2 files changed, 41 insertions, 0 deletions

diff --git a/security/knock/files/knockd.sh.in b/security/knock/files/knockd.sh.in
new file mode 100644
index 000000000000..7bddb6e9decd
--- /dev/null
+++ b/security/knock/files/knockd.sh.in
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# PROVIDE: knockd
+# REQUIRE: DAEMON
+# BEFORE:  LOGIN
+
+. %%RC_SUBR%%
+
+name="knockd"
+rcvar=`set_rcvar`
+load_rc_config $name
+
+knockd_enable=${knockd_enable:-"NO"}
+knockd_flags=${knockd_flags:-"-d"}
+
+command="%%PREFIX%%/bin/knockd"
+pidfile="%%RUNDIR%%/knockd.pid"
+required_files="%%PREFIX%%/etc/knockd.conf"
+
+run_rc_command "$1"
diff --git a/security/knock/files/patch-knockd.conf b/security/knock/files/patch-knockd.conf
new file mode 100644
index 000000000000..d0223778d320
--- /dev/null
+++ b/security/knock/files/patch-knockd.conf
@@ -0,0 +1,21 @@
+--- knockd.conf.orig	Thu May  6 22:56:03 2004
++++ knockd.conf	Fri Mar 17 23:39:01 2006
+@@ -1,15 +1,16 @@
+ [options]
+ 	logfile = /var/log/knockd.log
++	interface = fxp0
+ 
+ [openSSH]
+ 	sequence    = 7000,8000,9000
+ 	seq_timeout = 5
+-	command     = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
++	command     = /sbin/ipfw -q add pass proto tcp src-ip %IP% dst-port 22
+ 	tcpflags    = syn
+ 
+ [closeSSH]
+ 	sequence    = 9000,8000,7000
+ 	seq_timeout = 5
+-	command     = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
++	command     = /sbin/ipfw -q delete pass proto tcp src-ip %IP% dst-port 22
+ 	tcpflags    = syn
+