ports/146571: [patch] mail/spamd -- let obspamlogd manage its own pflog i/f
Matthew Seaman
m.seaman at infracaninophile.co.uk
Fri May 14 08:50:03 UTC 2010
>Number: 146571
>Category: ports
>Synopsis: [patch] mail/spamd -- let obspamlogd manage its own pflog i/f
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri May 14 08:50:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Matthew Seaman
>Release: FreeBSD 8.0-STABLE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 8.0-STABLE FreeBSD 8.0-STABLE #3: Thu May 6 23:45:37 BST 2010 root at happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386
>Description:
This patch adds a new rc.conf variable: obspamlogd_pflog_if
Default is for this to be unset, in which case current port behaviour
is unchanged.
However, if set to the name of a pflog interface, this causes the
obspamlogd rc script to force kldloading of the pflog module and
explicitly create and bring up the named pflog interface, plus it adds
'-l ${obspamlogd_pflog_if}' to the command-line flags used to start
obspamlogd.
This has two advantages:
* You can run obspamlogd independently of pflogd -- at the moment
there is an implicit dependency between the two.
* You can log SMTP traffic to a different pflog i/f using rules
like this in your pf ruleset:
pass log (to pflog1) on $ext_if proto tcp \
from any to any port smtp \
flags S/SA keep state
This is handy to separate logging of blocked and illegitimate
traffic from allowed and legitimate e-mail traffic.
Note: trying to use the standard 'cloned_interfaces' rc.conf mechanism
to create extra pflog interfaces is painful: the cloned_interfaces
mechanism takes place before /etc/rc.d/pflog runs and hence before the
pflog kernel module is loaded.
>How-To-Repeat:
>Fix:
--- spamd.diff begins here ---
? work
Index: files/obspamlogd.in
===================================================================
RCS file: /home/ncvs/ports/mail/spamd/files/obspamlogd.in,v
retrieving revision 1.4
diff -u -u -r1.4 obspamlogd.in
--- files/obspamlogd.in 27 Mar 2010 00:13:25 -0000 1.4
+++ files/obspamlogd.in 14 May 2010 08:20:57 -0000
@@ -15,6 +15,7 @@
#
# obspamlogd_enable="YES" # Run the spamlogd(8) daemon (YES/NO).
# obspamlogd_flags="" # Extra flags for spamlogd(8) (if enabled).
+# obspamlogd_pflog_if="" # pflog Interface for spamlogd(8) to monitor
#
# DO NOT CHANGE THESE DEFAULT VALUES HERE
#
@@ -32,6 +33,20 @@
obspamlogd_precmd()
{
+ if [ -n ${obspamlogd_pflog_if} ]; then
+ # Configure i/f explicitly
+ load_kld pflog || {
+ warn "Unable to kldload pflog module"
+ return 1
+ }
+
+ if ! ifconfig ${obspamlogd_pflog_if} create up; then
+ warn "could not bring up ${obspamlogd_pflog_if}"
+ return 1
+ fi
+
+ rc_flags="${rc_flags} -l ${obspamlogd_pflog_if}"
+ fi
_rc=0
/sbin/mount -p | grep 'fdescfs.*/dev/fd.*fdescfs.*rw' 2>&1 > /dev/null
_rc=${?}
@@ -48,6 +63,9 @@
obspamlogd_cleanup()
{
+ if [ -n ${obspamlogd_pflog_if} ]; then
+ ifconfig ${obspamlogd_pflog_if} destroy
+ fi
/bin/rm -f ${pidfile}
}
--- spamd.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list