# $Id$ PortSystem 1.0 name fwknop version 1.9.11 categories net security maintainers blair description 'FireWall KNock OPerator': a port knocker to Linux servers homepage http://www.cipherdyne.org/fwknop/ platforms darwin long_description \ fwknop stands for the 'FireWall KNock OPerator', and \ implements an authorization scheme called Single \ Packet Authorization (SPA) that is based around \ Netfilter and libpcap. SPA requires only a single \ encrypted packet in order to communicate various \ pieces of information including desired access through \ a Netfilter policy and/or complete commands to execute \ on the target system. By using Netfilter to maintain \ a 'default drop' stance, the main application of this \ program is to protect services such as OpenSSH with an \ additional layer of security in order to make the \ exploitation of vulnerabilities (both 0-day and \ unpatched code) much more difficult. The \ authorization server passively monitors authorization \ packets via libcap and hence there is no 'server' to \ which to connect in the traditional sense. Access to \ a protected service is only granted after a valid \ encrypted and non-replayed packet is monitored. This \ port installs the client side script that you run to \ gain access to a Linux box. master_sites ${homepage}download/ checksums md5 2212debe7242ed6515f250362603280a \ sha1 ac8de170ea56c083d33caf016e955495dc6ac9b5 \ rmd160 7dda2459b97bf83ada7cdf487127057c918e18d9 use_bzip2 yes depends_lib port:p5-crypt-cbc \ port:p5-crypt-rijndael \ port:p5-digest-sha \ port:p5-net-ipv4addr \ port:p5-net-ping-external \ port:p5-term-readkey \ port:p5-unix-syslog use_configure no build {} destroot { system "cd ${worksrcpath} && ${prefix}/bin/perl -w -p -i -e 's:^#!/usr/bin/perl -w$:#!${prefix}/bin/perl -w:' fwknop" system "cd ${worksrcpath} && ${prefix}/bin/perl -w -p -i -e 's:^use lib ./usr/lib/fwknop.;::' fwknop" xinstall -m 755 ${worksrcpath}/fwknop ${destroot}${prefix}/bin xinstall -m 644 ${worksrcpath}/fwknop.8 ${destroot}${prefix}/share/man/man8 }