DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
2,691 Commits 15 Branches 0 Tags
Commit Graph

131 Commits

Author SHA1 Message Date
Pierre Pronchery
d28d1cb12d Add support for rule expiration with IPv6 2018-08-20 11:02:16 +02:00
Pierre Pronchery
68cacee9f1 Remove support for IPv6 for rules shared with IPv4 2018-08-20 11:02:16 +02:00
Pierre Pronchery
282aa2dc09 Provide enough space to resolve IPv6 addresses 2018-08-20 11:02:16 +02:00
Pierre Pronchery
ba4d095daa Fix a couple more uses of ctype(3) 2018-08-20 11:02:16 +02:00
Pierre Pronchery
dd0597f7f8 Code cleanup 2018-08-20 11:02:16 +02:00
Pierre Pronchery
fa664db600 Add preliminary support for IPv6 with iptables 2018-08-20 11:02:16 +02:00
Pierre Pronchery
576eb11191 Add IPv6 support to --fw-list{,all} 2018-08-20 11:02:16 +02:00
Pierre Pronchery
edeea235bc Add a configuration variable for IPv6 firewall binaries 
This is only relevant for iptables at the moment.
 2018-08-20 11:02:16 +02:00
Pierre Pronchery
15dfc94e9c Fix the build on Linux (iptables) 2018-08-20 11:02:16 +02:00
Michael Rash
dd1f05c030 Merge pull request #221 from oneru/master 
[Server] slightly broadens FORWARD rule matching, disables rewriting …
 2016-05-31 21:11:25 -04:00
Jonathan Bennett
b5db9c66d3 [Server] Free the access list on invalid hostname, fixes memory leak. 2016-05-29 23:40:14 -05:00
Jonathan Bennett
d448004f38 [Server] slightly broadens FORWARD rule matching, disables rewriting sport for snat 2016-05-29 14:13:53 -05:00
Michael Rash
6e54e9452a [test suite] add ENABLE_RULE_PREPEND test 2016-05-26 19:21:07 -07:00
Damien Stuart
7c84cadd43 Added missing parens on if statement (was causing compiler error on fw_util_iptables). 2016-05-10 22:43:11 -04:00
Michael Rash
23d70f1aa3 Merge pull request #216 from oneru/add-nat-validation 
Add nat validation
 2016-05-08 21:53:13 -04:00
Jonathan Bennett
b517fdad44 Add checks to avoid calling strlen on a null pointer 2016-05-08 00:41:45 -05:00
Jonathan Bennett
b088030ad5 Adds hostname validation for hostname in NAT on server 2016-05-07 23:21:01 -05:00
Jonathan Bennett
ddc422125f Style changes, and avoid returning undefined value in fw_util functions 2016-05-07 22:36:39 -05:00
Jonathan Bennett
dc9ad5de4a Adds a length modifier to is_valid_ipv4_addr 2016-05-07 21:59:48 -05:00
Michael Rash
f42aeb39dc [server] make sure exp buffer does not contain closing '*' chars (from @oneru) 2016-04-30 09:27:07 -04:00
Jonathan Bennett
9d0e12a313 Adds option to insert new FW rules to top of chain 2016-04-08 21:37:10 -05:00
Michael Rash
29411dea8c Merge branch 'master' of ssh://github.com/mrash/fwknop 2016-01-03 08:44:22 -05:00
Michael Rash
6247fe9e6a Merge remote-tracking branch 'origin/dstuart_netfilter_queue' 2016-01-03 08:31:12 -05:00
Jonathan Bennett
3378ba2423 Add Doxygen headers for server files 2016-01-01 02:09:59 +00:00
Jonathan Bennett
669e448db5 Add ENABLE_NAT_DNS config option 2015-12-31 18:05:55 +00:00
Jonathan Bennett
748803aef7 Add length checks for nat_access messages 2015-12-31 04:40:41 +00:00
Jonathan Bennett
bc55f0f21f Add count_characters and a CUnit test series for it. 2015-12-31 04:14:58 +00:00
Jonathan Bennett
56be13b3f6 Add dns resolution for nat access 2015-12-31 04:13:46 +00:00
Michael Rash
a85b081f79 copyright update 2015-12-23 14:34:51 -05:00
Damien Stuart
0d41b78d18 Merge branch 'master' into dstuart_netfilter_queue and resolved one conflict in cmd_opts.h 2015-12-21 00:12:11 -05:00
Damien Stuart
ba611a2d2c Many additions and modifications for support of capture via Netfilter Queue. 2015-12-20 21:58:31 -05:00
Michael Rash
4f81dd7747 [server] local NAT should not be enabled by default 2015-12-07 16:51:19 -08:00
Michael Rash
988075b52b [server] bug fix to honor client timeout SPA messages in --nat-local mode, fixes #173 2015-12-04 19:36:51 -08:00
Damien Stuart
d2cef1746c Initial update for NETFILTER_QUEUE support. These changes are not tested at all as they were edit on a Mac, but are linux-specific. 2015-11-28 15:03:39 -05:00
Michael Rash
ec9eef3365 [server] fix a dead code condition spotted by Coverity 2015-08-19 23:41:47 -04:00
Michael Rash
423899f3c4 [server] minor fix to remove unnecessary var definition 2015-08-18 22:02:00 -04:00
Michael Rash
295a6a0d14 [server] fix is_digits() logic and add tests 2015-07-17 21:28:02 -07:00
Michael Rash
6e4ad4767f [server] make sure fw _exp_NNN... strings contain only digits after the _exp_ prefix 2015-07-17 12:15:01 -07:00
Michael Rash
b753812cf6 [server] minor addition of function names to fw command error log messages 2015-07-17 11:48:28 -07:00
Michael Rash
f1c3806dca [test suite] added tests for duplicate rule detection (issue #162) 2015-07-14 21:13:46 -04:00
Michael Rash
ef9498f783 [server] Implement garbage cleanup mode for rule deletion 
This is a significant commit that allows fwknopd to delete expired rules
from the firewall policy regardless of whether fwknopd is tracking them.
That is, a third party program could insert rules into the fwknopd
chains (iptables for now, but this will be extended to the other
firewalls) in order to take advantage of fwknopd rule deletion.
 2015-07-13 21:29:16 -04:00
Michael Rash
bb90a0cb2e [server] minor comment addition 2015-07-12 20:57:09 -04:00
Michael Rash
f4f2ada1c0 [server] bug fix to not zero the wrong buffer for iptables rule deletion 
This commit fixes a bug where zero_cmd_buffers() was being called against the
wrong buffer as SPA rules were supposed to be deleted. Although multiple
iterations of check_firewall_rules() would have compensated, some rules would
not have been deleted as quickly as they should have in multi-rule scenarios.
 2015-07-12 20:36:06 -04:00
Michael Rash
5460509f88 [server] add NAT rule existence detection for --no-ipt-check support (issue #162) 2015-07-07 08:28:16 -04:00
Michael Rash
012d1cf888 [server] interim commit towards a fix for --no-ipt-check rule detection 
This is a significant commit for issue #162 where fwknopd is not properly
detecting rules (particularly NAT rules) on systems running older versions
of iptables where -C support is not offered. A new capability of searching
the output of an external command and getting the first matching line was
added with the search_extcmd_getline() function.
 2015-07-05 20:47:06 -04:00
Michael Rash
17d1071aa8 [server / test suite] cleaner SNAT MASQUERADE support 2015-04-22 01:00:57 -07:00
Michael Rash
176afecd9f [server] minor spacing fix 2015-04-21 21:09:20 -04:00
Michael Rash
bb5aa928d9 [server] fix typos from corresponding firewalld changes 2015-04-18 12:33:11 -07:00
Michael Rash
03959653ca [server] differentiate MASQUERADE from SNAT with a dedicated FWKNOP_MASQUERADE chain 2015-04-18 05:38:35 -07:00
Michael Rash
1e9f7e94f0 [server] consolidate chain creation within mk_chain() 2015-04-14 08:21:00 -07:00