Re: [Fwknop-discuss] fwknop-2.6.7 released
Brought to you by:
mbr
From: Michael R. <mic...@gm...> - 2015-08-25 03:04:55
|
> On Aug 24, 2015, at 10:18 PM, Jonathan Bennett <jbs...@gm...> wrote: > > This is great! Has libfko changed at all, or are all the changes since 2.6.6 in the client/server implementations? Hi Jonathan, Client/server only - no libfko changes. > > --Jonathan > >> On Mon, Aug 24, 2015 at 9:13 PM Michael Rash <mic...@gm...> wrote: >> >> Hi all, >> >> fwknop-2.6.7 has been released: >> >> https://www.cipherdyne.org/fwknop/download/ >> >> https://github.com/mrash/fwknop/releases/tag/2.6.7 >> >> As usual, please let me if there are any issues. >> >> Here is the complete ChangeLog: >> >> - [server] When command execution is enabled with ENABLE_CMD_EXEC for an >> access.conf stanza, added support for running commands via sudo. This was >> suggested by Github user 'freegigi' (issue #159) as a means to provide >> command filtering using the powerful sudoers syntax. This feature is >> implemented by prefixing any incoming command from a valid SPA packet >> with the sudo command along with optional user and group requirements >> as defined by the following new access.conf variables: >> ENABLE_CMD_SUDO_EXEC, CMD_SUDO_EXEC_USER, and CMD_SUDO_EXEC_GROUP. >> - [server] Kevin Layer reported a bug to the fwknop mailing list that >> simultaneous NAT access for two different access.conf stanza was not >> functioning properly. After some diagnosis, this was a result of >> rule_exists() not properly detecting and differentiating existing DNAT >> rules from new ones with different port numbers when 'iptables -C' >> support is not available. This was against iptables-1.4.7, and has been >> fixed in this release of fwknop (tracked as issue #162). >> - [server] Added --key-gen to fwknopd. This feature was suggested by >> Jonathan Bennett, and will help with ease of use efforts. The first >> platform to take advantage of this will likely be OpenWRT thanks to >> Jonathan. >> - [server] By default, fwknopd will now exit if the interface that it is >> sniffing goes down (patch contributed by Github user 'sgh7'). If this >> happens, it is expected that the native process monitoring feature in >> things like systemd or upstart will restart fwknopd. However, if fwknopd >> is not being monitored by systemd, upstart, or anything else, this >> behavior can be disabled with the EXIT_AT_INTF_DOWN variable in the >> fwknopd.conf file. If disabled, fwknopd will try to recover when a >> downed interface comes back up. >> - [extras] Added a script from Jonathan Bennett at >> extras/console-qr/console-qr.sh to generate QR codes from fwknopd >> access.conf keys. >> - [build] Added --with-firewalld to the autoconf configure script. This is >> a synonym for --with-firewall-cmd to avoid confusion. Some package >> maintainers use --with-firewalld to build fwknop. >> >> >> -- >> Michael Rash | Founder >> http://www.cipherdyne.org/ >> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Fwknop-discuss mailing list >> Fwk...@li... >> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss |