Minor cleanup

CONTRIBUTERS

@@ -1,5 +1,5 @@
 Many thanks to everybody who has helped to improve knockd in some way. This is
-a fairly old project, and some contributer names have almost surely been lost
+a fairly old project, and some contributor names have almost surely been lost
 along the way. Thanks to the unsung heroes too.
 
 - airwoflgh <paul.rogers@flumps.org>

COPYING

@@ -1,13 +1,12 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
 
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
-			    Preamble
+                            Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -16,7 +15,7 @@ software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
+the GNU Lesser General Public License instead.)  You can apply it to
 your programs, too.
 
   When we speak of free software, we are referring to freedom, not
@@ -56,8 +55,8 @@ patent must be licensed for everyone's free use or not licensed at all.
 
   The precise terms and conditions for copying, distribution and
 modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
+
+                    GNU GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License applies to any program or other work which contains
@@ -111,7 +110,7 @@ above, provided that you also meet all of these conditions:
     License.  (Exception: if the Program itself is interactive but
     does not normally print such an announcement, your work based on
     the Program is not required to print an announcement.)
-
+
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
@@ -169,7 +168,7 @@ access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
-
+
   4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
@@ -226,7 +225,7 @@ impose that choice.
 
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
-
+
   8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
@@ -256,7 +255,7 @@ make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
 
-			    NO WARRANTY
+                            NO WARRANTY
 
   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
@@ -278,9 +277,9 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 
-		     END OF TERMS AND CONDITIONS
-
-	Appendix: How to Apply These Terms to Your New Programs
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
 
   If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
@@ -292,7 +291,7 @@ convey the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
     <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) 19yy  <name of author>
+    Copyright (C) <year>  <name of author>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -304,16 +303,16 @@ the "copyright" line and a pointer to where the full notice is found.
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
 
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
 Also add information on how to contact you by electronic and paper mail.
 
 If the program is interactive, make it output a short notice like this
 when it starts in an interactive mode:
 
-    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision version 69, Copyright (C) year name of author
     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.
@@ -336,5 +335,5 @@ necessary.  Here is a sample; alter the names:
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
+library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.

ChangeLog

@@ -4,7 +4,7 @@ VERSION         DESCRIPTION
               - IPv6 support (Sebastien Valat)
 0.7.8         - Fix for Issue #33, #34 and #35 contributed by Alexander
                 Rumyanstev.
-0.7.7         - Fix for Issue #7 & #17 contributed by Michael G�hler.
+0.7.7         - Fix for Issue #7 & #17 contributed by Michael Göhler.
                 All IPs assigned to a single interface are now listened on.
               - Fix for compile warning on OSX where daemon() is deprecated.
               - Fix for Issue #15 - list.c OpenBSD segfault: change malloc
@@ -13,7 +13,7 @@ VERSION         DESCRIPTION
                 correctly.
 0.7.5         - Added Greg Kuchyt's knock_add script but updated to be a
                 generic IPTables helper that also deletes rules
-0.7.4         - Patches from Michael G�hler
+0.7.4         - Patches from Michael Göhler
                 - Updated gitignore to include additional autoconf files.
                 - Updated Makefile to fix deprecated warning on CPPFLAG
                   -D_BSD_SOURCE.

README.md

@@ -2,7 +2,7 @@
 
 Copyright (c) 2004, Judd Vinet <jvinet@zeroflux.org>
 
-### ABOUT  
+### ABOUT
 
 This is a port-knocking server/client.  Port-knocking is a method where a
 server can sniff one of its interfaces for a special "knock" sequence of
@@ -22,7 +22,7 @@ installed. Then run the following:
     $ sudo make install
 
 
-### EXAMPLE  
+### EXAMPLE
 
 The example below could be used to run a strict (DENY policy) firewall that
 can only be accessed after a successful knock sequence.
@@ -47,10 +47,9 @@ powerful clients.
   - [sendip](http://freshmeat.net/projects/sendip/)
 
 
-### OTHER IMPLEMENTATIONS  
+### OTHER IMPLEMENTATIONS
 
 Here are some other implementations of port-knocking:
 
   - [pasmal](http://sourceforge.net/projects/pasmal/)
   - [doorman](http://doorman.sourceforge.net/)
-

doc/knockd.1.in

@@ -118,7 +118,7 @@ sniffing the network).
 	start_command      = /usr/sbin/iptables \-A INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
 	cmd_timeout        = 5
 	stop_command       = /usr/sbin/iptables \-D INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
-	
+
 .fi
 .TP
 .SH Example #4:
@@ -139,7 +139,7 @@ of the two protocols.
 	cmd_timeout        = 5
 	stop_command       = /usr/sbin/iptables \-D INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
 	stop_command_6     = /usr/sbin/ip6tables \-D INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
-	
+
 .fi
 .RE
 .SH CONFIGURATION: GLOBAL DIRECTIVES
@@ -222,18 +222,18 @@ Time to wait (in seconds) between \fBStart_Command\fP and \fBStop_Command\fP.
 This directive is optional, only required if \fBStop_Command\fP is used.
 .TP
 .B "Stop_Command = <command>"
-Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed 
+Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed
 since \fBStart_Command\fP has been executed.  All instances of \fB%IP%\fP will
 be replaced with the knocker's IP address.  This directive is optional.
 .TP
 .B "Stop_Command_6 = <command>"
-Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed 
+Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed
 since \fBStart_Command_6\fP has been executed.  All instances of \fB%IP%\fP will
 be replaced with the knocker's IP address.  This directive is optional.
-If not present it will automatically fallback onto the same IPV4 
+If not present it will automatically fallback onto the same IPV4
 \fBStop_Command\fP value. You can use empty value to force
 doing nothing.
-.SH SECURITY NOTES 
+.SH SECURITY NOTES
 Using the \fB-l\fP or \fB--lookup\fP commandline option to resolve DNS names
 for log entries may be a security risk!  An attacker may find out the first port
 of a sequence if he can monitor the DNS traffic of the host running knockd.

knockd.conf

@@ -18,4 +18,3 @@
 	seq_timeout = 5
 	command     = /usr/local/sbin/knock_add -i -c INPUT -p tcp -d 443 -f %IP%
 	tcpflags    = syn
-

src/knock_helper_ipt.sh

@@ -3,7 +3,7 @@
 # Original version to add non-duplicated rules by Greg Kuchyt (greg.kuchyt@gmail.com)
 # Updated to handle deletes and be generic by Paul Rogers (paul.rogers@flumps.org)
 
-SCRIPT_NAME=$(basename $0)
+SCRIPT_NAME=$(basename "$0")
 
 AWK="/bin/awk"
 GREP="/bin/grep"
@@ -37,25 +37,24 @@ usage() {
 	echo "-d|--dstport     The destination port to be used in the rule"
 	echo "-p|--proto       The protocol that the rule applies to; default: $IPT_PROTO"
 	echo "-c|--chain       The NetFilter chain to apply the change to; default: $IPT_CHAIN"
-	echo "-m|--comment     Overide default comment text: '$COMMENT_DEFAULT'"
+	echo "-m|--comment     Override default comment text: '$COMMENT_DEFAULT'"
 	echo "-t|--test        Test run - don't actually perform an update to NetFilter"
 	echo "-h|--help        Print this informational screen and exit"
 	echo "-v|--verbose     Print verbose information about actions"
 }
 
-ARGS=$(getopt -o aixf:d:p:c:m::thv -l "append,insert,delete,srcaddr:,dstport:,proto:,chain:,comment::,test,help,verbose" -n $SCRIPT_NAME -- "$@")
+ARGS=$(getopt -o aixf:d:p:c:m::thv -l "append,insert,delete,srcaddr:,dstport:,proto:,chain:,comment::,test,help,verbose" -n "$SCRIPT_NAME" -- "$@")
 
-if [ $? -ne 0 ];
-then
-        echo "$SCRIPT_NAME - Error! Invalid arguments"
-        usage
-        exit 1
+if [ $? -ne 0 ]; then
+	echo "$SCRIPT_NAME - Error! Invalid arguments"
+	usage
+	exit 1
 fi
 
 eval set -- "$ARGS"
 
 while true; do
-        case "$1" in
+	case "$1" in
 		-a|--append)
 			IPT_METHOD="-A"
 			shift;
@@ -88,16 +87,16 @@ while true; do
 			case "$2" in
 				"")
 					IPT_COMMENT=$COMMENT_DEFAULT;
-					shift 2;;
+					shift 2 ;;
 				*)
 					IPT_COMMENT=$2;
 					shift 2 ;;
 			esac
 		;;
 		-t|--test)
 			DRY_RUN=1
-                        shift;
-                ;;
+			shift;
+		;;
 		-h|--help)
 			usage
 			shift;
@@ -107,11 +106,11 @@ while true; do
 			VERBOSE=1
 			shift;
 		;;
-                --)
-                        shift;
-                        break;
-                ;;
-        esac
+		--)
+			shift;
+			break;
+		;;
+	esac
 done
 
 # Begin sanity checks
@@ -153,21 +152,21 @@ if [ -n "$IPT_COMMENT" ]; then
 	COMMENT="-m comment --comment '$IPT_COMMENT'"
 fi
 
-$IPTABLES -L $IPT_CHAIN &> /dev/null
+$IPTABLES -L "$IPT_CHAIN" >/dev/null 2>&1
 if [ 0 -ne "$?" ]; then
 	echo "$SCRIPT_NAME - Error: $IPT_CHAIN is not a valid NetFilter chain"
 	exit
 fi
 # End sanity checks
 
 # Dupe checking
-for IP in `$IPTABLES -n -L $IPT_CHAIN | $GREP $IPT_RULE_TARGET | $AWK '{print $4}' | $SORT -u`;
+for IP in `$IPTABLES -n -L "$IPT_CHAIN" | $GREP "$IPT_RULE_TARGET" | $AWK '{print $4}' | $SORT -u`;
 do
 	if [ "$VERBOSE" -eq 1 ]; then
 		echo "$SCRIPT_NAME - $IP"
 	fi
 
-	if [ "$IPT_SRC_IP" == "$IP" ]; then
+	if [ "$IPT_SRC_IP" = "$IP" ]; then
 		SEEN=1
 	fi
 done
@@ -176,14 +175,13 @@ if [ "$VERBOSE" -eq 1 ]; then
 	echo "$SCRIPT_NAME - Seen: $SEEN"
 fi
 
-
 if [ "$SEEN" -eq 0 ]; then
 	if [ "$VERBOSE" -eq 1 ]; then
 		echo "$SCRIPT_NAME - $IPT_COMMENT"
-		echo $IPTABLES $IPT_METHOD $IPT_CHAIN -s $IPT_SRC_IP -p $IPT_PROTO --dport $IPT_DST_PORT -j $IPT_RULE_TARGET $COMMENT
+		echo "$IPTABLES $IPT_METHOD $IPT_CHAIN -s $IPT_SRC_IP -p $IPT_PROTO --dport $IPT_DST_PORT -j $IPT_RULE_TARGET $COMMENT"
 	fi
 
 	if [ "$DRY_RUN" -eq 0 ]; then
 		eval $IPTABLES $IPT_METHOD $IPT_CHAIN -s $IPT_SRC_IP -p $IPT_PROTO --dport $IPT_DST_PORT -j $IPT_RULE_TARGET $COMMENT
 	fi
-fi
+fi