From: voidlinux-github@inbox.vuxu.org
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Updated] sshguard: support dynamic firewall config and remove iptables dependency
Date: Thu, 23 Jan 2020 01:54:16 +0100 [thread overview]
Message-ID: <20200123005416.io-OUNj_KUWwHgEjCugvoC-P3N0ZWNpSFmN76D6AhOI@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-18477@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 960 bytes --]
There is an updated pull request by ahesford against master on the void-packages repository
https://github.com/ahesford/void-packages sshguard
https://github.com/void-linux/void-packages/pull/18477
sshguard: support dynamic firewall config and remove iptables dependency
sshguard uses iptables as an optional firewall backend, but also natively supports the nftables firewall. I removed the explicit iptables dependency from this package and added support for a "conf" file in the service (renamed to "sshguard" from "sshguard-socklog" because it is not inextricably linked to socklog) to allow the firewall and logger service dependencies to be dynamically changed. By default, the service still expects socklog-unix and iptables.
The rename will break /var/service links to the existing "sshguard-socklog", but the post-change behavior seems to make more sense.
A patch file from https://github.com/void-linux/void-packages/pull/18477.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sshguard-18477.patch --]
[-- Type: text/x-diff, Size: 1823 bytes --]
From 08359d1be970fbab3a9dc0938a7d2173527cdfed Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 22 Jan 2020 16:35:49 -0500
Subject: [PATCH] sshguard: support dynamic firewall config and remove iptables
dependency
---
srcpkgs/sshguard/files/sshguard-socklog/run | 15 ++++++++++++---
srcpkgs/sshguard/template | 3 +--
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/srcpkgs/sshguard/files/sshguard-socklog/run b/srcpkgs/sshguard/files/sshguard-socklog/run
index 720e4676785..746df4822ce 100755
--- a/srcpkgs/sshguard/files/sshguard-socklog/run
+++ b/srcpkgs/sshguard/files/sshguard-socklog/run
@@ -1,5 +1,14 @@
#!/bin/sh
-sv check iptables >/dev/null || exit 1
-sv check socklog-unix >/dev/null || exit 1
-exec sshguard -l /var/log/socklog/secure/current -b 200:/var/db/sshguard/blacklist.db 2>&1
+# Defaults that mabe be overridden (or erased entirely) by configuration
+LOGFILE="${LOGFILE:-/var/log/socklog/secure/current}"
+BLACKLIST_SPEC="${BLACKLIST_SPEC:-200:/var/db/sshguard/blacklist.db}"
+
+# Allow the firewall and logger backends to be specified
+[ -f ./conf ] && . ./conf
+
+# If specified, add blacklist spec and log source to OPTS
+[ -n "$BLACKLIST_SPEC" ] && OPTS="-b $BLACKLIST_SPEC"
+[ -n "$LOGFILE" ] && OPTS="-l $LOGFILE $OPTS"
+
+exec sshguard $OPTS 2>&1
diff --git a/srcpkgs/sshguard/template b/srcpkgs/sshguard/template
index 8c08d1f1120..235a6129393 100644
--- a/srcpkgs/sshguard/template
+++ b/srcpkgs/sshguard/template
@@ -1,10 +1,9 @@
# Template file for 'sshguard'
pkgname=sshguard
version=2.4.0
-revision=1
+revision=2
build_style=gnu-configure
hostmakedepends="flex"
-depends="iptables"
short_desc="Protects networked hosts from brute force attacks"
maintainer="Lodvær <lodvaer@gmail.com>"
license="BSD-3-Clause"
next prev parent reply other threads:[~2020-01-23 0:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-22 21:41 [PR PATCH] " voidlinux-github
2020-01-22 21:49 ` voidlinux-github
2020-01-23 0:54 ` voidlinux-github [this message]
2020-01-23 1:03 ` voidlinux-github
2020-01-23 10:53 ` [PR PATCH] [Merged]: " voidlinux-github
2020-01-23 10:53 ` voidlinux-github
2020-01-23 14:31 ` voidlinux-github
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200123005416.io-OUNj_KUWwHgEjCugvoC-P3N0ZWNpSFmN76D6AhOI@z \
--to=voidlinux-github@inbox.vuxu.org \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).