401
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Mon, 12 May 2003 08:20:10 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D25E343FE1
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Mon, 12 May 2003 08:20:08 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h4CFK8Up019946
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Mon, 12 May 2003 08:20:08 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h4CFK8GB019945;
	Mon, 12 May 2003 08:20:08 -0700 (PDT)
Resent-Date: Mon, 12 May 2003 08:20:08 -0700 (PDT)
Resent-Message-Id: <200305121520.h4CFK8GB019945@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Max Laier <max@love2party.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9568B37B401
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 12 May 2003 08:18:32 -0700 (PDT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.189])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 568B443FDD
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 12 May 2003 08:18:31 -0700 (PDT)
	(envelope-from mlaier@vampire.homelinux.org)
Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 19FF4Q-00007h-00
	for FreeBSD-gnats-submit@freebsd.org; Mon, 12 May 2003 17:18:30 +0200
Received: from [217.83.15.180] (helo=vampire.homelinux.org)
	by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1)
	id 19FF4N-0001Dx-00
	for FreeBSD-gnats-submit@freebsd.org; Mon, 12 May 2003 17:18:28 +0200
Received: (qmail 59149 invoked by uid 1001); 12 May 2003 14:18:40 -0000
Message-Id: <20030512141840.59148.qmail@vampire.homelinux.org>
Date: 12 May 2003 14:18:40 -0000
From: Max Laier <max@love2party.net>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
cc: max@love2party.net
Subject: ports/52121: pf4freebsd port OpenBSD's pf ported
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Max Laier <max@love2party.net>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2003 15:20:11 -0000


>Number:         52121
>Category:       ports
>Synopsis:       pf4freebsd port OpenBSD's pf ported
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 12 08:20:08 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Max Laier
>Release:        FreeBSD 5.0-RELEASE-p7 i386
>Organization:
>Environment:
System: FreeBSD router.laiers.local 5.0-RELEASE-p7 FreeBSD 5.0-RELEASE-p7 #0: Mon Apr 14 13:13:41 CEST 2003 root@router.laiers.local:/usr/src/sys/i386/compile/MAX_SMP i386


	
>Description:
OpenBSD's pf (packetfilter) as in OpenBSD 3.3 as a loadable
		kernel module.
	
>How-To-Repeat:
	
>Fix:

	

--- pf_port.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	pf
#	pf/files
#	pf/files/pf.conf.default
#	pf/files/pf.sh.sample
#	pf/Makefile
#	pf/distinfo
#	pf/pkg-descr
#	pf/pkg-install
#	pf/pkg-message
#	pf/pkg-plist
#
echo c - pf
mkdir -p pf > /dev/null 2>&1
echo c - pf/files
mkdir -p pf/files > /dev/null 2>&1
echo x - pf/files/pf.conf.default
sed 's/^X//' >pf/files/pf.conf.default << 'END-of-pf/files/pf.conf.default'
X#	$OpenBSD: pf.conf,v 1.19 2003/03/24 01:47:28 ian Exp $
X#
X# See pf.conf(5) and /usr/share/pf for syntax and examples.
X# Required order: options, normalization, queueing, translation, filtering.
X# Macros and tables may be defined and used anywhere.
X# Note that translation rules are first match while filter rules are last match.
X
X# Macros: define common values, so they can be referenced and changed easily.
X#ext_if="ext0"	# replace with actual external interface name i.e., dc0
X#int_if="int0"	# replace with actual internal interface name i.e., dc1
X#internal_net="10.1.1.1/8"
X#external_addr="192.168.1.1"
X
X# Tables: similar to macros, but more flexible for many addresses.
X#table <foo> { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 }
X
X# Options: tune the behavior of pf, default values are given.
X#set timeout { interval 30, frag 10 }
X#set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
X#set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
X#set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
X#set timeout { icmp.first 20, icmp.error 10 }
X#set timeout { other.first 60, other.single 30, other.multiple 60 }
X#set limit { states 10000, frags 5000 }
X#set loginterface none
X#set optimization normal
X#set block-policy drop
X#set require-order yes
X
X# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
X#scrub in all
X
X# Queueing: rule-based bandwidth control.
X#altq on $ext_if bandwidth 2Mb cbq queue { dflt, developers, marketing }
X#queue dflt bandwidth 5% cbq(default)
X#queue developers bandwidth 80%
X#queue marketing  bandwidth 15%
X
X# Translation: specify how addresses are to be mapped or redirected.
