kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

- Remove security/pf and security/authpf ports. They were only useful on

Browse source 
FreeBSD 5.0 - 5.2.1.

Requested by:	mlaier (maintainer) via linimon
This commit is contained in:
Pav Lucistnik 2005-09-14 23:14:39 +00:00
parent 09111ce04d
commit 05bf593a81
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=142764
22 changed files with 2 additions and 1392 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
MOVED
View file

@ -1621,3 +1621,5 @@ japanese/mendexk-sjis|japanese/mendexk-euc|2005-09-11|obsolete
lang/ghc6-doc|lang/ghc-doc|2005-09-12|relocated
textproc/gauche-sxml|lang/gauche|2005-09-14|sxml now comes with gauche
graphics/mgp-gallery||2005-09-15|disappeared from web
security/pf||2005-09-15|included in base system since 5.3
security/authpf||2005-09-15|included in base system since 5.3

2
security/Makefile
View file

@ -22,7 +22,6 @@
SUBDIR += arirang
SUBDIR += audit
SUBDIR += authforce
SUBDIR += authpf
SUBDIR += autossh
SUBDIR += avcheck
SUBDIR += barnyard
@ -377,7 +376,6 @@
SUBDIR += pear-LiveUser_Admin
SUBDIR += pear-Text_Password
SUBDIR += pecl-ssh2
SUBDIR += pf
SUBDIR += pft
SUBDIR += pfw
SUBDIR += pgp

91
security/authpf/Makefile
View file

@ -1,91 +0,0 @@
# New ports collection makefile for: authpf
# Date created: 09 May 2003
# Whom: Max Laier <max@love2party.net>
#
# $FreeBSD$
#
PORTNAME= authpf
PORTVERSION= 2.00
PORTREVISION= 1
CATEGORIES= security ipv6
MASTER_SITES= http://pf4freebsd.love2party.net/
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
PKGNAMESUFFIX= -altq
.endif
DISTNAME= pf_freebsd_${PORTVERSION}
MAINTAINER= mlaier@freebsd.org
COMMENT= Authentification shell for pf gateways
RUN_DEPENDS= ${LOCALBASE}/modules/pf.ko:${PORTSDIR}/security/pf
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
RUN_DEPENDS+= ${LOCALBASE}/modules/pfaltq.ko:${PORTSDIR}/security/pf
.endif
WRKSRC= ${WRKDIR}/pf_freebsd_${PORTVERSION}
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
IS_INTERACTIVE= yes
.endif
MAN8= authpf.8
MANCOMPRESSED= maybe
MAKE_ARGS= MANDIR="${PREFIX}/man/man" ONLY_AUTHPF=yes
SRC_BASE?= /usr/src
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
SYS_ALTQ?= ${SRC_BASE}/sys.altq
MAKE_ARGS+= WITH_ALTQ="yes" SYS_ALTQ="${SYS_ALTQ}"
PLIST_SUB+= WITH_ALTQ=""
.else
PLIST_SUB+= WITH_ALTQ="@comment "
.endif
.include <bsd.port.pre.mk>
.if ${OSVERSION} < 500000
IGNORE= "Only for 5.0 and above"
.endif
.if ${OSVERSION} > 502104
IGNORE= "authpf is part of the base system now"
.endif
.if !exists(${SRC_BASE}/sys/Makefile) && \
(defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile))
IGNORE= "Kernel source files required"
.endif
.if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes")
pre-fetch:
@${ECHO_CMD} "======================================================="
@${ECHO_CMD} "* If you have ALTQ support from: *"
@${ECHO_CMD} "* http://www.nipsi.de/altq/index.html *"
@${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it *"
@${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src *"
@${ECHO_CMD} "* *"
@${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *"
@${ECHO_CMD} "* *"
@${ECHO_CMD} "======================================================="
@sleep 2
.endif
post-patch:
${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PATCHDIR}/pathnames.h.sed > \
${WRKSRC}/authpf/pathnames.h
pre-su-install:
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
.endif
post-install:
${MKDIR} ${PREFIX}/etc/authpf
${MKDIR} ${PREFIX}/etc/authpf/users
${MKDIR} ${PREFIX}/etc/authpf/banned
${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PKGMESSAGE}
.include <bsd.port.post.mk>

2
security/authpf/distinfo
View file

@ -1,2 +0,0 @@
MD5 (pf_freebsd_2.00.tar.gz) = e55504a934a232a0030dc746f0bf96d0
SIZE (pf_freebsd_2.00.tar.gz) = 994995

22
security/authpf/files/patch-aa
View file

@ -1,22 +0,0 @@
--- Makefile.orig Sat Sep 27 13:16:29 2003
+++ Makefile Sat Sep 27 13:17:04 2003
@@ -3,17 +3,10 @@
#
.if !make(install)
-SUBDIR= libpcap
+SUBDIR= libpcap pfctl
.endif
-SUBDIR+= pfctl authpf ftp-proxy man pf pflog pfsync
+SUBDIR+= authpf
.include "include/mk/util.mk"
-
-.if (ALTQ_SUPPORT) && (${ALTQ_SUPPORT} == "yes")
-SUBDIR+= pfaltq
-.endif
-
-SUBDIR+= pflogd tcpdump
-
.include <bsd.subdir.mk>

40
security/authpf/files/pathnames.h.sed
View file

@ -1,40 +0,0 @@
/* $OpenBSD: pathnames.h,v 1.5 2002/10/25 18:35:33 camield Exp $ */
/*
* Copyright (C) 2002 Chris Kuethe (ckuethe@ualberta.ca)
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the author nor the names of contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#define PATH_CONFFILE "%%PREFIX%%/etc/authpf/authpf.conf"
#define PATH_ALLOWFILE "%%PREFIX%%/etc/authpf/authpf.allow"
#define PATH_PFRULES "%%PREFIX%%/etc/authpf/authpf.rules"
#define PATH_PROBLEM "%%PREFIX%%/etc/authpf/authpf.problem"
#define PATH_MESSAGE "%%PREFIX%%/etc/authpf/authpf.message"
#define PATH_USER_DIR "%%PREFIX%%/etc/authpf/users"
#define PATH_BAN_DIR "%%PREFIX%%/etc/authpf/banned"
#define PATH_DEVFILE "/dev/pf"
#define PATH_PIDFILE "/var/authpf"
#define PATH_AUTHPF_SHELL "%%PREFIX%%/sbin/authpf"

7
security/authpf/pkg-descr
View file

@ -1,7 +0,0 @@
This is an authentification shell that can change pf filterrules according
to the authentificated user. You will need a working installation of pf
and sshd as interconnect. For more information see http://www.OpenBSD.org/
WWW: http://pf4freebsd.love2party.net/
-Max <reports@pf4freebsd.love2party.net>

85
security/authpf/pkg-install
View file

@ -1,85 +0,0 @@
#!/bin/sh
# an installation script for pf_freebsd copied from Wnn6
check_pw()
{
if which -s pw; then
:
else
cat <<EOF
This system looks like a pre-2.2 version of FreeBSD. We see that it
is missing the "pw" utility. We need this utility. Please get and
install it, and try again. You can get the source from:
ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz
EOF
exit 1
fi
}
ask() {
local question default answer
question=$1
default=$2
if [ -z "${PACKAGE_BUILDING}" ]; then
read -p "${question} (y/n) [${default}]? " answer
fi
if [ x${answer} = x ]; then
answer=${default}
fi
echo ${answer}
}
yesno() {
local dflt question answer
question=$1
dflt=$2
while :; do
answer=$(ask "${question}" "${dflt}")
case "${answer}" in
[Yy]*) return 0;;
[Nn]*) return 1;;
esac
echo "Please answer yes or no."
done
}
check_group() {
local name id
name=$1
id=$2
#check
# We need a command 'pw(8)'
check_pw
if pw groupshow -n $name > /dev/null ; then
return 0
fi
if pw groupadd -g $id -n $name -N -q ; then
echo ""
echo "You need a group '$name' whose ID number is $id"
if yesno "Would you like to create it automatically?" y; then
pw groupadd -g $id -n $name
return 0
fi
fi
echo ""
echo "I was not able to add group '$name:*:63:' as pw reported:"
pw groupadd -g $id -n $name -N
echo "Please correct this and try again!"
echo ""
return 1
}
case $2 in
PRE-INSTALL)
if ! check_group authpf 63 ; then
exit 1
fi
;;
esac

11
security/authpf/pkg-message
View file

@ -1,11 +0,0 @@
===========================================================================
Please note that authpf requires suid bit! Take a look at the man page NOW
authpf(8) and create the following files according to your needs:
%%PREFIX%%/etc/authpf/authpf.conf
%%PREFIX%%/etc/authpf/authpf.allow
%%PREFIX%%/etc/authpf/authpf.rules
%%PREFIX%%/etc/authpf/authpf.message
%%PREFIX%%/etc/authpf/authpf.problem
===========================================================================

11
security/authpf/pkg-plist
View file

@ -1,11 +0,0 @@
@group authpf
@owner root
@mode 6555
sbin/authpf
@group
@owner
@mode
@dirrm etc/authpf/users
@dirrm etc/authpf/banned
@dirrm etc/authpf

134
security/pf/Makefile
View file

@ -1,134 +0,0 @@
# New ports collection makefile for: pf_freebsd
# Date created: 08 May 2003
# Whom: Max Laier <max@love2party.net>
#
# $FreeBSD$
#
PORTNAME= pf_freebsd
PORTVERSION= 2.03
CATEGORIES= security ipv6
MASTER_SITES= http://pf4freebsd.love2party.net/
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
PKGNAMESUFFIX= -altq
.endif
DISTNAME= ${PORTNAME}_${PORTVERSION}
MAINTAINER= mlaier@freebsd.org
COMMENT= OpenBSD pf as a kldmodule
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
IS_INTERACTIVE= yes
.endif
STARTUP_SCRIPT= ${PREFIX}/etc/rc.d/pf.sh.sample
SAMPLE_CONFIG= ${PREFIX}/etc/pf.conf.default
SAMPLE_PFOS= ${PREFIX}/etc/pf.os
MAN1= pftcpdump.1
MAN4= pf.4 pflog.4 pfsync.4
MAN5= pf.conf.5 pf.os.5
MAN8= ftp-proxy.8 pfctl.8 pflogd.8
MANCOMPRESSED= maybe
KMODDIR?= ${PREFIX}/modules
MAKE_ARGS= KMODDIR="${KMODDIR}" MANDIR="${PREFIX}/man/man"
SRC_BASE?= /usr/src
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
SYS_ALTQ?= ${SRC_BASE}/sys.altq
MAKE_ARGS+= WITH_ALTQ="yes" SYS_ALTQ="${SYS_ALTQ}"
PLIST_SUB+= WITH_ALTQ=""
.else
PLIST_SUB+= WITH_ALTQ="@comment "
.endif
.include <bsd.port.pre.mk>
.if ${OSVERSION} < 500000
IGNORE= "Only for 5.0 and above"
.endif
.if ${OSVERSION} > 502105
IGNORE= "pf moved to the base system, please build it from there"
.endif
.if !exists(${SRC_BASE}/sys/Makefile) && \
(defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile))
IGNORE= "Kernel source files required"
.endif
.if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes")
pre-fetch:
@${ECHO_MSG} "======================================================="
@${ECHO_MSG} "* If you have ALTQ support from: *"
@${ECHO_MSG} "* http://www.nipsi.de/altq/index.html or *"
@${ECHO_MSG} "* http://www.rofug.ro/projects/freebsd-altq/ *"
@${ECHO_MSG} "* You can define WITH_ALTQ=yes to make use of it *"
@${ECHO_MSG} "* Please define SYS_ALTQ to point to the patched src *"
@${ECHO_MSG} "* *"
@${ECHO_MSG} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *"
@${ECHO_MSG} "* *"
@${ECHO_MSG} "======================================================="
@sleep 2
.endif
post-patch:
@${CP} ${WRKSRC}/pfctl/pfctl_parser.h \
${WRKSRC}/pfctl/pfctl_parser.h.orig
@${SED} -e 's!%%PREFIX%%!${PREFIX}!' \
${WRKSRC}/pfctl/pfctl_parser.h.orig > \
${WRKSRC}/pfctl/pfctl_parser.h
pre-su-install:
${MKDIR} ${KMODDIR}
${MKDIR} ${PREFIX}/include/pf
${MKDIR} ${PREFIX}/include/pf/net
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
${MKDIR} ${PREFIX}/include/pf/altq
.endif
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
.endif
post-install:
${ECHO_MSG} "Installing include files ..."
${INSTALL_DATA} ${WRKSRC}/include/net/pfvar.h \
${PREFIX}/include/pf/net
${INSTALL_DATA} ${WRKSRC}/include/net/if_pflog.h \
${PREFIX}/include/pf/net
${INSTALL_DATA} ${WRKSRC}/include/net/if_pfsync.h \
${PREFIX}/include/pf/net
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
${INSTALL_DATA} ${WRKSRC}/include/altq/*.h \
${PREFIX}/include/pf/altq
.endif
@if [ -f ${WRKSRC}/man/pf.4.gz ]; then \
${ECHO_MSG} "Installing pftcpdump(1) man page."; \
${GZIP_CMD} -cn ${WRKSRC}/freebsd_tcpdump/tcpdump.1 > \
${WRKSRC}/freebsd_tcpdump/tcpdump.1.gz ; \
${INSTALL_MAN} ${WRKSRC}/freebsd_tcpdump/tcpdump.1.gz \
${PREFIX}/man/man1/pftcpdump.1.gz ; \
else \
${ECHO_MSG} "Installing pftcpdump(1) man page."; \
${INSTALL_MAN} ${WRKSRC}/freebsd_tcpdump/tcpdump.1 \
${PREFIX}/man/man1/pftcpdump.1 ; \
fi
@if [ ! -f ${STARTUP_SCRIPT} ]; then \
${ECHO_MSG} "Installing ${STARTUP_SCRIPT} startup file." ; \
${INSTALL_SCRIPT} ${FILESDIR}/pf.sh.sample \
${STARTUP_SCRIPT} ; \
fi
@if [ ! -f ${SAMPLE_CONFIG} ]; then \
${ECHO_MSG} "Installing ${SAMPLE_CONFIG} config file." ; \
${INSTALL_DATA} ${FILESDIR}/pf.conf.default \
${SAMPLE_CONFIG}; \
fi
@if [ ! -f ${SAMPLE_PFOS} ]; then \
${ECHO_MSG} "Installing ${SAMPLE_PFOS} config file."; \
${INSTALL_DATA} ${FILESDIR}/pf.os.default \
${SAMPLE_PFOS}; \
fi
${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PKGMESSAGE}
.include <bsd.port.post.mk>

2
security/pf/distinfo
View file

@ -1,2 +0,0 @@
MD5 (pf_freebsd_2.03.tar.gz) = 0eb093b72ab9348fcb6626339c205136
SIZE (pf_freebsd_2.03.tar.gz) = 995158

11
security/pf/files/patch-aa
View file

@ -1,11 +0,0 @@
--- Makefile.orig Sat Sep 27 10:17:32 2003
+++ Makefile Sat Sep 27 10:17:46 2003
@@ -6,7 +6,7 @@
SUBDIR= libpcap
.endif
-SUBDIR+= pfctl authpf ftp-proxy man pf pflog pfsync
+SUBDIR+= pfctl ftp-proxy man pf pflog pfsync
.include "include/mk/util.mk"

11
security/pf/files/patch-ab
View file

@ -1,11 +0,0 @@
--- pfctl/pfctl_parser.h.orig Sat Sep 27 10:39:47 2003
+++ pfctl/pfctl_parser.h Sat Sep 27 10:40:21 2003
@@ -33,7 +33,7 @@
#ifndef _PFCTL_PARSER_H_
#define _PFCTL_PARSER_H_
-#define PF_OSFP_FILE "/etc/pf.os"
+#define PF_OSFP_FILE "%%PREFIX%%/etc/pf.os"
#define PF_OPT_DISABLE 0x0001
#define PF_OPT_ENABLE 0x0002

12
security/pf/files/patch-pf::pf_ioctl.c
View file

@ -1,12 +0,0 @@
--- pf/pf_ioctl.c.orig Wed Jan 28 20:45:50 2004
+++ pf/pf_ioctl.c Tue Feb 24 15:53:56 2004
@@ -222,6 +222,9 @@
.d_ioctl = pfioctl,
.d_name = PF_NAME,
.d_flags = 0,
+#if __FreeBSD_version >= 502103
+ .d_version = D_VERSION,
+#endif
#endif
};
#endif /* __FreeBSD__ */

78
security/pf/files/pf.conf.default
View file

@ -1,78 +0,0 @@
# $OpenBSD: pf.conf,v 1.21 2003/09/02 20:38:44 david Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Required order: options, normalization, queueing, translation, filtering.
# Macros and tables may be defined and used anywhere.
# Note that translation rules are first match while filter rules are last match.
# Macros: define common values, so they can be referenced and changed easily.
#ext_if="ext0" # replace with actual external interface name i.e., dc0
#int_if="int0" # replace with actual internal interface name i.e., dc1
#internal_net="10.1.1.1/8"
#external_addr="192.168.1.1"
# Tables: similar to macros, but more flexible for many addresses.
#table <foo> { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 }
# Options: tune the behavior of pf, default values are given.
#set timeout { interval 10, frag 30 }
#set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
#set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
#set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
#set timeout { icmp.first 20, icmp.error 10 }
#set timeout { other.first 60, other.single 30, other.multiple 60 }
#set timeout { adaptive.start 0, adaptive.end 0 }
#set limit { states 10000, frags 5000 }
#set loginterface none
#set optimization normal
#set block-policy drop
#set require-order yes
#set fingerprints "/etc/pf.os"
# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
#scrub in all
# Queueing: rule-based bandwidth control.
#altq on $ext_if bandwidth 2Mb cbq queue { dflt, developers, marketing }
#queue dflt bandwidth 5% cbq(default)
#queue developers bandwidth 80%
#queue marketing bandwidth 15%
# Translation: specify how addresses are to be mapped or redirected.
# nat: packets going out through $ext_if with source address $internal_net will
# get translated as coming from the address of $ext_if, a state is created for
# such packets, and incoming packets will be redirected to the internal address.
#nat on $ext_if from $internal_net to any -> ($ext_if)
# rdr: packets coming in on $ext_if with destination $external_addr:1234 will
# be redirected to 10.1.1.1:5678. A state is created for such packets, and
# outgoing packets will be translated as coming from the external address.
#rdr on $ext_if proto tcp from any to $external_addr/32 port 1234 -> 10.1.1.1 port 5678
# rdr outgoing FTP requests to the ftp-proxy
#rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
# spamd-setup puts addresses to be redirected into table <spamd>.
#table <spamd> persist
#no rdr on { lo0, lo1 } from any to any
#rdr inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port 8025
# Filtering: the implicit first two rules are
#pass in all
#pass out all
# block all incoming packets but allow ssh, pass all outgoing tcp and udp
# connections and keep state, logging blocked packets.
#block in log all
#pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
#pass out on $ext_if proto { tcp, udp } all keep state
# pass incoming packets destined to the addresses given in table <foo>.
#pass in on $ext_if proto { tcp, udp } from any to <foo> port 80 keep state
# pass incoming ports for ftp-proxy
#pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state
# assign packets to a queue.
#pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers
#pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing

551
security/pf/files/pf.os.default
View file

@ -1,551 +0,0 @@
# $OpenBSD: pf.os,v 1.10 2003/09/06 01:37:07 frantzen Exp $
# passive OS fingerprinting
# -------------------------
#
# SYN signatures. Those signatures work for SYN packets only (duh!).
#
# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
#
# This fingerprint database is adapted from Michal Zalewski's p0f passive
# operating system package.
#
#
# Each line in this file specifies a single fingerprint. Please read the
# information below carefully before attempting to append any signatures
# reported as UNKNOWN to this file to avoid mistakes.
#
# We use the following set metrics for fingerprinting:
#
# - Window size (WSS) - a highly OS dependent setting used for TCP/IP
# performance control (max. amount of data to be sent without ACK).
# Some systems use a fixed value for initial packets. On other
# systems, it is a multiple of MSS or MTU (MSS+40). In some rare
# cases, the value is just arbitrary.
#
# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number
# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn'
# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the
# value of nn is not fixed (unlikely), just copy the Snn or Tnn token
# literally. If you know this device has a simple stack and a fixed
# MTU, you can however multiply S value by MSS, or T value by MSS+40,
# and put it instead of Snn or Tnn.
#
# If WSS otherwise looks like a fixed value (for example a multiple
# of two), or if you can confirm the value is fixed, please quote
# it literally. If there's no apparent pattern in WSS chosen, you
# should consider wildcarding this value.
#
# - Overall packet size - a function of all IP and TCP options and bugs.
#
# NEW SIGNATURE: Copy this value literally.
#
# - Initial TTL - We check the actual TTL of a received packet. It can't
# be higher than the initial TTL, and also shouldn't be dramatically
# lower (maximum distance is defined as 40 hops).
#
# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally.
# You need to determine the initial TTL. The best way to do it is to
# check the documentation for a remote system, or check its settings.
# A fairly good method is to simply round the observed TTL up to
# 32, 64, 128, or 255, but it should be noted that some obscure devices
# might not use round TTLs (in particular, some shoddy appliances use
# "original" initial TTL settings). If not sure, you can see how many
# hops you're away from the remote party with traceroute or mtr.
#
# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU
# discovery. Others do not bother.
#
# NEW SIGNATURE: Copy this value literally.
#
# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f
# uses it to determine link type of the remote host.
#
# NEW SIGNATURE: Always wildcard this value, except for rare cases when
# you have an appliance with a fixed value, know the system supports only
# a very limited number of network interface types, or know the system
# is using a value it pulled out of nowhere. Specific unique MSS
# can be used to tell Google crawlbots from the rest of the population.
#
# - Window scaling (WSCALE) - this feature is used to scale WSS.
# It extends the size of a TCP/IP window to 32 bits. Some modern
# systems implement this feature.
#
# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set
# to zero or other low value. There's usually no need to wildcard this
# parameter.
#
# - Timestamp - some systems that implement timestamps set them to
# zero in the initial SYN. This case is detected and handled appropriately.
#
# - Selective ACK permitted - a flag set by systems that implement
# selective ACK functionality.
#
# - The sequence of TCP all options (MSS, window scaling, selective ACK
# permitted, timestamp, NOP). Other than the options previously
# discussed, p0f also checks for timestamp option (a silly
# extension to broadcast your uptime ;-), NOP options (used for
# header padding) and sackOK option (selective ACK feature).
#
# NEW SIGNATURE: Copy the sequence literally.
#
# To wildcard any value (except for initial TTL or TCP options), replace
# it with '*'. You can also use a modulo operator to match any values
# that divide by nnn - '%nnn'.
#
# Fingerprint entry format:
#
# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details
#
# wwww - window size (can be *, %nnn, Snn or Tnn). The special values
# "S" and "T" which are a multiple of MSS or a multiple of MTU
# respectively.
# ttt - initial TTL
# D - don't fragment bit (0 - not set, 1 - set)
# ss - overall SYN packet size
# OOO - option value and order specification (see below)
# OS - OS genre (Linux, Solaris, Windows)
# Version - OS Version (2.0.27 on x86, etc)
# Subtype - OS subtype or patchlevel (SP3, lo0)
# details - Generic OS details
#
# If OS genre starts with '*', p0f will not show distance, link type
# and timestamp data. It is useful for userland TCP/IP stacks of
# network scanners and so on, where many settings are randomized or
# bogus.
#
# If OS genre starts with @, it denotes an approximate hit for a group
# of operating systems (signature reporting still enabled in this case).
# Use this feature at the end of this file to catch cases for which
# you don't have a precise match, but can tell it's Windows or FreeBSD
# or whatnot by looking at, say, flag layout alone.
#
# Option block description is a list of comma or space separated
# options in the order they appear in the packet:
#
# N - NOP option
# Wnnn - window scaling option, value nnn (or * or %nnn)
# Mnnn - maximum segment size option, value nnn (or * or %nnn)
# S - selective ACK OK
# T - timestamp
# T0 - timestamp with a zero value
#
# To denote no TCP options, use a single '.'.
#
# Please report any additions to this file, or any inaccuracies or
# problems spotted, to the maintainers: lcamtuf@coredump.cx,
# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet
# capture of the relevant SYN packet(s)
#
# WARNING WARNING WARNING
# -----------------------
#
# Do not add a system X as OS Y just because NMAP says so. It is often
# the case that X is a NAT firewall. While nmap is talking to the
# device itself, p0f is fingerprinting the guy behind the firewall
# instead.
#
# When in doubt, use common sense, don't add something that looks like
# a completely different system as Linux or FreeBSD or LinkSys router.
# Check DNS name, establish a connection to the remote host and look
# at SYN+ACK - does it look similar?
#
# Some users tweak their TCP/IP settings - enable or disable RFC1323
# functionality, enable or disable timestamps or selective ACK,
# disable PMTU discovery, change MTU and so on. Always compare a new rule
# to other fingerprints for this system, and verify the system isn't
# "customized" before adding it. It is OK to add signature variants
# caused by a commonly used software (personal firewalls, security
# packages, etc), but it makes no sense to try to add every single
# possible /proc/sys/net/ipv4 tweak on Linux or so.
#
# KEEP IN MIND: Some packet firewalls configured to normalize outgoing
# traffic (OpenBSD pf with "scrub" enabled, for example) will, well,
# normalize packets. Signatures will not correspond to the originating
# system (and probably not quite to the firewall either).
#
# NOTE: Try to keep this file in some reasonable order, from most to
# least likely systems. This will speed up operation. Also keep most
# generic and broad rules near the end.
#
##########################
# Standard OS signatures #
##########################
# ----------------- AIX ---------------------
# AIX is first because its signatures are close to NetBSD, MacOS X and
# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes...
# This is a shoddy hack, though.
16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier
16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1
# ----------------- Linux -------------------
512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
# Endian snafu! Nelson says "ha-ha":
2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot)
S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy)
S3:64:1:60:M*,S,T,N,W0: Linux:2.4:18-21:Linux 2.4.18 and newer
S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6
S4:64:1:60:M*,S,T,N,W0: Linux:2.6::Linux 2.4/2.6
S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5
S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6
S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer
S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
# Popular cluster config scripts disable timestamps and
# selective ACK:
S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster
# This needs to be investigated. On some systems, WSS
# is selected as a multiple of MTU instead of MSS. I got
# many submissions for this for many late versions of 2.4:
T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon)
# This happens only over loopback, but let's make folks happy:
32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local)
S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local)
# Opera visitors:
16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?)
32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?)
# Some fairly common mods:
S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps
S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps
# ----------------- FreeBSD -----------------
16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.1
16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.1
16384:64:1:44:M*: FreeBSD:4.0-4.1::FreeBSD 2.0-4.1
16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.8::FreeBSD 4.6-4.8
32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X)
32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X)
65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.9::FreeBSD 4.7-5.1
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.7-5.1
# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps)
# ----------------- NetBSD ------------------
65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera)
16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6
16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF)
16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3
65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF)
# ----------------- OpenBSD -----------------
16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4::OpenBSD 3.0-3.4
16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:no-df:OpenBSD 3.0-3.4 (scrub no-df)
57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4::OpenBSD 3.3-3.4
57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4:no-df:OpenBSD 3.3-3.4 (scrub no-df)
65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:opera:OpenBSD 3.0-3.4 (Opera)
# ----------------- Solaris -----------------
S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323
S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8
S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7
S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7
S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1
S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9
S44:255:1:44:M*: Solaris:2.7::Solaris 7
# ----------------- IRIX --------------------
49152:64:0:44:M*: IRIX:6.4::IRIX 6.4
61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5
49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21
49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21
# ----------------- Tru64 -------------------
32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0
32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0
8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6)
# This looks awfully Linuxish :/
# S22:64:0:60:M*,S,T,N,W0: Tru64:5.0:a:Tru64 5.0a
61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack)
# ----------------- OpenVMS -----------------
6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack)
# ----------------- MacOS -------------------
16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
32768:255:1:48:M*,W0,N: MacOS:9.1-9.2::MacOS 9.1/9.2
32768:64:0:60:M*,N,W0,N,N,T: MacOS:X:10.2:MacOS X 10.2
# ----------------- Windows -----------------
# Windows 95 - need more:
8192:32:1:44:M*: Windows:95::Windows 95 (low TTL)
# Windows 98 - plenty of silly signatures:
S44:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL)
8192:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL)
%8192:64:1:48:M*,N,N,S: Windows:98::Windows 98 (or newer XP/2000 with tweaked TTL)
S4:64:1:48:M*,N,N,S: Windows:98::Windows 98
S6:64:1:48:M*,N,N,S: Windows:98::Windows 98
S12:64:1:48:M*,N,N,S: Windows:98::Windows 98
32767:64:1:48:M*,N,N,S: Windows:98::Windows 98
37300:64:1:48:M*,N,N,S: Windows:98::Windows 98
46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323)
65535:64:1:44:M*: Windows:98:noSACK:Windows 98 (no sack)
S16:128:1:48:M*,N,N,S: Windows:98::Windows 98
S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98
S26:128:1:48:M*,N,N,S: Windows:98::Windows 98
T30:128:1:48:M*,N,N,S: Windows:98::Windows 98
32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98
60352:128:1:48:M*,N,N,S: Windows:98::Windows 98
60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98
# Windows NT 4.0 - need more:
64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a
8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older)
6144:128:1:52:M*,W0,N,S,N,N: Windows:NT:4.0:Windows NT 4.0 (RFC1323)
# Windows XP and 2000. Most of the signatures that were
# either dubious or non-specific (no service pack data)
# were deleted and replaced with generics at the end.
65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1
%8192:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1
S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4
S6:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows XP SP1, 2000 SP4
S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows XP Pro SP1, 2000 SP3
S6:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1, 2000 SP4
S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP Pro SP1, 2000 SP3
64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1
32767:128:1:48:M1452,N,N,S: Windows:XP:SP1:Windows XP SP1
65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1
%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1
# Odds, ends, mods:
S52:128:1:48:M1260,N,N,S: Windows:XP:Cisco:Windows XP/2000 via Cisco
S52:128:1:48:M1260,N,N,S: Windows:2000:Cisco:Windows XP/2000 via Cisco
# HUNT DOWN:
# *:128:1:48:M*,N,N,S:U:@Windows:XP (leak) (PLEASE REPORT)
# ----------------- HP/UX -------------------
32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20
32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0
32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11
32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11
# Whoa. Hardcore WSS.
0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323)
# ----------------- RiscOS ------------------
# We don't yet support the ?12 TCP option
#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36
# ----------------- BSD/OS ------------------
# Once again, power of two WSS is also shared by MacOS X with DF set
8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF)
8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2)
# ---------------- NewtonOS -----------------
4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1
# ---------------- NeXTSTEP -----------------
S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3
# ------------------ BeOS -------------------
1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1
12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x
# ------------------ OS/400 -----------------
8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5
8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5
4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032
# ------------------ ULTRIX -----------------
16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5
# ------------------- QNX -------------------
S16:64:0:44:M512: QNX:::QNX demodisk
# ------------------ Novell -----------------
16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0
6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11
# ----------------- SCO ------------------
S17:64:1:44:M1460: SCO:Unixware:7.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06
S17:64:1:44:M1460: SCO:OpenServer:5.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06
S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1
# ------------------- DOS -------------------
2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05
###########################################
# Appliance / embedded / other signatures #
###########################################
# ---------- Firewalls / routers ------------
S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1)
S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2)
4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x
60352:64:0:52:M1460,N,W2,N,N,S: Clavister:7::Clavister firewall 7.x
# ------- Switches and other stuff ----------
4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc
S8:255:0:44:M*: Cisco:12008::Cisco 12008
60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch
64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client
# ---------- Caches and whatnots ------------
S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache
32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x
16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1
65535:64:0:64:M1460,N,N,S,N,W3,N,N,T: NetApp:5.3:1:NetApp 5.3.1
65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow
8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1
S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine
27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based)
65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler
S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg
16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?)
# ----------- Embedded systems --------------
S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C
S5:255:0:44:M536: PalmOS:3::PalmOS 3/4
S5:255:0:44:M536: PalmOS:4::PalmOS 3/4
S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5
2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera)
S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7
8192:255:0:44:M1460: SymbianOS:6048::SymbianOS 6048 (on Nokia 7650?)
8192:255:0:44:M536: SymbianOS:::SymbianOS (on Nokia 9210?)
# Perhaps S4?
5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10
32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002
S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0
4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0
S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64
####################
# Fancy signatures #
####################
1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1)
2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2)
3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3)
4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4)
1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1)
2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2)
3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3)
4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4)
#####################################
# Generic signatures - just in case #
#####################################
#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x
#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x
*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323)
*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323)
*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+)
*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000
*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000

68
security/pf/files/pf.sh.sample
View file

@ -1,68 +0,0 @@
#!/bin/sh
#
# $FreeBSD$
if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then
echo "$0: Cannot determine the PREFIX" >&2
echo "Please use the complete pathname." >&2
exit 1
fi
if [ -z "${source_rc_confs_defined}" ]; then
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
source_rc_confs
elif [ -r /etc/rc.conf ]; then
. /etc/rc.conf
fi
fi
case "$1" in
start)
case "${pf_enable}" in
[Yy][Ee][Ss])
echo -n ' pf'
kldload ${PREFIX}/modules/pflog.ko
kldload ${PREFIX}/modules/pfsync.ko
if [ -f ${PREFIX}/modules/pfaltq.ko ]; then
kldload ${PREFIX}/modules/pfaltq.ko
fi
ifconfig pflog0 up
ifconfig pfsync0 up
case "${pf_logd}" in
[Yy][Ee][Ss])
if [ -x ${PREFIX}/sbin/pflogd ]; then
echo -n ' pflogd'
${PREFIX}/sbin/pflogd
fi
;;
esac
kldload ${PREFIX}/modules/pf.ko
if [ -f ${pf_conf:-${PREFIX}/etc/pf.conf} ]; then
if [ -x ${PREFIX}/sbin/pfctl ]; then
${PREFIX}/sbin/pfctl -e \
-f ${pf_conf:-${PREFIX}/etc/pf.conf} \
${pfctl_flags}
fi
fi
;;
esac
;;
stop)
if [ -x ${PREFIX}/sbin/pfctl ]; then
${PREFIX}/sbin/pfctl -d
fi
killall pflogd
kldunload pf
if [ -f ${PREFIX}/modules/pfaltq.ko ]; then
kldunload pfaltq
fi
kldunload pflog
kldunload pfsync
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
;;
esac
exit 0

15
security/pf/pkg-descr
View file

@ -1,15 +0,0 @@
Packet Filter (from here on referred to as PF) is OpenBSD's system for
filtering TCP/IP traffic and doing Network Address Translation. PF is also
capable of normalizing and conditioning TCP/IP traffic and providing bandwidth
control and packet prioritization.
Version 2.00 of this port has the same function set as found in OpenBSD 3.4
Information about pf can be found at the website of Daniel Hartmeier, the
original author of PF: http://www.benzedrine.cx/pf.html and OpenBSD PF FAQ:
http://www.openbsd.org/faq/pf/
WWW: http://pf4freebsd.love2party.net/
-Max <reports@pf4freebsd.love2party.net>

189
security/pf/pkg-install
View file

@ -1,189 +0,0 @@
#!/bin/sh
# an installation script for pf_freebsd copied from Wnn6
check_pw()
{
if which -s pw; then
:
else
cat <<EOF
This system looks like a pre-2.2 version of FreeBSD. We see that it
is missing the "pw" utility. We need this utility. Please get and
install it, and try again. You can get the source from:
ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz
EOF
exit 1
fi
}
ask() {
local question default answer
question=$1
default=$2
if [ -z "${PACKAGE_BUILDING}" ]; then
read -p "${question} (y/n) [${default}]? " answer
fi
if [ x${answer} = x ]; then
answer=${default}
fi
echo ${answer}
}
yesno() {
local dflt question answer
question=$1
dflt=$2
while :; do
answer=$(ask "${question}" "${dflt}")
case "${answer}" in
[Yy]*) return 0;;
[Nn]*) return 1;;
esac
echo "Please answer yes or no."
done
}
check_service() {
local name number type comment
name=$1
number=$2
type=$3
comment=$4
FILE="/etc/services"
# check
OK=no
HAS_SERVICE=no
COUNT=1
for i in `grep $name $FILE `; do
if [ $COUNT = 1 ] && [ X"$i" = X"$name" ]; then
HAS_SERVICE=yes
elif [ $COUNT = 2 ] && [ $HAS_SERVICE = yes ] && \
[ X"$i" = X"$number/$type" ]; then
OK=yes
break
fi
COUNT=`expr ${COUNT} + 1`
done
# add an entry for SERVICE to /etc/services
if [ $OK = no ]; then
echo "This system has no entry for $name in ${FILE}"
if yesno "Would you like to add it automatically?" y; then
mv ${FILE} ${FILE}.bak
(grep -v $name ${FILE}.bak ; \
echo "$name $number/$type # $comment") \
>> ${FILE}
rm ${FILE}.bak
else
echo "Please add '$name $number/$type' into ${FILE}, and try again."
return 1
fi
fi
return 0
}
check_group() {
local name id
name=$1
id=$2
#check
# We need a command 'pw(8)'
check_pw
if pw groupshow $name -q ; then
return 0
fi
if pw groupadd -g $id -n $name -N -q ; then
echo ""
echo "You need a group '$name' whose ID number is $id"
if yesno "Would you like to create it automatically?" y; then
pw groupadd -g $id -n $name
return 0
fi
fi
echo ""
echo "I was not able to add group 'proxy:*:62:' as pw reported:"
pw groupadd -g $id -n $name -N
echo "Please correct this and try again!"
echo ""
return 1
}
check_user() {
local name id group
name=$1
id=$2
group=$3
# check
id_id=`id -u $id 2> /dev/null`
id_name=`id -u $name 2> /dev/null`
if [ X"$id_name" = X$id ];then
return 0
elif [ X"$id_id" != X ]; then
cat <<EOF
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This system already has an account whose name is not '$name' and ID
number is $id.
'`id $id`'
For ftp-proxy in this port or package, ID number of '$name' has to be $id.
Please try again after you delete the account.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
EOF
exit 1
elif [ X"$id_name" != X ]; then
cat <<EOF
There is a user '$name' with ID '$id_name'. I'll try to use this account.
EOF
return 0
fi
# add an account '$name' to this system
echo ""
echo "You need an account '$name' whose ID number is $id"
if yesno "Would you like to create it automatically?" y; then
# We need a command 'pw(8)'
check_pw
pw useradd $name -u $id -g $group -h - -d /nonexistent \
-s /nonexistent -c "Packet Filter pseudo-user" || exit
else
echo "Please create it, and try again."
return 1
fi
return 0
}
case $2 in
PRE-INSTALL)
if ! check_service ftp-proxy 8021 tcp "# ftp-proxy service port"; then
exit 1
fi
if [ "`grep ftp-proxy /etc/inetd.conf`" ]; then
echo "Found ftp-proxy entry in inetd.conf ..."
else
echo "Adding sample entry for ftp-proxy to /etc/inetd.conf"
echo "#ftp-proxy stream tcp nowait root ${PKG_PREFIX}/libexec/ftp-proxy ftp-proxy" >> /etc/inetd.conf
fi
if ! check_group proxy 62 ; then
exit 1
fi
groupid=`pw groupshow proxy | awk \
'{ split ($1,var,":"); print var[3] }' `
if ! check_user proxy 62 $groupid; then
exit 1
fi
;;
esac

15
security/pf/pkg-message
View file

@ -1,15 +0,0 @@
To use pf, please follow these steps:
1. Add kernel options into your kernel config file and recompile kernel:
device bpf
options PFIL_HOOKS
options RANDOM_IP_ID
2. Please set the following variables in /etc/rc.conf according to your needs:
pf_enable="Yes"
pf_logd="Yes"
pf_conf="%%PREFIX%%/etc/pf.conf"
3. Check %%PREFIX%%/etc/rc.d/pf.sh, it is the startup script for pf!

35
security/pf/pkg-plist
View file

@ -1,35 +0,0 @@
libexec/ftp-proxy
modules/linker.hints
modules/pf.ko
modules/pflog.ko
modules/pfsync.ko
%%WITH_ALTQ%%modules/pfaltq.ko
sbin/pfctl
sbin/pflogd
sbin/pftcpdump
etc/rc.d/pf.sh.sample
etc/pf.conf.default
etc/pf.os
include/pf/net/pfvar.h
include/pf/net/if_pflog.h
include/pf/net/if_pfsync.h
%%WITH_ALTQ%%include/pf/altq/altq.h
%%WITH_ALTQ%%include/pf/altq/altq_cbq.h
%%WITH_ALTQ%%include/pf/altq/altq_cdnr.h
%%WITH_ALTQ%%include/pf/altq/altq_classq.h
%%WITH_ALTQ%%include/pf/altq/altq_hfsc.h
%%WITH_ALTQ%%include/pf/altq/altq_priq.h
%%WITH_ALTQ%%include/pf/altq/altq_red.h
%%WITH_ALTQ%%include/pf/altq/altq_rio.h
%%WITH_ALTQ%%include/pf/altq/altq_rmclass.h
%%WITH_ALTQ%%include/pf/altq/altq_rmclass_debug.h
%%WITH_ALTQ%%include/pf/altq/altq_var.h
%%WITH_ALTQ%%include/pf/altq/if_altq.h
@dirrm modules
@dirrm include/pf/net
@dirrm include/pf