Bug 452374

Summary:	app-admin/sshguard-1.5 - add support for other firewall backends
Product:	Gentoo Linux	Reporter:	Joe Sapp (RETIRED) <nixphoeni>
Component:	Current packages	Assignee:	Yixun Lan <dlan>
Status:	CONFIRMED ---
Severity:	normal	CC:	jstein
Priority:	Normal	Keywords:	Inclusion, PATCH
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.sshguard.net/docs/setup/compile-install/#pick-firewall
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	sshguard-backends-support.patch

Description Joe Sapp (RETIRED) gentoo-dev

2013-01-15 15:27:29 UTC

The documentation indicates that tcp wrappers' /etc/hosts.allow can be used if no firewall is installed on the system (see URL).  There is no way to select this with the current ebuild, so iptables is always a dependency on linux systems.  Just thinking for linux, but maybe the 'tcpd' and 'iptables' USE flags could be options.

Reproducible: Always

Comment 1 Sergey Popov gentoo-dev

2013-01-17 08:49:47 UTC

Created attachment 335890 [details, diff]
sshguard-backends-support.patch

Hm, it's not so simple, as i thougth. Attach draft patch. Please review it carefully. And after applying we should mask 'iptables' USE-flag of sshguard package at least on all *BSD-systems.

Also, i am not happy with 'kernel_FreeBSD? ( !tcpd? ( !ipfilter? ( sys-freebsd/freebsd-pf ) ) )'. Probably we should add 'pf' USE-flag too and get rid of that.

Comment 2 Sergey Popov gentoo-dev

2013-01-18 04:35:20 UTC

(In reply to comment #1)
> Also, i am not happy with 'kernel_FreeBSD? ( !tcpd? ( !ipfilter? (
> sys-freebsd/freebsd-pf ) ) )'. Probably we should add 'pf' USE-flag too and
> get rid of that.

Yeah, i reviewed my patch once more - it broke using of pf backend on *BSD systems. So, adding 'pf' USE-flag is definitely needed