LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

Fwknopd: Various updates 

Adds configuration option for NFQ capture, moves often written
configuration files to /var/etc.

Signed-off-by: Jonathan Bennett <JBennett@incomsystems.biz>
lilik-openwrt-22.03
Jonathan Bennett 8 years ago
parent
f167378f3d
commit
e5251d1815
3 changed files with 26 additions and 11 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -0
      net/fwknop/Config.in
  2. +8
    -2
      net/fwknop/Makefile
  3. +14
    -9
      net/fwknop/files/fwknopd.init

+ 4
- 0
net/fwknop/Config.in View File

@ -7,6 +7,10 @@ config FWKNOPD_GPG
select PACKAGE_gnupg select PACKAGE_gnupg
default n default n
config FWKNOPD_NFQ_CAPTURE
bool "Enable netfilter_queue capture support (disables libpcap support)"
select PACKAGE_iptables-mod-nfqueue
default n
endmenu endmenu

+ 8
- 2
net/fwknop/Makefile View File

@ -9,11 +9,12 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=fwknop PKG_NAME:=fwknop
PKG_VERSION:=2.6.9 PKG_VERSION:=2.6.9
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download
PKG_MD5SUM:=e2c49e9674888a028bd443a55c3aaa22 PKG_MD5SUM:=e2c49e9674888a028bd443a55c3aaa22
PKG_HASH:=5bf47fe1fd30e862d29464f762c0b8bf89b5e298665c37624d6707826da956d4
PKG_MAINTAINER:=Jonathan Bennett <JBennett@incomsystems.biz> PKG_MAINTAINER:=Jonathan Bennett <JBennett@incomsystems.biz>
PKG_LICENSE:=GPLv2 PKG_LICENSE:=GPLv2
PKG_INSTALL:=1 PKG_INSTALL:=1
@ -42,7 +43,8 @@ define Package/fwknopd
CATEGORY:=Network CATEGORY:=Network
SUBMENU:=Firewall SUBMENU:=Firewall
TITLE+= Daemon TITLE+= Daemon
DEPENDS:=+iptables +libfko +libpcap +FWKNOP_GPG:gnupg
DEPENDS:=+iptables +libfko +!FWKNOPD_NFQ_CAPTURE:libpcap +FWKNOPD_NFQ_CAPTURE:iptables-mod-nfqueue +FWKNOP_GPG:gnupg \
+FWKNOPD_NFQ_CAPTURE:libnetfilter-queue +FWKNOPD_NFQ_CAPTURE:libnfnetlink
endef endef
define Package/fwknopd/description define Package/fwknopd/description
@ -92,6 +94,10 @@ ifneq ($(CONFIG_FWKNOPD_GPG),y)
CONFIGURE_ARGS += --without-gpgme CONFIGURE_ARGS += --without-gpgme
endif endif
ifeq ($(CONFIG_FWKNOPD_NFQ_CAPTURE),y)
CONFIGURE_ARGS += --enable-nfq-capture
endif
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \
--with-iptables=/usr/sbin/iptables --with-iptables=/usr/sbin/iptables


+ 14
- 9
net/fwknop/files/fwknopd.init View File

@ -12,7 +12,12 @@ FWKNOPD_BIN=/usr/sbin/fwknopd
start() start()
{ {
gen_confs gen_confs
$FWKNOPD_BIN
if [ $UCI_ENABLED ]; then
$FWKNOPD_BIN -c /var/etc/fwknopd.conf -a /var/etc/access.conf
else
$FWKNOPD_BIN
fi
} }
stop() stop()
@ -51,10 +56,10 @@ gen_confs()
local option="$1" local option="$1"
local value="$2" local value="$2"
if [ "$option" = "uci_enabled" ] && [ "$value" -eq 1 ] ; then if [ "$option" = "uci_enabled" ] && [ "$value" -eq 1 ] ; then
> /etc/fwknop/fwknopd.conf
> /etc/fwknop/access.conf
chmod 600 /etc/fwknop/fwknopd.conf
chmod 600 /etc/fwknop/access.conf
> /var/etc/fwknopd.conf
> /var/etc/access.conf
chmod 600 /var/etc/fwknopd.conf
chmod 600 /var/etc/access.conf
UCI_ENABLED=1 UCI_ENABLED=1
fi fi
} }
@ -63,20 +68,20 @@ gen_confs()
local option="$1" local option="$1"
local value="$2" local value="$2"
if [ $UCI_ENABLED ]; then if [ $UCI_ENABLED ]; then
echo "$option $value" >> /etc/fwknop/fwknopd.conf #writing each option to fwknopd.conf
echo "$option $value" >> /var/etc/fwknopd.conf #writing each option to fwknopd.conf
fi fi
} }
elif [ "$type" = "access" ] elif [ "$type" = "access" ]
then then
if [ -f /tmp/access.conf.tmp ] ; then if [ -f /tmp/access.conf.tmp ] ; then
cat /tmp/access.conf.tmp >> /etc/fwknop/access.conf
cat /tmp/access.conf.tmp >> /var/etc/access.conf
rm /tmp/access.conf.tmp rm /tmp/access.conf.tmp
fi fi
option_cb() { option_cb() {
local option="$1" local option="$1"
local value="$2" local value="$2"
if [ $UCI_ENABLED ] && [ $option = "SOURCE" ]; then if [ $UCI_ENABLED ] && [ $option = "SOURCE" ]; then
echo "$option $value" >> /etc/fwknop/access.conf #writing each option to access.conf
echo "$option $value" >> /var/etc/access.conf #writing each option to access.conf
fi fi
if [ $UCI_ENABLED ] && [ $option != "SOURCE" ]; then if [ $UCI_ENABLED ] && [ $option != "SOURCE" ]; then
echo "$option $value" >> /tmp/access.conf.tmp #writing each option to access.conf echo "$option $value" >> /tmp/access.conf.tmp #writing each option to access.conf
@ -88,7 +93,7 @@ gen_confs()
if [ -f /etc/config/fwknopd ]; then if [ -f /etc/config/fwknopd ]; then
config_load fwknopd config_load fwknopd
if [ -f /tmp/access.conf.tmp ] ; then if [ -f /tmp/access.conf.tmp ] ; then
cat /tmp/access.conf.tmp >> /etc/fwknop/access.conf
cat /tmp/access.conf.tmp >> /var/etc/access.conf
rm /tmp/access.conf.tmp rm /tmp/access.conf.tmp
fi fi
fi fi


Write Preview
Loading…
Cancel
Save