DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
2,588 Commits 15 Branches 0 Tags
Commit Graph

695 Commits

Author SHA1 Message Date
Michael Rash
95383149cb [server] bug fix to honor CMD_EXEC_USER and CMD_SUDO_EXEC_USER vars 2015-12-08 19:01:53 -08:00
Michael Rash
3e3bf0d122 Merge branch 'master' into accesss_conf_includes 2015-12-07 18:18:27 -08:00
Michael Rash
4f81dd7747 [server] local NAT should not be enabled by default 2015-12-07 16:51:19 -08:00
Michael Rash
a8ec29affa [server] minor cleanup for incoming SPA packet processing 2015-12-05 16:06:25 -08:00
Michael Rash
b6674aba6f [server] allow ENABLE_IPT_LOCAL_NAT to enable FORCE_NAT features 2015-12-05 06:05:58 -08:00
Michael Rash
988075b52b [server] bug fix to honor client timeout SPA messages in --nat-local mode, fixes #173 2015-12-04 19:36:51 -08:00
Jonathan Bennett
c3d50a9503 Unwind the recursive access.conf properly on an error 
and remove a debugging log message.
 2015-12-04 18:34:09 -06:00
Jonathan Bennett
1e34a3430c Add access.conf %include depth tracking 2015-12-04 18:16:57 -06:00
Jonathan Bennett
ce0b7f6727 Initial work on access.conf includes 2015-12-03 23:23:42 -06:00
Damien Stuart
d2cef1746c Initial update for NETFILTER_QUEUE support. These changes are not tested at all as they were edit on a Mac, but are linux-specific. 2015-11-28 15:03:39 -05:00
Vlad Glagolev
eb88e0ab00 respect CMD_CYCLE_TIMER 2015-11-27 17:44:34 +03:00
Michael Rash
0bf4993071 [server] minor update to replace a string compare for command cycle close exclusions 2015-11-17 21:19:59 -08:00
Vlad Glagolev
37cc375ea3 added substitution support for CLIENT_TIMEOUT 2015-11-19 21:39:07 +03:00
Michael Rash
cfa02859eb [server] don't run firewall handling code for command-only modes 2015-11-17 20:48:37 -08:00
Michael Rash
882624a2a0 [server] allow 'NONE' to short circuit close command execution 2015-11-13 11:18:19 -08:00
Michael Rash
b0f25ae2e8 [server] (Vlad Glagolev) Add client timeouts to command open/close cycle operations 2015-11-13 08:41:39 -08:00
Michael Rash
97faa2dbdf minor docs update 2015-11-10 21:40:57 -05:00
Michael Rash
2f49be6cb0 [server] For SIGHUP processing, don't send the TCP server SIGTERM unless it is running 2015-11-01 01:58:47 -08:00
Michael Rash
72d6a0c018 [test suite] add multi-cycle open/close command tests 2015-10-26 13:02:51 -07:00
Michael Rash
7910658c85 [server] memory leak bugfix caught by multi-cycle open/close test 2015-10-24 07:05:29 -04:00
Michael Rash
4909b629d5 [server] add command cycle close support to UDP server mode 2015-10-19 20:17:44 -04:00
Michael Rash
6c0b328114 [server] fix command cycle close code to iterate through the entire list until all expiration commands have been executed 2015-10-18 08:47:50 -07:00
Michael Rash
17b4b3d55e [server] implemented command cycle close execution and expiration 2015-10-17 20:14:33 -07:00
Michael Rash
2b97e8b2e6 [server] command IP,SRC,PKT_SRC,DST,PORT,PROTO substitutions work for open/close cycles now 2015-10-17 06:30:33 -07:00
Michael Rash
32b4c5e53f [server] minor log_msg() reformatting 2015-10-17 05:27:54 -07:00
Michael Rash
4587a279e1 [server] validate CMD_CYCLE_* vars from the access.conf file 2015-10-13 19:17:06 -07:00
Michael Rash
d67fbde992 [server] start on command open/close cycle support (issue #117) 2015-10-13 18:00:07 -07:00
Michael Rash
cac6a3f726 [server] minor refactor for access.conf parsing 2015-10-09 04:42:09 -07:00
Michael Rash
a11881433d [server] minor access.conf variable name bug fix 2015-10-03 06:16:47 -07:00
Damien Stuart
a4309ad768 Added clean up for .gcno and .gcda files (left went c-unit-tests are enabled. 2015-09-05 15:20:22 -04:00
Damien Stuart
2e60687dcf Merge branch 'master' into dstuart_refactor_autoconf 2015-08-29 12:46:24 -04:00
Michael Rash
ecfa8021e5 doc updates to include sudo information 2015-08-24 17:25:06 -07:00
Michael Rash
d1d59778e9 [server] handle trailing quote for PF firewalls on OpenBSD 2015-08-21 23:06:07 -04:00
Michael Rash
dd1528c829 [test suite] set sudo path on the fwknopd command line 2015-08-21 22:24:45 -04:00
Michael Rash
2f94413b2f [server] bug fix for ipfw firewall rule removal 2015-08-21 21:35:10 -04:00
Michael Rash
ec9eef3365 [server] fix a dead code condition spotted by Coverity 2015-08-19 23:41:47 -04:00
Michael Rash
c5507d2c2a [server] fix ptr vs. val check spotted by Coverity 2015-08-19 23:41:17 -04:00
Michael Rash
423899f3c4 [server] minor fix to remove unnecessary var definition 2015-08-18 22:02:00 -04:00
Michael Rash
0fdc263a43 options struct should not be global (CLANG -Wshadow warning) 2015-08-18 21:58:53 -04:00
Michael Rash
5e0a668a7f [server] minor access.c fix to quiet both Coverity and the CLANG static analyzer 2015-08-16 21:31:48 -04:00
Michael Rash
e5c6f96788 [server] fix compilation issue for non-iptables firewalls 2015-07-25 23:10:06 -04:00
Michael Rash
72555ba9fe [server] minor comment fix for group ID determination in access.conf parsing 2015-07-25 18:58:39 -07:00
Michael Rash
fbdc542f48 Merge branch 'master' of https://github.com/mrash/fwknop 2015-07-25 13:28:49 -07:00
Michael Rash
c0330e5c8b [server] additional work on splitting incoming_spa() loop into functions 2015-07-25 13:27:42 -07:00
Michael Rash
3270900a38 [server] continued work on splitting incoming_spa() into functions 2015-07-24 12:38:17 -07:00
Michael Rash
01beb31861 [server] start to split incoming_spa() main loop into functions 2015-07-22 06:57:13 -07:00
Michael Rash
d681485e29 [server] add sudo support, closes #159 2015-07-22 04:08:58 -07:00
micha137
0ac52b9b4d Fix some typos 2015-07-21 18:39:43 +02:00
Michael Rash
89b2e8f477 [server] interface goes down will cause fwknopd to exit 
By default, fwknopd will now exit if the interface that it is
sniffing goes down (patch contributed by Github user 'sgh7'). If this
happens, it is expected that the native process monitoring feature in
things like systemd or upstart will restart fwknopd. However, if fwknopd
is not being monitored by systemd, upstart, or anything else, this
behavior can be disabled with the EXIT_AT_INTF_DOWN variable in the
fwknopd.conf file. If disabled, fwknopd will try to recover when a
downed interface comes back up.
 2015-07-18 13:11:25 -07:00
Michael Rash
795b1de4dd [server] Added RULES_CHECK_THRESHOLD to define 'deep' rule expiration check frequency 
The RULES_CHECK_THRESHOLD variable defines the number of times firewall rule
expiration times must be checked before a "deep" check is run. This allows
fwknopd to remove rules that contain a proper '_exp_<time>' even if a third party
program added them instead of fwknopd. The default value for this variable is 20,
and this typically results in this check being run every two seconds or so. To
disable this type of checking altogether, set this variable to zero.
 2015-07-18 10:37:17 -07:00