OpenFWTK is an application proxy toolkit which inherits the ideology

of TIS fwtk and maintains API backwards compatibility. The design goal
is to make it simple yet powerful; no performance hacks allowed in the
code and library dependencies are reduced to minimum.

WWW: http://sourceforge.net/projects/openfwtk

PR:		ports/117194
Submitted by:	Anton Karpov <toxa at toxahost.ru>

security/Makefile

@@ -303,6 +303,7 @@
     SUBDIR += openbsm
     SUBDIR += opencdk
     SUBDIR += openct
+    SUBDIR += openfwtk
     SUBDIR += opensaml
     SUBDIR += opensc
     SUBDIR += openscep

security/openfwtk/Makefile

@@ -0,0 +1,69 @@
+# New ports collection makefile for:	openfwtk
+# Date created:				12 Oct 2007
+# Whom:					Anton Karpov <toxa@toxahost.ru>
+#
+# $FreeBSD$
+
+PORTNAME=	openfwtk
+PORTVERSION=	2.0
+CATEGORIES=	security
+MASTER_SITES=	SF
+MASTER_SITE_SUBDIR=	${PORTNAME}
+DISTNAME=${PORTNAME}${PORTVERSION}
+
+MAINTAINER=	toxa@toxahost.ru
+COMMENT=	Application proxy toolkit which inherits the ideology of TIS fwtk
+
+WRKSRC=	${WRKDIR}/fwtk
+WRKSRC_WATCH=	${WRKDIR}/fw_watch
+WRKSRC_MILTER=	${WRKDIR}/libci_milter
+
+OPTIONS=	WATCH "Install fw-watch GUI (require TCL/TK!)" off
+
+SUB_FILES=	pkg-message
+MANCOMPRESSED=	no
+
+.include <bsd.port.pre.mk>
+
+.if defined(WITH_WATCH)
+PLIST_SUB+=	WATCH=""
+RUN_DEPENDS+=	wish8.4:${PORTSDIR}/x11-toolkits/tk84
+.else
+PLIST_SUB+=	WATCH="@comment "
+.endif
+
+BUILD_DIRS=	${WRKSRC_MILTER} ${WRKSRC}
+
+do-build:
+.for i in ${BUILD_DIRS}
+	(cd ${WRKDIR}/${i}; ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} ${ALL_TARGET})
+.endfor
+
+post-build:
+	@${REINPLACE_CMD} -e 's|/etc/openfwtk.conf|${PREFIX}/etc/openfwtk.conf|g' \
+		${WRKSRC}/reports/summ_resources.sh ${WRKSRC}/reports/daily_report \
+		${WRKSRC}/reports/frequentcheck.sh ${WRKSRC}/reports/frequentcheck \
+		${WRKSRC}/auth/authadduser.sh ${WRKSRC}/squid-gw/squid-gw.restart \
+		${WRKSRC}/reports/daily_report ${WRKSRC}/reports/frequentcheck
+pre-install:
+	${MKDIR} ${ETCDIR}
+post-install:
+.if defined(WITH_WATCH)
+	${MKDIR} ${PREFIX}/share/fw_watch
+	@${REINPLACE_CMD} -e 's|/usr/bin/wish|${PREFIX}/bin/wish8.4|g' \
+		${WRKSRC_WATCH}/fileselect.tcl \
+		${WRKSRC_WATCH}/fw_watch \
+		${WRKSRC_WATCH}/newsb.tcl \
+		${WRKSRC_WATCH}/searchbox.tcl \
+		${WRKSRC_WATCH}/taputils.tcl
+	${CP} ${WRKSRC_WATCH}/fileselect.tcl ${PREFIX}/share/fw_watch/
+	${CP} ${WRKSRC_WATCH}/fw_watch ${PREFIX}/share/fw_watch/
+	${CP} ${WRKSRC_WATCH}/newsb.tcl ${PREFIX}/share/fw_watch/
+	${CP} ${WRKSRC_WATCH}/searchbox.tcl ${PREFIX}/share/fw_watch/
+	${CP} ${WRKSRC_WATCH}/taputils.tcl ${PREFIX}/share/fw_watch/
+.endif
+	${ECHO} "root@`hostname`" > ${ETCDIR}/admin
+	@${CAT} ${PKGMESSAGE}
+
+.include "Makefile.man"
+.include <bsd.port.post.mk>

security/openfwtk/Makefile.man

@@ -0,0 +1,58 @@
+# $FreeBSD$
+
+MAN3=	\
+	cfg_append.3 \
+	cfg_free.3 \
+	cfg_get.3 \
+	cfg_read.3 \
+	cfg_setpfile.3 \
+	conn_server.3 \
+	daemonize.3 \
+	do_daemon.3 \
+	enargv.3 \
+	getpassword.3 \
+	hostmatch.3 \
+	hup_exit.3 \
+	isalldigits.3 \
+	lock_fd.3 \
+	locktest_fd.3 \
+	lockun_fd.3 \
+	mapgid.3 \
+	maphostname.3 \
+	mapuid.3 \
+	nacasematch.3 \
+	namatch.3 \
+	peername.3 \
+	randomnumber.3 \
+	set_oob_notification.3 \
+	str_to_port.3 \
+	waitwaitwait.3 \
+	xmalloc.3 \
+	xrealloc.3 \
+	xstrdup.3  
+
+MAN5=	netperm-table.5
+
+MAN8=	\
+	auth_telnetd.8 \
+	authdump.8 \
+	authmgr.8 \
+	authsrv.8 \
+	cmd-gw.8 \
+	cvs-gw.8 \
+	dnsctl.8 \
+	ftp-gw.8 \
+	hqdaemon.8 \
+	ident-spoofer.8 \
+	lp-gw.8 \
+	netacl.8 \
+	nntp-gw.8 \
+	plug-gw.8 \
+	pop3-gw.8 \
+	rexec-gw.8 \
+	rsh-gw.8 \
+	smtpd.8 \
+	smtpfwdd.8 \
+	squid-gw.8 \
+	ssmtp.8
+

security/openfwtk/distinfo

@@ -0,0 +1,3 @@
+MD5 (openfwtk2.0.tar.gz) = 5747d028dd3f34af2a8dd93927a58413
+SHA256 (openfwtk2.0.tar.gz) = e09b30f13edcc0ec297add629259fc5414081d26aeb3ecc6bfc67f3a27f8d5b6
+SIZE (openfwtk2.0.tar.gz) = 615400

security/openfwtk/files/patch-Makefile.common

@@ -0,0 +1,29 @@
+--- Makefile.common.orig	2007-09-25 06:26:36.000000000 +0400
++++ Makefile.common	2007-10-12 04:55:16.000000000 +0400
+@@ -34,11 +34,11 @@
+ install-etc: $(ETCOBJS)
+ 	@for CETC in $(ETCOBJS) ""; do						\
+ 	    if [ "$$CETC" = "" ]; then continue; fi;				\
+-	    if [ -f $(PREFIX)/etc/$$CETC ]; then				\
+-	        echo "NOT installing $(PREFIX)/$$CETC: exists, skipped";	\
++	    if [ -f $(PREFIX)/etc/openfwtk/$$CETC ]; then				\
++	        echo "NOT installing $(PREFIX)/openfwtk/$$CETC: exists, skipped";	\
+ 	    else								\
+-	        echo "Installing ETC: $$CETC -> $(PREFIX)/etc";			\
+-		cp $$CETC $(PREFIX)/etc;					\
++	        echo "Installing ETC: $$CETC -> $(PREFIX)/etc/openfwtk";			\
++		cp $$CETC $(PREFIX)/etc/openfwtk;					\
+ 	    fi;									\
+ 	done;									\
+ 
+@@ -57,8 +57,7 @@
+ 	    echo "Creating/updating directory: $$CDIR";				\
+ 	    mkdir -p $$CDIR;							\
+ 	done;									\
+-	echo "Installing OpenFWTK base path: OFWTKPATH -> /etc/openfwtk.conf";	\
+-	echo "OFWTKPATH=\"$(PREFIX)\"" > /etc/openfwtk.conf
++	echo "Installing OpenFWTK base path: OFWTKPATH -> ${PREFIX}/etc/openfwtk.conf";	\
++	echo "OFWTKPATH=\"$(PREFIX)\"" > ${PREFIX}/etc/openfwtk.conf
+ 
+ install: all install-common install-bin install-man install-etc
+-	$(INSTALLADD)

