Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 452374 - app-admin/sshguard-1.5 - add support for other firewall backends
Summary: app-admin/sshguard-1.5 - add support for other firewall backends
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Netmon Herd
URL: http://www.sshguard.net/docs/setup/co...
Whiteboard:
Keywords: Inclusion, PATCH
Depends on:
Blocks:
 
Reported: 2013-01-15 15:27 UTC by Joe Sapp (RETIRED)
Modified: 2014-10-12 10:14 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
sshguard-backends-support.patch (sshguard-backends-support.patch,1.46 KB, patch)
2013-01-17 08:49 UTC, Sergey Popov
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Joe Sapp (RETIRED) gentoo-dev 2013-01-15 15:27:29 UTC
The documentation indicates that tcp wrappers' /etc/hosts.allow can be used if no firewall is installed on the system (see URL).  There is no way to select this with the current ebuild, so iptables is always a dependency on linux systems.  Just thinking for linux, but maybe the 'tcpd' and 'iptables' USE flags could be options.

Reproducible: Always
Comment 1 Sergey Popov gentoo-dev 2013-01-17 08:49:47 UTC
Created attachment 335890 [details, diff]
sshguard-backends-support.patch

Hm, it's not so simple, as i thougth. Attach draft patch. Please review it carefully. And after applying we should mask 'iptables' USE-flag of sshguard package at least on all *BSD-systems.

Also, i am not happy with 'kernel_FreeBSD? ( !tcpd? ( !ipfilter? ( sys-freebsd/freebsd-pf ) ) )'. Probably we should add 'pf' USE-flag too and get rid of that.
Comment 2 Sergey Popov gentoo-dev 2013-01-18 04:35:20 UTC
(In reply to comment #1)
> Also, i am not happy with 'kernel_FreeBSD? ( !tcpd? ( !ipfilter? (
> sys-freebsd/freebsd-pf ) ) )'. Probably we should add 'pf' USE-flag too and
> get rid of that.

Yeah, i reviewed my patch once more - it broke using of pf backend on *BSD systems. So, adding 'pf' USE-flag is definitely needed