- Remove conditionals around systemd as all versions use systemd now.

OBS-URL: https://build.opensuse.org/package/show/network:utilities/knock?expand=0&rev=23

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

knock-0.8.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:698d8c965624ea2ecb1e3df4524ed05afe387f6d20ded1e8a231209ad48169c7
+size 377107

knock.changes

@@ -0,0 +1,93 @@
+-------------------------------------------------------------------
+Mon Jan 13 10:06:09 UTC 2025 - Daniel Donisa <daniel.donisa@suse.com>
+
+- Remove conditionals around systemd as all versions use systemd now. 
+
+-------------------------------------------------------------------
+Tue Sep 28 13:19:54 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * knockd.service
+
+-------------------------------------------------------------------
+Wed May 19 08:49:35 UTC 2021 - Daniel Donisa <daniel.donisa@suse.com>
+
+- Update to version 0.8
+  * Multiple fixes (#67, #77)
+  * IPv6 support (Sebastien Valat) 
+- dropped knock-0.5.patch, knock-include.patch
+
+-------------------------------------------------------------------
+Wed Jul 10 08:48:00 CET 2019 - brassh@web.de
+
+- fix uninitialized tcpflags variables in knockd.c
+  (Bug#1138376: Knockd unable to start after upgrade to LEAP 15.1) 
+
+-------------------------------------------------------------------
+Thu Nov 23 13:46:18 UTC 2017 - rbrown@suse.com
+
+- Replace references to /var/adm/fillup-templates with new 
+  %_fillupdir macro (boo#1069468)
+  
+-------------------------------------------------------------------
+Tue Dec  1 14:49:38 UTC 2015 - p.drouand@gmail.com
+
+- Update to version 0.7
+  * Document the 'target' configuration directive.
+  * Merging OS-specific networking code to reduce LOCs and the
+    sea of #ifdefs.
+  * Added 50ms timeout to pcap_open_live() to reduce CPU usage
+    on network-heavy hosts. Pcap recommends we not use zero.
+- Changes from version 0.6
+  * Cleanup: Don't null-check before free
+  * Cleanup: Consolidate flag-check logic
+  * Accept single-knock sequences
+  * Introduce a 'target' configuration directive, enabling knockd to 
+    react to connect attempts to a target host. Useful in cases where 
+    knockd is on a router and you want to send a target a wakeup packet.
+- Add systemd support for openSUSE > 12.1
+- Update knock-include.patch > knock-0.5-include.patch
+- Remove obsolete AUTHORS section
+- Use download Url as source
+- Perform a spec-cleaner
+
+-------------------------------------------------------------------
+Mon Jun 15 11:53:12 CEST 2009 - aj@suse.de
+
+- Add knock-0.5-include.patch to fix build failure.
+
+-------------------------------------------------------------------
+Thu Jul 26 16:55:09 CEST 2007 - prusnak@suse.cz
+
+- changed libpcap to libpcap-devel in BuildRequires
+
+-------------------------------------------------------------------
+Tue Nov 14 15:07:38 CET 2006 - mskibbe@suse.de
+
+- fix bug #220355 (iptables call is wrong) 
+
+-------------------------------------------------------------------
+Wed Oct  4 13:23:02 CEST 2006 - mskibbe@suse.de
+
+- fix bug in iptables call 
+
+-------------------------------------------------------------------
+Mon Sep 25 11:20:44 CEST 2006 - mskibbe@suse.de
+
+- fix iptables call in config
+
+-------------------------------------------------------------------
+Fri Sep 22 13:00:46 CEST 2006 - mskibbe@suse.de
+
+- fix sysconfig file 
+
+-------------------------------------------------------------------
+Wed Jan 25 21:37:14 CET 2006 - mls@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Thu Jun 30 16:12:57 CEST 2005 - hvogel@suse.de
+
+- Initial Package, Version 0.5
+

knock.spec

@@ -0,0 +1,107 @@
+#
+# spec file for package knock
+#
+# Copyright (c) 1980 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+  %define _fillupdir /var/adm/fillup-templates
+%endif
+
+Name:           knock
+Version:        0.8
+Release:        0
+Summary:        A Port-Knocking Client
+License:        GPL-2.0-or-later
+Group:          Productivity/Networking/Security
+URL:            http://www.zeroflux.org/knock/
+Source0:        http://www.zeroflux.org/proj/knock/files/%{name}-%{version}.tar.gz
+Source1:        %{name}d.sysconfig
+Source2:        %{name}d.init
+Source3:        %{name}d.conf
+Source4:        %{name}d.service
+BuildRequires:  libpcap-devel
+BuildRequires:  systemd-rpm-macros
+
+%description
+The server part (package knockd) listens to all traffic on an ethernet
+(or PPP) interface, looking for special "knock" sequences of port hits.
+This client makes these port hits by sending a TCP (or UDP) packet to a
+port on the server. This port does not need to be open. Since knockd
+listens at the link-layer level, it sees all traffic even if it is
+destined for a closed port. When the server detects a specific sequence
+of port hits, it runs a command defined in its configuration file. This
+can be used to open up holes in a firewall for quick access.
+
+%package -n knockd
+Summary:        A port-knocking server
+Group:          Productivity/Networking/Security
+%{?systemd_requires}
+
+%description -n knockd
+It listens to all traffic on an ethernet (or PPP) interface, looking
+for special "knock" sequences of port-hits. A client (package knock)
+makes these port-hits by sending a TCP (or UDP) packet to a port on the
+server. This port need not be open -- since knockd listens at the
+link-layer level, it sees all traffic even if it's destined for a
+closed port. When the server detects a specific sequence of port-hits,
+it runs a command defined in its configuration file. This can be used
+to open up holes in a firewall for quick access.
+
+%prep
+%setup -q
+
+%build
+%configure
+make %{?_smp_mflags}
+
+%install
+make DESTDIR=%{buildroot} install %{?_smp_mflags}
+sed -i -e "s:iptables:%{_sbindir}/iptables:" %{SOURCE3}
+install -m 600 -D %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}d.conf
+install -D -m 644 %{SOURCE4} %{buildroot}/%{_unitdir}/%{name}d.service
+ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rc%{name}d
+rm -rf %{buildroot}%{_datadir}/doc
+
+%pre -n knockd
+%service_add_pre %{name}d.service
+
+%post -n knockd
+%service_add_post %{name}d.service
+
+%preun -n knockd
+%service_del_preun %{name}d.service
+
+%postun -n knockd
+%service_del_postun %{name}d.service
+
+%files
+%defattr(-,root,root)
+%attr(0755,root,root) %{_bindir}/%{name}
+%{_mandir}/man?/%{name}.*
+%{_sbindir}/knock_helper_ipt.sh
+
+%files -n knockd
+%defattr(-,root,root)
+%doc README.md ChangeLog TODO
+%license COPYING
+%{_sbindir}/%{name}d
+%{_unitdir}/%{name}d.service
+%{_sbindir}/rc%{name}d
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}d.conf
+%{_mandir}/man?/%{name}d.*
+
+%changelog