security/openfwtk/files/patch-Makefile.config

@@ -0,0 +1,10 @@
+--- Makefile.config.orig	2007-10-12 02:30:32.000000000 +0400
++++ Makefile.config	2007-10-12 02:30:52.000000000 +0400
+@@ -1,6 +1,6 @@
+ # Define here one of the supported OS-es:
+ # Linux, FreeBSD, OpenBSD, Solaris, Solaris64, HP-UX, MacOSX
+-OSTYPE = Linux
++OSTYPE = FreeBSD
+ 
+ include $(GMKPATH)/configs/$(OSTYPE)
+ include $(GMKPATH)/Makefile.common

security/openfwtk/files/patch-configs-FreeBSD

@@ -0,0 +1,64 @@
+--- configs/FreeBSD.orig	2007-10-12 02:53:28.000000000 +0400
++++ configs/FreeBSD	2007-10-12 03:03:56.000000000 +0400
+@@ -2,25 +2,25 @@
+ CC = cc
+ CP = cp
+ MAKE = make
+-PREFIX = /usr/firewall
++PREFIX = /usr/local
+ 
+ # Defines path where to find ncurses libraries
+-NCURSES_LIBDIR=/usr/local/lib
++NCURSES_LIBDIR=/usr/lib
+ 
+ # Defines path where to find ncurses headers
+-NCURSES_INCDIR=/usr/local/include/ncurses
++NCURSES_INCDIR=/usr/include/ncurses
+ 
+ # Defines path where to find SSL libraries
+-SSL_LIBDIR=/usr/local/ssl/lib
++SSL_LIBDIR=/usr/lib
+ 
+ # Defines path where to find SSL headers
+-SSL_INCDIR=/usr/local/ssl/include
++SSL_INCDIR=/usr/include/openssl
+ 
+ # Defines path where to find GNU Magic/File libraries
+-MAGIC_LIBDIR=/usr/local/lib
++MAGIC_LIBDIR=/usr/lib
+ 
+ # Defines path where to find GNU Magic/File headers
+-MAGIC_INCDIR=/usr/local/include
++MAGIC_INCDIR=/usr/include
+ 
+ # Defines path where to find Milter client library (libci_milter)
+ MILTER_LIBDIR=../../libci_milter
+@@ -29,7 +29,7 @@
+ MILTER_INCDIR=../../libci_milter/include
+ 
+ # Defines path where to find berkeley bd headers
+-DBM_INCDIR=/usr/include/gdbm
++DBM_INCDIR=/usr/include
+ 
+ # Defines for your operating system
+ DEFINES=-DPREFIX=\"$(PREFIX)\"
+@@ -70,16 +70,16 @@
+ FWTKSRCDIR=$(PREFIX)/src/fwtk
+ 
+ # Location of X libraries for X-gw
+-XLIBDIR=/usr/X11R6/lib
++XLIBDIR=${X11BASE}lib/X11
+ 
+ # X Libraries
+ XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 -lSM -lICE -lXext
+ 
+ # Location of X include files
+-XINCLUDE=/usr/X11R6/include
++XINCLUDE=${X11BASE}/include/X11
+ 
+ # IPFilter location
+ #IPFILTER=$(PREFIX)/development/src/ipfilter/ip_fil3.2.9
+ 
+ # authsrv agent communication socket
+-AUTHSRV_SOCK_PATH=$(PREFIX)/var/
++AUTHSRV_SOCK_PATH=/var/run/openfwtk

security/openfwtk/files/patch-reports-Makefile

@@ -0,0 +1,13 @@
+--- reports/Makefile.orig	2007-09-25 00:20:36.000000000 +0400
++++ reports/Makefile	2007-10-12 04:54:53.000000000 +0400
+@@ -16,10 +16,3 @@
+ logtail: $(LTLOBJS)
+ 	$(OFWTKLINK) $(LTLOBJS)
+ 
+-INSTALLADD =												\
+-	if ! grep -q frequentcheck /etc/crontab; then 							\
+-	    echo "59      *       *       *       *       root    $(DEST)/frequentcheck">>/etc/crontab ;\
+-	fi; 												\
+-	if ! grep -q daily_report /etc/crontab; then 							\
+-	    echo "58      23      *       *       *       root    $(DEST)/daily_report">>/etc/crontab ;	\
+-	fi

