Date: Thu, 23 Jun 2005 09:30:10 -0400 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "Lupe Christoph" <lupe@lupe-christoph.de> Cc: ports@freebsd.org Subject: RE: FreeBSD Port: doorman-0.8 Message-ID: <MIEPLLIBMLEEABPDBIEGGEHEHHAA.fbsd_user@a1poweruser.com> In-Reply-To: <20050623043222.GA26076@lupe-christoph.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday, 2005-06-22 at 14:28:19 -0400, fbsd_user wrote: > There needs to be a /usr/local/etc/rc.d doormand.sh file to auto start > doorman at boot time. > I think this should be made part of the port distribution. I think you're right. And I'm glad I anticipated this request. Do you like the following? Lupe Christoph -------------------------------------------------------------------- ---- #!/bin/sh # # PROVIDE: doorman # REQUIRE: LOGIN # KEYWORD: FreeBSD # # Add the following lines to /etc/rc.conf to enable doorman: # doorman_enable (bool): Set to "NO" by default. # Set it to "YES" to enable doorman # doorman_config (path): Set to "/usr/local/etc/doormand/doormand.cf" by default. # . /usr/local/etc/rc.subr name="doorman" rcvar=`set_rcvar` [ -z "$doorman_enable" ] && doorman_enable="NO" [ -z "$doorman_config" ] && doorman_config="/usr/local/etc/doormand/doormand.cf" [ -f "$doorman_config" ] || (echo "$doorman_config" does not exist.; exit) command=/usr/local/sbin/doormand pidfile=/var/run/doormand.pid command_args="-p $pidfile -f $doorman_config" load_rc_config $name run_rc_command "$1" -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | Ask not what your computer can do for you | | ask what you can do for your computer. | -----Original Message----- From: Lupe Christoph [mailto:lupe@lupe-christoph.de] Sent: Thursday, June 23, 2005 12:32 AM To: fbsd_user Cc: ports@freebsd.org Subject: Re: FreeBSD Port: doorman-0.8 Lupe: Doing it your way will work also and is more in line with the 5.x way of doing things. But there is still need for a way to stop and/or restart it to get the updated guestlist file reread. Much like the (stop, start, and restart) functions for apache. And while you are at it the port description is so very poor at describing the port. How about something like this: Doorman runs as a daemon listening on a selectable high port number so it's camouflaged as normal traffic. When it receives an knock containing the pre-defined security info it will temporary create firewall rules (selectable for IPFW, IPF, PF) allowing the session conversation until completion at which time the rules are removed from the firewall. The firewall can be configured to deny all public inbound traffic except for the port doorman listens on and then Doorman will control what public access is allowed service by the security info contained in the knock. One last thing. Doorman has a ms/windows knock program available as a .zip file. Sure would be nice to have that zip file included with the port alone with a example Windows's script combining the knock exec with say FTP or telnet. Thanks. Joe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGGEHEHHAA.fbsd_user>