DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
2,611 Commits 15 Branches 0 Tags
Commit Graph

141 Commits

Author SHA1 Message Date
Pierre Pronchery
8a1289cdc9 More consistent usage screens 2018-07-17 16:45:46 +02:00
Markus Gerstel
2b365abcee fix spelling errors flagged by Debian lintian 2016-08-22 22:53:46 +01:00
Michael Rash
6e54e9452a [test suite] add ENABLE_RULE_PREPEND test 2016-05-26 19:21:07 -07:00
Jonathan Bennett
dc9ad5de4a Adds a length modifier to is_valid_ipv4_addr 2016-05-07 21:59:48 -05:00
Jonathan Bennett
09177554bf Adds configuration option for X-Forwarded-For 2016-04-09 11:03:16 -05:00
Jonathan Bennett
9d0e12a313 Adds option to insert new FW rules to top of chain 2016-04-08 21:37:10 -05:00
Michael Rash
29411dea8c Merge branch 'master' of ssh://github.com/mrash/fwknop 2016-01-03 08:44:22 -05:00
Michael Rash
6247fe9e6a Merge remote-tracking branch 'origin/dstuart_netfilter_queue' 2016-01-03 08:31:12 -05:00
Jonathan Bennett
3378ba2423 Add Doxygen headers for server files 2016-01-01 02:09:59 +00:00
Jonathan Bennett
669e448db5 Add ENABLE_NAT_DNS config option 2015-12-31 18:05:55 +00:00
Michael Rash
a85b081f79 copyright update 2015-12-23 14:34:51 -05:00
Damien Stuart
0d41b78d18 Merge branch 'master' into dstuart_netfilter_queue and resolved one conflict in cmd_opts.h 2015-12-21 00:12:11 -05:00
Damien Stuart
db28efae25 Added linking libnfnetlink. Tweaks to get NFQ working with firewalld. 2015-12-20 23:46:32 -05:00
Damien Stuart
ba611a2d2c Many additions and modifications for support of capture via Netfilter Queue. 2015-12-20 21:58:31 -05:00
Michael Rash
e7f1813962 [test suite] implement different access stanza init strategy, 'complete cycle, include (3)' test passes now 2015-12-20 18:17:42 -08:00
Michael Rash
e25b78e81d [test suite] restore digest cache validation with a new arg --exit-parse-digest-cache 2015-12-19 05:46:36 -08:00
Michael Rash
c0b6db20be [server] start on not calling strtol_wrapper() repeatedly after the config is parsed 2015-12-16 20:26:17 -08:00
Michael Rash
f230c32371 promote chop_* functions into fko_util 2015-12-16 18:00:57 -08:00
Michael Rash
8533d9d248 [server] use chop_char() to strip trailing '/' chars from directories 2015-12-17 22:51:08 -05:00
Michael Rash
d8dc1fcdee [server] add is_valid_file() function, default to lstat() instead of stat(), more %include_folder tests 2015-12-13 01:39:29 -08:00
Jonathan Bennett
f7667239e6 Add documentation for the --access-folder command line option 2015-12-10 17:41:43 -06:00
Jonathan Bennett
a0c4acd31c Adds the --access-folder command line option 2015-12-10 12:45:28 -06:00
Damien Stuart
d2cef1746c Initial update for NETFILTER_QUEUE support. These changes are not tested at all as they were edit on a Mac, but are linux-specific. 2015-11-28 15:03:39 -05:00
Michael Rash
dd1528c829 [test suite] set sudo path on the fwknopd command line 2015-08-21 22:24:45 -04:00
Michael Rash
d681485e29 [server] add sudo support, closes #159 2015-07-22 04:08:58 -07:00
Michael Rash
89b2e8f477 [server] interface goes down will cause fwknopd to exit 
By default, fwknopd will now exit if the interface that it is
sniffing goes down (patch contributed by Github user 'sgh7'). If this
happens, it is expected that the native process monitoring feature in
things like systemd or upstart will restart fwknopd. However, if fwknopd
is not being monitored by systemd, upstart, or anything else, this
behavior can be disabled with the EXIT_AT_INTF_DOWN variable in the
fwknopd.conf file. If disabled, fwknopd will try to recover when a
downed interface comes back up.
