Hi all -
fwknop-1.8.3 has been released:
Here is the ChangeLog:
- Updated external IP resolution to point to http://www.whatismyip.org,
and added http://www.cipherdyne.org/cgi/clientip.cgi as a backup site
for fwknop IP resolution.
- Added storage of source IP along with SPA MD5 sum. This allows the user
to infer which networks are more hostile if an SPA packet is replayed.
- Added SPA packet hex dumps in 'fwknopd --debug' mode so that the
integration of third-party encryption algorithms is easier to
troubleshoot. Sean Greven contributed a patch for this.
- Reinstated the legacy port knocking mode. It appears that all encrypted
output from the updated Crypt::Rijndael module is at least 32 bytes
long, so port knocking sequences are now 32 bytes long as well (they
were previously 16 bytes long in old versions of fwknop).
- Bugfix to ensure the key length is at least 8 chars in --get-key mode.
- Minor update to remove init message on OS X install.
- Updated install.pl to set the LANG environmental variable to
"en_US.UTF-8". This should fix the problem where the output of ifconfig
was not interpreted correctly if the locale LANG setting is not English.
- Implemented verbose email alerting by setting the ALERTING_METHODS
variable to "verbose". This instructs fwknopd to generate a new email
message for each message that it normally logs vis syslog (this feature
is not the default, and must be manually enabled).
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F