knockd.conf

@@ -0,0 +1,11 @@
+[options]
+	UseSyslog
+
+[opencloseSSH]
+	sequence      = 2222:udp,3333:tcp,4444:udp
+	seq_timeout   = 15
+	tcpflags      = syn,ack
+	start_command = iptables -I INPUT 1 -s %IP% -p tcp --dport ssh -j ACCEPT
+	cmd_timeout   = 10
+	stop_command  = iptables -D INPUT -s %IP% -p tcp --dport ssh -j ACCEPT
+

knockd.init

@@ -0,0 +1,103 @@
+#! /bin/sh
+# Copyright (c) 1997-2006 SUSE Linux AG, Nuernberg, Germany.
+# All rights reserved.
+#
+# Author: Henne Vogelsang
+# Please send feedback to http://www.suse.de/feedback/
+#
+# /etc/init.d/knockd
+#   and its symbolic link
+# /usr/sbin/rcknockd
+#
+#    This program is free software; you can redistribute it and/or modify 
+#    it under the terms of the GNU General Public License as published by 
+#    the Free Software Foundation; either version 2 of the License, or 
+#    (at your option) any later version. 
+# 
+#    This program is distributed in the hope that it will be useful, 
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of 
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
+#    GNU General Public License for more details. 
+# 
+#    You should have received a copy of the GNU General Public License 
+#    along with this program; if not, write to the Free Software 
+#    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+### BEGIN INIT INFO
+# Provides:          knockd
+# Required-Start:    $syslog $remote_fs $network
+# Required-Stop:     $syslog $remote_fs
+# Default-Start:     3 5
+# Default-Stop:      0 1 2 6
+# Short-Description: knock daemon providing port-knocking
+# Description:       Start knockd to allow port-knocking
+### END INIT INFO
+
+# Check for missing binaries (stale symlinks should not happen)
+# Note: Special treatment of stop for LSB conformance
+KNOCKD_BIN=/usr/sbin/knockd
+test -x $KNOCKD_BIN || { echo "$KNOCKD_BIN not installed"; 
+	if [ "$1" = "stop" ]; then exit 0;
+	else exit 5; fi; }
+
+# Check for existence of needed config file and read it
+KNOCKD_CONFIG=/etc/sysconfig/knockd
+test -r $KNOCKD_CONFIG || { echo "$KNOCKD_CONFIG not existing";
+	if [ "$1" = "stop" ]; then exit 0;
+	else exit 6; fi; }
+
+# Read config	
+. $KNOCKD_CONFIG
+
+# Shell functions sourced from /etc/rc.status:
+. /etc/rc.status
+
+# Reset status of this service
+rc_reset
+
+case "$1" in
+    start)
+	echo -n "Starting knockd "
+	startproc $KNOCKD_BIN $KNOCKD_OPTIONS
+	rc_status -v
+	;;
+    stop)
+	echo -n "Shutting down knockd "
+	killproc -TERM $KNOCKD_BIN
+	rc_status -v
+	;;
+    try-restart)
+	$0 status
+	if test $? = 0; then
+		$0 restart
+	else
+		rc_reset
+	fi
+	rc_status
+	;;
+    restart)
+	$0 stop
+	$0 start
+	rc_status
+	;;
+    force-reload)
+	echo -n "Reload service KNOCKD "
+	killproc -HUP $KNOCKD_BIN
+	rc_status -v
+	;;
+    reload)
+	echo -n "Reload service KNOCKD "
+	killproc -HUP $KNOCKD_BIN
+	rc_status -v
+	;;
+    status)
+	echo -n "Checking for service KNOCKD "
+	checkproc $KNOCKD_BIN
+	rc_status -v
+	;;
+    *)
+	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
+	exit 1
+	;;
+esac
+rc_exit

knockd.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=Port-Knocking Daemon
+After=network.target
+
+[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
+ExecStart=/usr/sbin/knockd
+
+[Install]
+WantedBy=multi-user.target

knockd.sysconfig

@@ -0,0 +1,5 @@
+## Path:        Network/Security/Knockd
+## Description: Basic configuration of knockd
+## Type:        string
+## Default:     ""
+KNOCKD_OPTIONS="-d"