Re: [Fwknop-discuss] fwknop-2.6.7 released

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> On Aug 24, 2015, at 10:18 PM, Jonathan Bennett <jbs...@gm...> wrote:
> 
> This is great! Has libfko changed at all, or are all the changes since 2.6.6 in the client/server implementations?

Hi Jonathan,

Client/server only - no libfko changes.

> 
> --Jonathan
> 
>> On Mon, Aug 24, 2015 at 9:13 PM Michael Rash <mic...@gm...> wrote:
>> 
>> Hi all,
>> 
>> fwknop-2.6.7 has been released:
>> 
>> https://www.cipherdyne.org/fwknop/download/
>> 
>> https://github.com/mrash/fwknop/releases/tag/2.6.7
>> 
>> As usual, please let me if there are any issues.
>> 
>> Here is the complete ChangeLog:
>> 
>>     - [server] When command execution is enabled with ENABLE_CMD_EXEC for an
>>       access.conf stanza, added support for running commands via sudo. This was
>>       suggested by Github user 'freegigi' (issue #159) as a means to provide
>>       command filtering using the powerful sudoers syntax. This feature is
>>       implemented by prefixing any incoming command from a valid SPA packet
>>       with the sudo command along with optional user and group requirements
>>       as defined by the following new access.conf variables:
>>       ENABLE_CMD_SUDO_EXEC, CMD_SUDO_EXEC_USER, and CMD_SUDO_EXEC_GROUP.
>>     - [server] Kevin Layer reported a bug to the fwknop mailing list that
>>       simultaneous NAT access for two different access.conf stanza was not
>>       functioning properly. After some diagnosis, this was a result of
>>       rule_exists() not properly detecting and differentiating existing DNAT
>>       rules from new ones with different port numbers when 'iptables -C'
>>       support is not available. This was against iptables-1.4.7, and has been
>>       fixed in this release of fwknop (tracked as issue #162).
>>     - [server] Added --key-gen to fwknopd. This feature was suggested by
>>       Jonathan Bennett, and will help with ease of use efforts. The first
>>       platform to take advantage of this will likely be OpenWRT thanks to
>>       Jonathan.
>>     - [server] By default, fwknopd will now exit if the interface that it is
>>       sniffing goes down (patch contributed by Github user 'sgh7'). If this
>>       happens, it is expected that the native process monitoring feature in
>>       things like systemd or upstart will restart fwknopd. However, if fwknopd
>>       is not being monitored by systemd, upstart, or anything else, this
>>       behavior can be disabled with the EXIT_AT_INTF_DOWN variable in the
>>       fwknopd.conf file. If disabled, fwknopd will try to recover when a
>>       downed interface comes back up.
>>     - [extras] Added a script from Jonathan Bennett at
>>       extras/console-qr/console-qr.sh to generate QR codes from fwknopd
>>       access.conf keys.
>>     - [build] Added --with-firewalld to the autoconf configure script. This is
>>       a synonym for --with-firewall-cmd to avoid confusion. Some package
>>       maintainers use --with-firewalld to build fwknop.
>> 
>> 
>> -- 
>> Michael Rash | Founder
>> http://www.cipherdyne.org/
>> Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Fwknop-discuss mailing list
>> Fwk...@li...
>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss