- Include configuration file for pf.

- Add patch for supporting syslogd -v or -vv. PR: ports/157318 Submitted by: Nick Hilliard <nick@foobar.org> Approved by: maintainer timeout
svn path=/head/; revision=275333
2024-11-21 00:25:50 +00:00 · 2011-06-11 02:08:40 +00:00 · 2011-06-11 02:08:40 +00:00 · 68a7ee0efc · 2021-03-31 03:12:20 +00:00
commit 68a7ee0efc
parent a345978966
4 changed files with 78 additions and 0 deletions
--- a/security/py-fail2ban/Makefile
+++ b/security/py-fail2ban/Makefile
@ -7,6 +7,7 @@

 PORTNAME=	fail2ban
 PORTVERSION=	0.8.4
+PORTREVISION=	1
 CATEGORIES=	security python
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}-stable/${PORTNAME}-${PORTVERSION}
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
--- a/security/py-fail2ban/files/patch-common.conf
+++ b/security/py-fail2ban/files/patch-common.conf
@ -0,0 +1,17 @@
+--- config/filter.d/common.conf.orig	2011-05-25 14:25:33.000000000 +0100
+++ config/filter.d/common.conf	2011-05-25 14:25:42.000000000 +0100
+@@ -32,10 +32,13 @@
+ # EXAMPLES: sshd[31607], pop(pam_unix)[4920]
+ __daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
+ 
+# Logging facility and priority for BSD "-v" verbose mode
+__bsd_verbose_mode = (?:\s*\<\S+\.\S+\>\s*)
+
+ #
+ # Common line prefixes (beginnings) which could be used in filters
+ #
+ #       [hostname] [vserver tag] daemon_id spaces
+ # this can be optional (for instance if we match named native log files)
+-__prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
+__prefix_line = \s*%(__bsd_verbose_mode)s(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
+ 
--- a/security/py-fail2ban/files/patch-pf.conf
+++ b/security/py-fail2ban/files/patch-pf.conf
@ -0,0 +1,59 @@
+--- /dev/null   2010-01-12 16:33:00.000000000 -0500
+++ ./config/action.d/pf.conf     2010-01-12 16:26:51.000000000 -0500
+@@ -0,0 +1,56 @@
+# Fail2Ban configuration file
+#
+# OpenBSD pf ban/unban
+#
+# Author: Nick Hilliard <nick@foobar.org>
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+# we don't enable PF automatically, as it will be enabled elsewhere
+actionstart = 
+
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+# we don't disable PF automatically either
+actionstop = 
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = /sbin/pfctl -t fail2ban -T add <ip>/32
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+# note -r option used to remove matching rule
+actionunban = /sbin/pfctl -t fail2ban -T delete <ip>/32
+
+[Init]
--- a/security/py-fail2ban/pkg-plist
+++ b/security/py-fail2ban/pkg-plist
@ -14,6 +14,7 @@
 %%ETCDIR%%/action.d/mail-whois.conf
 %%ETCDIR%%/action.d/mail.conf
 %%ETCDIR%%/action.d/mynetwatchman.conf
+%%ETCDIR%%/action.d/pf.conf
 %%ETCDIR%%/action.d/sendmail-buffered.conf
 %%ETCDIR%%/action.d/sendmail-whois-lines.conf
 %%ETCDIR%%/action.d/sendmail-whois.conf