ports/79907: [NEW PORT] security/pfw: A web frontend for the pf firewall

Thu Apr 14 13:50:16 UTC 2005

>Number:         79907
>Category:       ports
>Synopsis:       [NEW PORT] security/pfw: A web frontend for the pf firewall
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 14 13:50:14 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Renato Botelho
>Release:        FreeBSD 5.3-RELEASE-p7 i386
>Organization:
Galle Folheados - http://www.galle.com.br
>Environment:
System: FreeBSD data.galle.com.br 5.3-RELEASE-p7 FreeBSD 5.3-RELEASE-p7 #8: Tue Apr  5 08:06:19 BRST
>Description:
A web frontend for the pf firewall wrote in PHP.

What works?

    o Editing of macro, address translation, scrub, tables and
      filter rules. See the screenshots to see which options has been
      implemented.
    o Queues - works as of version 0.5.
    o Importing your current rulebase. And please backup your current
      /etc/pf.conf before you install pfw.
    o Installing the rulebase. This is not just a rulebase generator,
      it will read and write to and from your /etc/pf.conf file and
      reload pf through pfctl.
    o pfw makes an effort to preserving configurations currently
      not supported.

What doesn't work yet?

    o Advanced filter options like dup-to & fastroute.
    o Specifications using negated hosts, nets,... like !www.freebsd.org.

Author: Allard Consulting
WWW: http://www.allard.nu/pfw/

Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:

--- pfw-0.5.3.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	pfw
#	pfw/pkg-descr
#	pfw/Makefile
#	pfw/pkg-plist
#	pfw/distinfo
#	pfw/files
#	pfw/files/pkg-message.in
#
echo c - pfw
mkdir -p pfw > /dev/null 2>&1
echo x - pfw/pkg-descr
sed 's/^X//' >pfw/pkg-descr << 'END-of-pfw/pkg-descr'
XA web frontend for the pf firewall wrote in PHP.
X
XWhat works?
X
X    o Editing of macro, address translation, scrub, tables and
X      filter rules. See the screenshots to see which options has been
X      implemented.
X    o Queues - works as of version 0.5.
X    o Importing your current rulebase. And please backup your current
X      /etc/pf.conf before you install pfw.
X    o Installing the rulebase. This is not just a rulebase generator,
X      it will read and write to and from your /etc/pf.conf file and
X      reload pf through pfctl.
X    o pfw makes an effort to preserving configurations currently
X      not supported.
X
XWhat doesn't work yet?
X
X    o Advanced filter options like dup-to & fastroute.
X    o Specifications using negated hosts, nets,... like !www.freebsd.org.
X
XAuthor: Allard Consulting
XWWW: http://www.allard.nu/pfw/
END-of-pfw/pkg-descr
echo x - pfw/Makefile
sed 's/^X//' >pfw/Makefile << 'END-of-pfw/Makefile'
X# New ports collection makefile for:	pfw
X# Date created:		2005-04-14
X# Whom:			Renato Botelho <freebsd at galle.com.br>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	pfw
XPORTVERSION=	0.5.3
XCATEGORIES=	security www
XMASTER_SITES=	http://www.allard.nu/pfw/download/
XEXTRACT_SUFX=	.tgz
X
XMAINTAINER=	freebsd at galle.com.br
XCOMMENT=	A web frontend for the pf firewall
X
XRUN_DEPENDS=	sudo:${PORTSDIR}/security/sudo
X
XWANT_PHP_WEB=	yes
XNO_BUILD=	yes
X
XPFW_PREFIX=	${PREFIX}/www/pfw
XSUB_FILES=	pkg-message
XSUB_LIST=	PFW_PREFIX=${PFW_PREFIX}
XPKGMESSAGE=	${WRKDIR}/pkg-message
X
X.include <bsd.port.pre.mk>
X
Xdo-install:
X	@${MKDIR} ${PFW_PREFIX}
X	@${CP} -Rv ${WRKSRC}/* ${PFW_PREFIX}
X
Xpost-install:
X	@${CAT} ${PKGMESSAGE}
X	@${ECHO_CMD}
X
X.include <bsd.port.post.mk>
END-of-pfw/Makefile
echo x - pfw/pkg-plist
sed 's/^X//' >pfw/pkg-plist << 'END-of-pfw/pkg-plist'
X at comment $FreeBSD$
Xwww/pfw/INSTALL
Xwww/pfw/README
Xwww/pfw/bin/pfctlwrapper.sh
Xwww/pfw/bin/pfctlwrapper.sh.remote
Xwww/pfw/lib/altq.class.php
Xwww/pfw/lib/filter.class.php
Xwww/pfw/lib/macro.class.php
Xwww/pfw/lib/nat.class.php
Xwww/pfw/lib/options.class.php
Xwww/pfw/lib/pf.class.php
Xwww/pfw/lib/queue.class.php
Xwww/pfw/lib/rules.class.php
Xwww/pfw/lib/scrub.class.php
Xwww/pfw/lib/table.class.php
Xwww/pfw/web/altq.php
Xwww/pfw/web/altqedit.php
Xwww/pfw/web/commentedit.php
Xwww/pfw/web/config.php
Xwww/pfw/web/filter.php
Xwww/pfw/web/filteredit.php
Xwww/pfw/web/include.inc.php
Xwww/pfw/web/index.php
Xwww/pfw/web/install.php
Xwww/pfw/web/macro.php
Xwww/pfw/web/macroedit.php
Xwww/pfw/web/menu.php
Xwww/pfw/web/nat.php
Xwww/pfw/web/natedit.php
Xwww/pfw/web/options.php
Xwww/pfw/web/queue.php
Xwww/pfw/web/queueedit.php
Xwww/pfw/web/scrub.php
Xwww/pfw/web/scrubedit.php
Xwww/pfw/web/stylesheet.css
Xwww/pfw/web/table.php
Xwww/pfw/web/tableedit.php
Xwww/pfw/web/test.php
Xwww/pfw/web/write.php
X at dirrm www/pfw/bin
X at dirrm www/pfw/lib
X at dirrm www/pfw/web
X at dirrm www/pfw
END-of-pfw/pkg-plist
echo x - pfw/distinfo
sed 's/^X//' >pfw/distinfo << 'END-of-pfw/distinfo'
XMD5 (pfw-0.5.3.tgz) = d0442820beb5b2389c3b577f1bd4f900
XSIZE (pfw-0.5.3.tgz) = 28474
END-of-pfw/distinfo
echo c - pfw/files
mkdir -p pfw/files > /dev/null 2>&1
echo x - pfw/files/pkg-message.in
sed 's/^X//' >pfw/files/pkg-message.in << 'END-of-pfw/files/pkg-message.in'
X
X	ATTENTION:
X
X1) pfw needs Apache to run in non-chrooted mode (otherwise, we can't
Xaccess /etc/pf.conf).
X
X2) pfw relies on sudo to perform privileged operations and sudo needs to
Xbe configured for this. You need to add a line like this: 
Xwww ALL = NOPASSWD: %%PFW_PREFIX%%/bin/*
Xto your %%LOCALBASE%%/etc/sudoers file (edit with visudo).
XFeel free to verify the scripts in the bin directory to see that they
Xdon't do anything nasty before doing this :-)
X
X3) There is currently no builtin authentication in pfw so please read
Xhttp://httpd.apache.org/docs/howto/auth.html and add authentication
Xaccordingly.
X
XIf you want to use pfw to update a remote pfw, please read the
Xdocumentation in %%PFW_PREFIX%%/bin/pfwctlwrapper.sh.remote.
X
XThat's it. Pfw is now installed and ready to be used.
X
XEnjoy!
END-of-pfw/files/pkg-message.in
exit
--- pfw-0.5.3.shar ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted: