2 files changed, 30 insertions, 12 deletions

diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile
index 778233c14cff..382ffcfa9899 100644
--- a/security/sshguard/Makefile
+++ b/security/sshguard/Makefile
@@ -3,16 +3,40 @@
 
 PORTNAME=	sshguard
 PORTVERSION=	1.7.0
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/${PORTVERSION}
 
 MAINTAINER=	feld@FreeBSD.org
 COMMENT?=	Protect hosts from brute force attacks against ssh and other services
 
-LICENSE=	BSD2CLAUSE
+SSHGUARDFW?=	none
+
+# If SSHGUARDFW is not set by a slave port, then we only use the
+# following which makes this a metaport to choose a backend
+.if ${SSHGUARDFW} == none
+NO_BUILD=YES
+NO_INSTALL=YES
+NO_ARCH=YES
+
+OPTIONS_SINGLE=	BACKEND
+OPTIONS_SINGLE_BACKEND=	IPFW NULL PF
+OPTIONS_DEFAULT=	IPFW
+
+IPFW_DESC=	IPFW firewall backend
+NULL_DESC=	null firewall backend (detection only)
+PF_DESC=	pf firewall backend
+
+IPFW_RUN_DEPENDS=	sshguard-ipfw>0:security/sshguard-ipfw
+NULL_RUN_DEPENDS=	sshguard-null>0:security/sshguard-null
+PF_RUN_DEPENDS=		sshguard-pf>0:security/sshguard-pf
 
-CONFLICTS?=	sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* sshguard-null-1.*
+.include <bsd.port.options.mk>
+
+# The remaining settings are used by the slave ports
+.else
+
+LICENSE=	BSD2CLAUSE
 
 USES=		autoreconf
 
@@ -26,20 +50,14 @@ CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW}
 
 SUB_LIST+=	PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK}
 SUB_FILES=	pkg-message
-
-# backend type in { hosts, ipfw, null, pf }
-SSHGUARDFW?=	hosts
+.endif
 
 .if ${SSHGUARDFW} == pf
 PKGMSG_FWBLOCK="  To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/"
 .elif ${SSHGUARDFW} == ipfw
 PKGMSG_FWBLOCK="  IPFW support has been rewritten. Sshguard will now add entries to table 22."
-.elif ${SSHGUARDFW} == hosts
-PKGMSG_FWBLOCK="  Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!"
-.elif ${SSHGUARDFW} == ipfilter
-PKGMSG_FWBLOCK="  Sshguard will use /etc/ipf.rules as ruleset."
 .elif ${SSHGUARDFW} == null
-PKGMSG_FWBLOCK="  Sshguard null backend requires you provide your own script with the \"-e\" argument."
+PKGMSG_FWBLOCK="  Sshguard null backend does detection only. It does not take action."
 .endif
 
 .include <bsd.port.mk>
diff --git a/security/sshguard/pkg-descr b/security/sshguard/pkg-descr
index e10cb4081a63..e94a4d26c54a 100644
--- a/security/sshguard/pkg-descr
+++ b/security/sshguard/pkg-descr
@@ -5,7 +5,7 @@ Sshguard employs a clever parser that can recognize several logging formats at
 once transparently (syslog, syslog-ng, metalog, multilog, raw messages), and
 detects attacks for many services out of the box, including SSH, FreeBSD's
 ftpd and dovecot.  It can operate all the major firewalling systems, including
-PF, netfilter/iptables, IPFIREWALL/ipfw, IPFILTER.
+PF, netfilter/iptables, and IPFIREWALL/ipfw.
 
 Sshguard has several relevant features like support for IPv6, whitelisting,
 suspension, log message authentication. It is reliable, easy to set up and