OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/knock?expand=0&rev=1

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

knock-0.5.patch

@@ -0,0 +1,17 @@
+--- knockd.conf
++++ knockd.conf
+@@ -4,12 +4,12 @@
+ [openSSH]
+ 	sequence    = 7000,8000,9000
+ 	seq_timeout = 5
+-	command     = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
++	command     = /usr/sbin/iptables -I input_ext 1 -p tcp -s %IP% -p tcp --dport 22 -j ACCEPT --dport 22
+ 	tcpflags    = syn
+ 
+ [closeSSH]
+ 	sequence    = 9000,8000,7000
+ 	seq_timeout = 5
+-	command     = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
++	command     = /usr/sbin/iptables -D input_ext -p tcp -s %IP% -p tcp --dport 22 -j ACCEPT --dport 22
+ 	tcpflags    = syn
+ 

knock-0.5.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8c437db83f30aee3a6bf922c12dceef6d26ab670a63895f74af5f9ecf03832a6
+size 73767

knock.changes

@@ -0,0 +1,30 @@
+-------------------------------------------------------------------
+Tue Nov 14 15:07:38 CET 2006 - mskibbe@suse.de
+
+- fix bug #220355 (iptables call is wrong) 
+
+-------------------------------------------------------------------
+Wed Oct  4 13:23:02 CEST 2006 - mskibbe@suse.de
+
+- fix bug in iptables call 
+
+-------------------------------------------------------------------
+Mon Sep 25 11:20:44 CEST 2006 - mskibbe@suse.de
+
+- fix iptables call in config
+
+-------------------------------------------------------------------
+Fri Sep 22 13:00:46 CEST 2006 - mskibbe@suse.de
+
+- fix sysconfig file 
+
+-------------------------------------------------------------------
+Wed Jan 25 21:37:14 CET 2006 - mls@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Thu Jun 30 16:12:57 CEST 2005 - hvogel@suse.de
+
+- Initial Package, Version 0.5
+

knock.spec

@@ -0,0 +1,124 @@
+#
+# spec file for package knock (Version 0.5)
+#
+# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# This file and all modifications and additions to the pristine
+# package are under the same license as the package itself.
+#
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+# norootforbuild
+
+Name:           knock
+BuildRequires:  libpcap
+Summary:        A Port-Knocking Client
+Version:        0.5
+Release:        31
+License:        GNU General Public License (GPL)
+Group:          Productivity/Networking/Security
+URL:            http://www.zeroflux.org/knock/
+Source0:        %{name}-%{version}.tar.bz2
+Source1:        %{name}d.sysconfig
+Source2:        %{name}d.init
+Source3:        %{name}d.conf
+Patch:          %{name}-%{version}.patch
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+The server part (package knockd) listens to all traffic on an ethernet
+(or PPP) interface, looking for special "knock" sequences of port hits.
+This client makes these port hits by sending a TCP (or UDP) packet to a
+port on the server. This port need not be open--since knockd listens at
+the link-layer level, it sees all traffic even if it is destined for a
+closed port. When the server detects a specific sequence of port hits,
+it runs a command defined in its configuration file. This can be used
+to open up holes in a firewall for quick access.
+
+
+
+Authors:
+--------
+    Judd Vinet <jvinet@zeroflux.org>
+
+%package -n knockd
+Group:          Productivity/Networking/Security
+Summary:        A port-knocking server
+Prereq:         %fillup_prereq
+                                                                                                                         
+
+%description -n knockd
+It listens to all traffic on an ethernet (or PPP) interface, looking
+for special "knock" sequences of port-hits. A client (package knock)
+makes these port-hits by sending a TCP (or UDP) packet to a port on the
+server. This port need not be open -- since knockd listens at the
+link-layer level, it sees all traffic even if it's destined for a
+closed port. When the server detects a specific sequence of port-hits,
+it runs a command defined in its configuration file. This can be used
+to open up holes in a firewall for quick access.
+
+
+
+Authors:
+--------
+    Judd Vinet <jvinet@zeroflux.org>
+
+%prep
+%setup -q
+%patch
+
+%build
+CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%_libdir --mandir=%_mandir
+make
+
+%install
+make DESTDIR=%{buildroot} install
+install -m 644 -D %{S:1} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.%{name}d 
+install -m 755 -D %{S:2} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/%{name}d
+sed -i -e "s:iptables:%{_sbindir}/iptables:" %{S:3}
+install -m 600 -D %{S:3} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}d.conf
+ln -sf ../../etc/init.d/%{name}d $RPM_BUILD_ROOT/usr/sbin/rc%{name}d
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post -n knockd
+%fillup_only -n %{name}d
+
+%preun -n knockd
+%stop_on_removal %{name}d
+
+%postun -n knockd
+%insserv_cleanup
+
+%files
+%defattr(-,root,root)
+%attr(0755,root,root) %{_bindir}/%{name}
+%{_mandir}/man?/%{name}.*
+
+%files -n knockd 
+%defattr(-,root,root)
+%doc README COPYING ChangeLog TODO
+
+%_sbindir/%{name}d
+
+%_sbindir/rc%{name}d
+
+%_sysconfdir/init.d/%{name}d
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}d.conf
+%{_mandir}/man?/%{name}d.*
+%config /var/adm/fillup-templates/*
+
+%changelog -n knock
+* Tue Nov 14 2006 - mskibbe@suse.de
+- fix bug #220355 (iptables call is wrong)
+* Wed Oct 04 2006 - mskibbe@suse.de
+- fix bug in iptables call
+* Mon Sep 25 2006 - mskibbe@suse.de
+- fix iptables call in config
+* Fri Sep 22 2006 - mskibbe@suse.de
+- fix sysconfig file
+* Wed Jan 25 2006 - mls@suse.de
+- converted neededforbuild to BuildRequires
+* Thu Jun 30 2005 - hvogel@suse.de
+- Initial Package, Version 0.5

knockd.conf

@@ -0,0 +1,11 @@
+[options]
+	UseSyslog
+
+[opencloseSSH]
+	sequence      = 2222:udp,3333:tcp,4444:udp
+	seq_timeout   = 15
+	tcpflags      = syn,ack
+	start_command = iptables -I INPUT 1 -s %IP% -p tcp --dport ssh -j ACCEPT
+	cmd_timeout   = 10
+	stop_command  = iptables -D INPUT -s %IP% -p tcp --dport ssh -j ACCEPT
+

knockd.init

@@ -0,0 +1,103 @@
+#! /bin/sh
+# Copyright (c) 1997-2006 SUSE Linux AG, Nuernberg, Germany.
+# All rights reserved.
+#
+# Author: Henne Vogelsang
+# Please send feedback to http://www.suse.de/feedback/
+#
+# /etc/init.d/knockd
+#   and its symbolic link
+# /usr/sbin/rcknockd
+#
+#    This program is free software; you can redistribute it and/or modify 
+#    it under the terms of the GNU General Public License as published by 
+#    the Free Software Foundation; either version 2 of the License, or 
+#    (at your option) any later version. 
+# 
+#    This program is distributed in the hope that it will be useful, 
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of 
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
+#    GNU General Public License for more details. 
+# 
+#    You should have received a copy of the GNU General Public License 
+#    along with this program; if not, write to the Free Software 
+#    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+### BEGIN INIT INFO
+# Provides:          knockd
+# Required-Start:    $syslog $remote_fs $network
+# Required-Stop:     $syslog $remote_fs
+# Default-Start:     3 5
+# Default-Stop:      0 1 2 6
+# Short-Description: knock daemon providing port-knocking
+# Description:       Start knockd to allow port-knocking
+### END INIT INFO
+
+# Check for missing binaries (stale symlinks should not happen)
+# Note: Special treatment of stop for LSB conformance
+KNOCKD_BIN=/usr/sbin/knockd
+test -x $KNOCKD_BIN || { echo "$KNOCKD_BIN not installed"; 
+	if [ "$1" = "stop" ]; then exit 0;
+	else exit 5; fi; }
+
+# Check for existence of needed config file and read it
+KNOCKD_CONFIG=/etc/sysconfig/knockd
+test -r $KNOCKD_CONFIG || { echo "$KNOCKD_CONFIG not existing";
+	if [ "$1" = "stop" ]; then exit 0;
+	else exit 6; fi; }
+
+# Read config	
+. $KNOCKD_CONFIG
+
+# Shell functions sourced from /etc/rc.status:
+. /etc/rc.status
+
+# Reset status of this service
+rc_reset
+
+case "$1" in
+    start)
+	echo -n "Starting knockd "
+	startproc $KNOCKD_BIN $KNOCKD_OPTIONS
+	rc_status -v
+	;;
+    stop)
+	echo -n "Shutting down knockd "
+	killproc -TERM $KNOCKD_BIN
+	rc_status -v
+	;;
+    try-restart)
+	$0 status
+	if test $? = 0; then
+		$0 restart
+	else
+		rc_reset
+	fi
+	rc_status
+	;;
+    restart)
+	$0 stop
+	$0 start
+	rc_status
+	;;
+    force-reload)
+	echo -n "Reload service KNOCKD "
+	killproc -HUP $KNOCKD_BIN
+	rc_status -v
+	;;
+    reload)
+	echo -n "Reload service KNOCKD "
+	killproc -HUP $KNOCKD_BIN
+	rc_status -v
+	;;
+    status)
+	echo -n "Checking for service KNOCKD "
+	checkproc $KNOCKD_BIN
+	rc_status -v
+	;;
+    *)
+	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
+	exit 1
+	;;
+esac
+rc_exit

knockd.sysconfig

@@ -0,0 +1,5 @@
+## Path:        Network/Security/Knockd
+## Description: Basic configuration of knockd
+## Type:        string
+## Default:     ""
+KNOCKD_OPTIONS="-d"