 2015-07-18 13:11:25 -07:00
Michael Rash
795b1de4dd [server] Added RULES_CHECK_THRESHOLD to define 'deep' rule expiration check frequency 
The RULES_CHECK_THRESHOLD variable defines the number of times firewall rule
expiration times must be checked before a "deep" check is run. This allows
fwknopd to remove rules that contain a proper '_exp_<time>' even if a third party
program added them instead of fwknopd. The default value for this variable is 20,
and this typically results in this check being run every two seconds or so. To
disable this type of checking altogether, set this variable to zero.
 2015-07-18 10:37:17 -07:00
Michael Rash
4c7679fabd [server] start on sudo usage for command exec (issue #159) 2015-07-02 23:44:16 -04:00
Michael Rash
7bbc30f34c [server] bug fix for --key-gen being called inappropriately, add fw compiled string to -V 2015-06-01 05:27:27 -07:00
Michael Rash
de3bca2f9e handle key generation before config parsing 2015-05-20 09:47:51 -07:00
Michael Rash
ceb1713976 add --key-gen option to fwknopd (suggested by Jonathan Bennett) 2015-05-20 08:55:17 -07:00
Michael Rash
94af6172bb [server] minor -h usage update 2015-04-20 08:41:28 -07:00
Michael Rash
ab5c000a32 [test suite] added afl-cmin scripts, and the main test suite configs are referenced 2015-03-20 16:09:40 -04:00
Michael Rash
76b1c6dd50 Merge branch 'spa_destination_ip' 2014-12-04 20:07:05 -05:00
Michael Rash
285ec0ddcb [server] add AFL support for fuzzing SPA Rijndael decryption routine directly with --afl-pkt-file 2014-12-03 20:25:05 -05:00
Grant Pannell
624872ef48 Add DESTINATION access.conf directive and ENABLE_DESTINATION_RULE fwknopd.conf directive 2014-11-29 15:05:06 +10:30
Michael Rash
a64542c7a4 [server] add --run-dir command line arg 2014-11-25 22:06:56 -05:00
Michael Rash
d2880021ca [server] document --udp-server option 2014-11-15 10:45:59 -05:00
Michael Rash
aaa44656bc [server] add support for American Fuzzy Lop (ALF) fuzzing 2014-11-13 20:55:04 -05:00
Michael Rash
d2abbd8720 [test suite] more code coverage tests 2014-10-25 22:29:49 -04:00
Michael Rash
ddbba5bc90 autoconf update to ensure libpcap is not linked against in --enable-udp-server mode 2014-09-29 11:42:11 -04:00
Michael Rash
52d34a70a2 fwknopd man page updates, added UDPSERV_SELECT_TIMEOUT config option 2014-09-28 22:32:20 -04:00
Michael Rash
1fd0e7e960 first cut at UDP server mode 2014-09-28 11:49:04 -04:00
Gerry Reno
ac82b1ced2 more changes for firewalld 2014-08-31 13:51:08 -04:00
Gerry Reno
d47ebb602a more changes for firewalld 2014-08-31 02:23:39 -04:00
Michael Rash
3c06948414 [server] alert the user when config file variable expansion references invalid var 2014-07-08 16:25:53 -05:00
Michael Rash
4ab677cfe0 [server] minor fwknopd --help output update 2014-06-09 20:40:44 -04:00
Michael Rash
6d1d66fe03 add --fault-injection-tag support to the client/server/libfko 
This is a significant commit to add the ability to leverage libfko fault
injections from both the fwknop client and server command lines via a
new option '--fault-injection-tag <tag name>'.  This option is used by
the test suite with the tests/fault_injection.pl tests.
 2014-06-05 23:05:49 -04:00
Michael Rash
0c544f2690 [server] add --test mode to enable broader fuzzing coverage 2014-05-08 07:35:42 -04:00
Michael Rash
02ed5f5ad4 [server] add --exit-parse-config option, man page updates (minor formatting change) 2014-05-04 09:17:27 -04:00