X# nat: packets going out through $ext_if with source address $internal_net will
X# get translated as coming from the address of $ext_if, a state is created for
X# such packets, and incoming packets will be redirected to the internal address.
X#nat on $ext_if from $internal_net to any -> ($ext_if)
X
X# rdr: packets coming in on $ext_if with destination $external_addr:1234 will
X# be redirected to 10.1.1.1:5678. A state is created for such packets, and
X# outgoing packets will be translated as coming from the external address.
X#rdr on $ext_if proto tcp from any to $external_addr/32 port 1234 -> 10.1.1.1 port 5678
X
X# rdr outgoing FTP requests to the ftp-proxy
X#rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
X
X# spamd-setup puts addresses to be redirected into table <spamd>.
X#table <spamd> persist
X#no rdr on { lo0, lo1 } from any to any
X#rdr inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port 8025
X
X# Filtering: the implicit first two rules are
X#pass in all
X#pass out all
X
X# block all incoming packets but allow ssh, pass all outgoing tcp and udp
X# connections and keep state, logging blocked packets.
X#block in log all
X#pass  in  on $ext_if proto tcp from any to $ext_if port 22 keep state
X#pass  out on $ext_if proto { tcp, udp } all keep state
X
X# pass incoming packets destined to the addresses given in table <foo>.
X#pass in on $ext_if proto { tcp, udp } from any to <foo> port 80 keep state
X
X# pass incoming ports for ftp-proxy
X#pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state
X
X# assign packets to a queue.
X#pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers
X#pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing
END-of-pf/files/pf.conf.default
echo x - pf/files/pf.sh.sample
sed 's/^X//' >pf/files/pf.sh.sample << 'END-of-pf/files/pf.sh.sample'
X#!/bin/sh
X#
X# $FreeBSD$
X
Xif ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then
X    echo "$0: Cannot determine the PREFIX" >&2
X    echo "Please use the complete pathname." >&2
X    exit 1
Xfi
X
Xif [ -z "${source_rc_confs_defined}" ]; then
X	if [ -r /etc/defaults/rc.conf ]; then
X		. /etc/defaults/rc.conf
X		source_rc_confs
X	elif [ -r /etc/rc.conf ]; then
X		. /etc/rc.conf
X	fi
Xfi
X
Xcase "$1" in
Xstart)
X	case "${pf_enable}" in
X	    [Yy][Ee][Ss])
X	    echo -n ' pf'
X	    kldload ${PREFIX}/modules/pflog.ko
X	    kldload ${PREFIX}/modules/pfsync.ko
X	    if [ -f ${PREFIX}/modules/pfaltq.ko ]; then
X		kldload ${PREFIX}/modules/pfaltq.ko
X	    fi
X	    ifconfig pflog0 up
X	    ifconfig pfsync0 up
X	    case "${pf_logd}" in
X	    [Yy][Ee][Ss])
X		if [ -x ${PREFIX}/sbin/pflogd ]; then
X			echo -n ' pflogd'
X			${PREFIX}/sbin/pflogd
X		fi
X	    	;;
X	    esac
X	    kldload ${PREFIX}/modules/pf.ko
X	    if [ -f ${pf_conf:-${PREFIX}/etc/pf.conf} ]; then
X		if [ -x ${PREFIX}/sbin/pfctl ]; then
X			${PREFIX}/sbin/pfctl -e \
X				-f ${pf_conf:-${PREFIX}/etc/pf.conf} \
X				${pfctl_flags}
X		fi
X	    fi
X	    ;;
X	esac
X	;;
Xstop)
X	if [ -x ${PREFIX}/sbin/pfctl ]; then
X		${PREFIX}/sbin/pfctl -d
X	fi
X	killall pflogd
X	kldunload pf
X	if [ -f ${PREFIX}/modules/pfaltq.ko ]; then
X		kldunload pfaltq
X	fi
X	kldunload pflog
X	kldunload pfsync
X	;;
X*)
X	echo "Usage: `basename $0` {start|stop}" >&2
X	;;
Xesac
