FreeBSD Port: doorman-0.8

Lupe Christoph lupe at lupe-christoph.de
Sat Jun 25 10:56:14 GMT 2005 

On Friday, 2005-06-24 at 09:21:26 -0400, fbsd_user wrote:

> Your wrote

> Even more would I appreciate if you were able to test doormand with
> ipfw.
> I don't have the time to set up infrastructure to do this test.

> I reply.

> Lets collaborate. I have a work bench infrastructure where I can
> test doorman with all 3 of the FreeBSD built in firewalls IPF, IPFW,
> and PF.

> I have completed testing using IPF. I changed the ipf_add script and
> added new comments. I am sending it to you as a attached file.

I will have a look at your changes this weekend.

> I also found a problem with the file permission as installed by the
> port. The file permission have to be read, write, exec for owner
> only. Owner has to be root. not just the files in
> /usr/locat/etc/doormand  but also for doormand, knock, and .knockcf.

Can you please spell out what your roblem with the current permissions
is? I.e. what do you have, and what do you think it should be.

> I also experienced some problems with the knock program and how it
> process the .kickcf file. After I document the problem can you fix
> it or should I report it to the doorman group at the sourceforge
> project?

Let me spell out my relation to doorman:

I needed a port knocking daemon on my FreeBSD DSL-Router/Firewall. The
only program I found that existed for Linux (I have Ubuntu on my
notebook) and FreeBSD was doorman. When I found out that the doormand
from the FreeBSD port did not work I filed PRs.

Since Aaron Dalton, then the maintainer, did not feel up to fixing
doormand, they lingered, eventually leading to a committer marking the
port as BROKEN. After a brief discussion, I took over as maintainer
and created the 0.8_1 version of the port. This is the first version
that has a doormand that works on FreeBSD.

I replaced the IPFilter scripts because the ones in the original source
can never have worked.

Bruce Ward, the author of doorman has my changes, and I hope he will add
my changes in a future version. Unfortunately, he does not seem to have
enough time these days to do much.

I myself have enough time to work with doorman on my existing setup, as
described above. And I can work on the FreeBSD port.

If your problems with knock are specific to FreeBSD, I think I'm the one
to work on them. If they are generic, contact Bruce Ward
(bward2 at users.sourceforge.net). But don't expect a fast reply. I would
appreciate a Cc.

HTH,
Lupe Christoph
-- 
| lupe at lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| Ask not what your computer can do for you                              |
| ask what you can do for your computer.                                 |

More information about the freebsd-ports mailing list