Index: security/snort2pfcd/Makefile =================================================================== --- /dev/null +++ security/snort2pfcd/Makefile @@ -0,0 +1,27 @@ +# $FreeBSD$ + +PORTNAME= snort2pfcd +PORTVERSION= 0.5 +CATEGORIES= security +MASTER_SITES= http://www.tworoutes.com/oss/ + +MAINTAINER= onestsam@gmail.com +COMMENT= Snort alert to pf blocker + +LIB_DEPENDS= libcidr.so:devel/libcidr +RUN_DEPENDS= snort:security/snort + +CFLAGS+= -I${LOCALBASE}/include +USE_RC_SUBR= snort2pfcd +PLIST_FILES= sbin/snort2pfcd + +OPTIONS_DEFINE= MANPAGES +OPTIONS_DEFAULT= MANPAGES +MANPAGES_PLIST_FILES= man/man8/snort2pfcd.8.gz + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/snort2pfcd ${STAGEDIR}${PREFIX}/sbin +do-install-MANPAGES-on: + ${INSTALL_MAN} ${WRKSRC}/snort2pfcd.8.gz ${STAGEDIR}${MAN8PREFIX}/man/man8 + +.include Index: security/snort2pfcd/distinfo =================================================================== --- /dev/null +++ security/snort2pfcd/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1472559141 +SHA256 (snort2pfcd-0.5.tar.gz) = ea2f3df7bfbad5ecce7a266df89c4102cf5e92fa72869615925ca15631064dfe +SIZE (snort2pfcd-0.5.tar.gz) = 9321 Index: security/snort2pfcd/files/snort2pfcd.in =================================================================== --- /dev/null +++ security/snort2pfcd/files/snort2pfcd.in @@ -0,0 +1,45 @@ +#!/bin/sh + +# PROVIDE: snort2pfcd +# REQUIRE: DAEMON pf snort +# KEYWORD: shutdown + +. /etc/rc.subr + +name="snort2pfcd" +rcvar=${name}_enable +pidfile="/var/run/${name}.pid" +command="%%PREFIX%%/sbin/${name}" +start_cmd="${name}_start" +stop_cmd="${name}_stop" +required_modules="pf" + +snort2pfcd_start() +{ + echo "Starting ${name}..." + if [ $(sysctl -n kern.securelevel) != "3" ]; then + ${command} ${snort2pfcd_flags} + else + echo "${name} cannot operate on pf at securelevel 3" + fi + + if [ -f ${pidfile} ]; then + echo "${name} successfully started" + else + echo "${name} statup failed" + fi +} + +snort2pfcd_stop() +{ + if [ -f ${pidfile} ]; then + echo "Stopping ${name}..." + kill $(cat ${pidfile}) + rm ${pidfile} + else + echo "${name} is not running?" + fi +} + +load_rc_config ${name} +run_rc_command "$1" Index: security/snort2pfcd/pkg-descr =================================================================== --- /dev/null +++ security/snort2pfcd/pkg-descr @@ -0,0 +1,3 @@ +Analyzes snort alert output and blocks ip addresses using pf for a specified +period of time. A whitelist is specified in CIDR format to exclude local and +trusted ip address from being blocked.