X
Xexit 0
END-of-pf/files/pf.sh.sample
echo x - pf/Makefile
sed 's/^X//' >pf/Makefile << 'END-of-pf/Makefile'
X# New ports collection makefile for:	pf_freebsd
X# Date created:		08 May 2003
X# Whom:			Max Laier <max@love2party.net>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	pf_freebsd
XPORTVERSION=	1.0
XCATEGORIES=	security ipv6
XMASTER_SITES=	http://pf4freebsd.love2party.net/
X.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
XPKGNAMESUFFIX=	-altq
X.endif
XDISTNAME=	${PORTNAME}_${PORTVERSION}
X
XMAINTAINER=	max@love2party.net
XCOMMENT=	OpenBSD pf as a kldmodule
X
X.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
XIS_INTERACTIVE= yes
X.endif
X
XSTARTUP_SCRIPT= ${PREFIX}/etc/rc.d/pf.sh.sample
XSAMPLE_CONFIG=  ${PREFIX}/etc/pf.conf.default
X
XMAN1=		pftcpdump.1
XMAN4=		pf.4
XMAN4+=		pflog.4
XMAN4+=		pfsync.4
XMAN5=		pf.conf.5
XMAN8+=		ftp-proxy.8
XMAN8+=		pfctl.8
XMAN8+=		pflogd.8
XMAN8+=		pftop.8
X
XMANCOMPRESSED=	maybe
X
XKMODDIR?=	${PREFIX}/modules
XMAKE_ARGS=	KMODDIR="${KMODDIR}" MANDIR="${PREFIX}/man/man"
X
X.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
XSYS_ALTQ?=	/usr/src/sys.altq
XMAKE_ARGS+=	WITH_ALTQ="yes" SYS_ALTQ="${SYS_ALTQ}"
XPLIST_SUB+=	WITH_ALTQ=""
X.else
XPLIST_SUB+=	WITH_ALTQ="@comment "
X.endif
X
X.include <bsd.port.pre.mk>
X
X.if ${OSVERSION} < 500000
XBROKEN=	"Sorry only for 5.0 and above"
X.endif
X
XSRC_BASE?=	/usr/src
X.if !exists(${SRC_BASE}/sys/Makefile) && \
X    (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile)
XBROKEN=	"Kernel source files required"
X.endif
X
X.if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes")
Xpre-fetch:
X	@${ECHO_CMD} "======================================================="
X	@${ECHO_CMD} "* If you have ALTQ support from:                      *"
X	@${ECHO_CMD} "*   http://www.rofug.ro/projects/freebsd-altq/        *"
X	@${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it  *"
X	@${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src  *"
X	@${ECHO_CMD} "*                                                     *"
X	@${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *"
X	@${ECHO_CMD} "*                                                     *"
X	@${ECHO_CMD} "======================================================="
X	@sleep 2
X.endif
X
Xpre-install:
X	${MKDIR} ${KMODDIR}
X	${MKDIR} ${PREFIX}/include/pf
X	${MKDIR} ${PREFIX}/include/pf/net
X.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
X	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
X.endif
X
Xpost-install:
X	${ECHO} "Installing include files ..."
X	${INSTALL_DATA} ${WRKSRC}/include/net/pfvar.h 			\
X	${PREFIX}/include/pf/net
X	${INSTALL_DATA} ${WRKSRC}/include/net/if_pflog.h 		\
X	${PREFIX}/include/pf/net
X	${INSTALL_DATA} ${WRKSRC}/include/net/if_pfsync.h 		\
X	${PREFIX}/include/pf/net
X	@if [ -f ${WRKSRC}/man/pf.4.gz ]; then				\
X		${ECHO} "Installing pftcpdump(1) man page.";		\
X		gzip -cn ${WRKSRC}/freebsd_tcpdump/tcpdump.1 >		\
X			 ${WRKSRC}/freebsd_tcpdump/tcpdump.1.gz ;	\
X		${INSTALL_MAN} ${WRKSRC}/freebsd_tcpdump/tcpdump.1.gz	\
X		${PREFIX}/man/man1/pftcpdump.1.gz ;			\
X	else								\
X		${ECHO} "Installing pftcpdump(1) man page.";		\
X		${INSTALL_MAN} ${WRKSRC}/freebsd_tcpdump/tcpdump.1	\
X		${PREFIX}/man/man1/pftcpdump.1 ;			\