security/openfwtk/files/patch-reports-frequentcheck.sh

@@ -0,0 +1,17 @@
+--- reports/frequentcheck.sh.orig	2007-10-12 04:42:16.000000000 +0400
++++ reports/frequentcheck.sh	2007-10-12 04:42:45.000000000 +0400
+@@ -43,10 +43,10 @@
+ 
+ PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
+ 
+-PATFILE=$OFWTKPATH/etc/frequentcheck.ignore
+-ALERTFILE=$OFWTKPATH/etc/securityalerts.ignore
+-WARNFILE=$OFWTKPATH/etc/securitywarnings.ignore
+-ERRFILE=$OFWTKPATH/etc/syserr.ignore
++PATFILE=$OFWTKPATH/etc/openfwtk/frequentcheck.ignore
++ALERTFILE=$OFWTKPATH/etc/openfwtk/securityalerts.ignore
++WARNFILE=$OFWTKPATH/etc/openfwtk/securitywarnings.ignore
++ERRFILE=$OFWTKPATH/etc/openfwtk/syserr.ignore
+ 
+ # Set the flag variables
+ FOUND=0

security/openfwtk/files/patch-squid-gw-squid-gw.restart

@@ -0,0 +1,8 @@
+--- squid-gw/squid-gw.restart.orig	2007-10-12 18:09:43.000000000 +0400
++++ squid-gw/squid-gw.restart	2007-10-12 18:10:12.000000000 +0400
+@@ -9,4 +9,4 @@
+     exit 1
+ fi
+ 
+-kill -HUP `cat $OFWTKPATH/var/pid/squid-gw.pid`
++kill -HUP `cat /var/run/openfwtk/squid-gw.pid`

security/openfwtk/files/pkg-message.in

@@ -0,0 +1,24 @@
+=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
+* NOTE:
+
+* In order to use OpenFWTK proxies you need to have 
+procfs(5) filesystem mounted. 
+
+* You are advised to add following to /etc/crontab:
+
+59      *       *       *       *       root    %%LOCALBASE%%/bin/frequentcheck
+58      23      *       *       *       root    %%LOCALBASE%%/bin/daily_report
+
+* In order to get this reports, run:
+echo "admin@email.addr" > %%LOCALBASE%%/etc/openfwtk/admin
+
+* fw_check installed in %%LOCALBASE%%/share/fw_watch.
+
+* In order to user openfwtk, you need to create 
+%%LOCALBASE%%/etc/netperm-table, there is no predefined
+example for now! 
+
+* netperm-table(5) is a good place to start read about
+various configuration options
+
+=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=

security/openfwtk/pkg-descr

@@ -0,0 +1,6 @@
+OpenFWTK is an application proxy toolkit which inherits the ideology 
+of TIS fwtk and maintains API backwards compatibility. The design goal 
+is to make it simple yet powerful; no performance hacks allowed in the 
+code and library dependencies are reduced to minimum.
+
+WWW: http://sourceforge.net/projects/openfwtk

security/openfwtk/pkg-plist

@@ -0,0 +1,53 @@
+bin/auth_cons
+bin/auth_telnetd
+bin/authadduser.sh
+bin/authdump
+bin/authload
+bin/authmgr
+bin/authsrv
+bin/chart.pl
+bin/cmd-gw
+bin/cmd-tn
+bin/cvs-gw
+bin/daily_report
+bin/dnsctl
+bin/frequentcheck
+bin/frequentcheck.sh
+bin/ftp-gw
+bin/get_today
+bin/hqdaemon
+bin/ident-spoofer
+bin/logtail
+bin/lp-gw
+bin/netacl
+bin/nntp-gw
+bin/nntp-top
+bin/plug-gw
+bin/pop3-gw
+bin/rexec-gw
+bin/rsh-gw
+bin/smtpd
+bin/smtpfwdd
+bin/squid-gw
+bin/squid-gw.restart
+bin/squid-log
+bin/squid-top
+bin/ssl-gw
+bin/ssmtp
+bin/summ_complete.pl
+bin/summ_resources.sh
+etc/openfwtk/alerts.add
+etc/openfwtk/frequentcheck.ignore
+etc/openfwtk/securityalerts.ignore
+etc/openfwtk/securitywarnings.ignore
+etc/openfwtk/syserr.ignore
+etc/openfwtk/warnings.add
+etc/openfwtk/admin
+etc/openfwtk.conf
+%%WATCH%%share/fw_watch/fileselect.tcl
+%%WATCH%%share/fw_watch/fw_watch
+%%WATCH%%share/fw_watch/newsb.tcl
+%%WATCH%%share/fw_watch/searchbox.tcl
+%%WATCH%%share/fw_watch/taputils.tcl
+%%WATCH%%@dirrm share/fw_watch
+@dirrm etc/openfwtk