FreeBSD Port: doorman-0.8
fbsd_user at a1poweruser.com
Thu Jun 23 13:30:17 GMT 2005
On Wednesday, 2005-06-22 at 14:28:19 -0400, fbsd_user wrote:
> There needs to be a /usr/local/etc/rc.d doormand.sh file to auto
> doorman at boot time.
> I think this should be made part of the port distribution.
I think you're right. And I'm glad I anticipated this request. Do
like the following?
# PROVIDE: doorman
# REQUIRE: LOGIN
# KEYWORD: FreeBSD
# Add the following lines to /etc/rc.conf to enable doorman:
# doorman_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable doorman
# doorman_config (path): Set to
"/usr/local/etc/doormand/doormand.cf" by default.
[ -z "$doorman_enable" ] && doorman_enable="NO"
[ -z "$doorman_config" ] &&
[ -f "$doorman_config" ] || (echo "$doorman_config" does not exist.;
command_args="-p $pidfile -f $doorman_config"
| lupe at lupe-christoph.de |
| Ask not what your computer can do for you
| ask what you can do for your computer.
From: Lupe Christoph [mailto:lupe at lupe-christoph.de]
Sent: Thursday, June 23, 2005 12:32 AM
Cc: ports at freebsd.org
Subject: Re: FreeBSD Port: doorman-0.8
Doing it your way will work also and is more in line with the 5.x
way of doing things.
But there is still need for a way to stop and/or restart it to get
the updated guestlist file reread. Much like the (stop, start, and
restart) functions for apache.
And while you are at it the port description is so very poor at
describing the port.
How about something like this:
Doorman runs as a daemon listening on a selectable high port number
so it's camouflaged as normal traffic. When it receives an knock
containing the pre-defined security info it will temporary create
firewall rules (selectable for IPFW, IPF, PF) allowing the session
conversation until completion at which time the rules are removed
from the firewall. The firewall can be configured to deny all public
inbound traffic except for the port doorman listens on and then
Doorman will control what public access is allowed service by the
security info contained in the knock.
One last thing. Doorman has a ms/windows knock program available as
a .zip file. Sure would be nice to have that zip file included with
the port alone with a example Windows's script combining the knock
exec with say FTP or telnet.
More information about the freebsd-ports