X	fi
X	@if [ ! -f ${STARTUP_SCRIPT} ]; then				\
X		${ECHO} "Installing ${STARTUP_SCRIPT} startup file." ;	\
X		${INSTALL_SCRIPT} ${FILESDIR}/pf.sh.sample		\
X		${STARTUP_SCRIPT} ;					\
X	fi
X	@if [ ! -f ${SAMPLE_CONFIG} ]; then				\
X		${ECHO} "Installing ${SAMPLE_CONFIG} config file." ;	\
X		${INSTALL_DATA} ${FILESDIR}/pf.conf.default		\
X		${SAMPLE_CONFIG};					\
X	fi
X	${SED} -e 's!%%PREFIX%%!${PREFIX}!' pkg-message
X
X.include <bsd.port.post.mk>
END-of-pf/Makefile
echo x - pf/distinfo
sed 's/^X//' >pf/distinfo << 'END-of-pf/distinfo'
XMD5 (pf_freebsd_1.0.tar.gz) = 66b573f0f6884b61f41240111425b93e
END-of-pf/distinfo
echo x - pf/pkg-descr
sed 's/^X//' >pf/pkg-descr << 'END-of-pf/pkg-descr'
XThis is a port of OpenBSD's pf (packet filter) to FreeBSD as a loadable
Xkernel module ported by Pyun YongHyeon. Information about pf can be found 
Xat: http://www.benzendrine.cx/pf.html the website of Daniel Hartmeier the
Xoriginal author of pf.
XYou have to have:
X=========================================================================
Xoptions		PFIL_HOOKS
Xoptions		RANDOM_IP_ID	# Recommend, but may work without
X=========================================================================
Xin your kernel in oder to use pf.
X
XWWW: http://pf4freebsd.love2party.net/
X
X-Max <reports@pf4freebsd.love2party.net>
END-of-pf/pkg-descr
echo x - pf/pkg-install
sed 's/^X//' >pf/pkg-install << 'END-of-pf/pkg-install'
X#!/bin/sh
X# an installation script for pf_freebsd copied from Wnn6
X
Xcheck_pw()
X{
X    if which -s pw; then
X	:
X    else
X	cat <<EOF
X
XThis system looks like a pre-2.2 version of FreeBSD.  We see that it
Xis missing the "pw" utility.  We need this utility.  Please get and
Xinstall it, and try again.  You can get the source from:
X
X  ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz
X
XEOF
X	exit 1
X    fi
X}
X
Xask() {
X    local question default answer
X
X    question=$1
X    default=$2
X    if [ -z "${PACKAGE_BUILDING}" ]; then
X	read -p "${question} (y/n) [${default}]? " answer
X    fi
X    if [ x${answer} = x ]; then
X	answer=${default}
X    fi
X    echo ${answer}
X}
X
Xyesno() {
X    local dflt question answer
X
X    question=$1
X    dflt=$2
X    while :; do
X	answer=$(ask "${question}" "${dflt}")
X	case "${answer}" in
X	[Yy]*)		return 0;;
X	[Nn]*)		return 1;;
X	esac
X	echo "Please answer yes or no."
X    done
X}
X
Xcheck_service() {
X    local name number type comment
X    
X    name=$1
X    number=$2
X    type=$3
X    comment=$4
X    
X    FILE="/etc/services"
X    # check
X    OK=no
X    HAS_SERVICE=no
X    COUNT=1
X    for i in `grep $name $FILE `; do
X	if [ $COUNT = 1 ] && [ X"$i" = X"$name" ]; then
X	    HAS_SERVICE=yes
X	elif [ $COUNT = 2 ] && [ $HAS_SERVICE = yes ] && \
X		[ X"$i" = X"$number/$type" ]; then
X	    OK=yes
X	    break
X	fi
X	COUNT=`expr ${COUNT} + 1`
X    done
X    # add an entry for SERVICE to /etc/services
X    if [ $OK = no ]; then
X	echo "This system has no entry for $name in ${FILE}"
X	if yesno "Would you like to add it automatically?" y; then
X	    mv ${FILE} ${FILE}.bak
X	    (grep -v $name ${FILE}.bak ; \
X		echo "$name	$number/$type	# $comment") \
X		>> ${FILE}
X	    rm ${FILE}.bak
X	else
X	    echo "Please add '$name $number/$type' into ${FILE}, and try again."
X	    return 1
X	fi
X    fi
X    return 0
X}
X
Xcheck_group() {
X    local name id
X
X    name=$1
X    id=$2
X    #check
X    # We need a command 'pw(8)'
X    check_pw
X    if pw groupshow $name -q ; then
X	return 0
X    fi
X    if pw groupadd -g $id -n $name -N -q ; then 
X    	echo ""
X    	echo "You need a group '$name' whose ID number is $id"
X    	if yesno "Would you like to create it automatically?" y; then
X	    pw groupadd -g $id -n $name
X	    return 0
X	fi
X    fi
X    echo ""
X    echo "I was not able to add group 'proxy:*:71:' as pw reported:"
X    pw groupadd -g $id -n $name -N
X    echo "Please correct this and try again!"
X    echo ""
X    return 1
X}
X
Xcheck_user() {
X    local name id group
X
X    name=$1
X    id=$2
X    group=$3
X    # check
X    id_id=`id -u $id 2> /dev/null`
X    id_name=`id -u $name 2> /dev/null`
X    if [ X"$id_name" = X$id ];then
X	return 0
X    elif [ X"$id_id" != X ]; then
Xcat <<EOF
X
X+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
XThis system already has an account whose name is not '$name' and ID
Xnumber is $id.
X
X   '`id $id`'
X
XFor ftp-proxy in this port or package, ID number of '$name' has to be $id.
XPlease try again after you delete the account.
X+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
XEOF
X	exit 1
X    elif [ X"$id_name" != X ]; then
X	cat <<EOF
X
XThere is a user '$name' with ID '$id_name'. I'll try to use this account.
X
XEOF
X	return 0
X    fi
X
X    # add an account '$name' to this system
X    echo ""
X    echo "You need an account '$name' whose ID number is $id"
X    if yesno "Would you like to create it automatically?" y; then
X	# We need a command 'pw(8)'
X	check_pw
X	pw useradd $name -u $id -g $group -h - -d /nonexistent \
X		-s /nonexistent -c $name || exit
X    else
X	echo "Please create it, and try again."
X	return 1
X    fi
X    return 0
X}
X
Xcase $2 in
XPRE-INSTALL)
X
X    if ! check_service ftp-proxy 8021 tcp "# ftp-proxy service port"; then
X	exit 1
X    fi
X    if [ "`grep ftp-proxy /etc/inetd.conf`" ]; then
X 	echo "Found ftp-proxy entry in inetd.conf ..."
X    else
X	echo "Adding sample entry for ftp-proxy to /etc/inetd.conf"
X	echo "#ftp-proxy stream tcp nowait root ${PKG_PREFIX}/libexec/ftp-proxy ftp-proxy" >> /etc/inetd.conf
X    fi
X    if ! check_group proxy 71 ; then 
X	exit 1
X    fi
X    groupid=`pw groupshow proxy | awk \
X		'{ split ($1,var,":"); print var[3] }' `
X    if ! check_user proxy 71 $groupid; then
X	exit 1
X    fi
X    ;;
X
Xesac
END-of-pf/pkg-install
echo x - pf/pkg-message
sed 's/^X//' >pf/pkg-message << 'END-of-pf/pkg-message'
X===========================================================================
XPlease set the folloing variables in rc.conf according to your needs:
X
X	pf_enable 	= "Yes"
X	pf_logd	  	= "Yes"
X	pf_conf		= "%%PREFIX%%/etc/pf.conf"
X
XThey are used within %%PREFIX%%/etc/rc.d/pf.sh to bring pf up!
X===========================================================================
END-of-pf/pkg-message
echo x - pf/pkg-plist
sed 's/^X//' >pf/pkg-plist << 'END-of-pf/pkg-plist'
Xlibexec/ftp-proxy
X
Xmodules/linker.hints
Xmodules/pf.ko
Xmodules/pflog.ko
Xmodules/pfsync.ko
X%%WITH_ALTQ%%modules/pfaltq.ko
X
Xsbin/pfctl
Xsbin/pflogd
Xsbin/pftcpdump
Xsbin/pftop
X
Xetc/rc.d/pf.sh.sample
Xetc/pf.conf.default
X
Xinclude/pf/net/pfvar.h
Xinclude/pf/net/if_pflog.h
Xinclude/pf/net/if_pfsync.h
X
X@dirrm modules
X@dirrm include/pf/net
X@dirrm include/pf
END-of-pf/pkg-plist
exit
--- pf_port.shar ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: