[eurephia-devel] [announcement] eurephia v0.9.2 beta released
Brought to you by:
dazo
From: David S. <da...@us...> - 2008-11-02 13:06:39
|
A new beta release of eurephia is released. git tree getting updated very soon as well. The following changes is implemented in this release: * BUGFIX: Fixed wrong attempt count reset during eurephia_tlsverify(...) The attempt counter for certificates was reset too early. It was reset on successful TLS verification. But the only place these counters should be reset is after successful authentication in eurephia_userauth(...) * BUGFIX: Firewall thread did not shutdown properly The master OpenVPN thread used waitpid() to wait for the firewall worker thread to complete. In daemon mode, these two threads are not related any more and is considered to be separate, making the waitpid() call fail. A solution using POSIX semaphores is introduced as a communication method between the processes during shutdown. * FEATURE: Added firewall block when IP addresses are blacklisted When this feature is enabled, IP addresses which is blacklisted in the database, will also be inserted into a separate firewall chain. This is to block traffic from the offending client before it reaches the OpenVPN process. Added new configuration parameter: firewall_blacklist_destination This parameter will contain the firewall chain these blacklisted IP addresses should be inserted into. * FEATURE: Added eDBget_blacklisted_ip(ctx) functions in DB drivers To support the new firewall blocking feature, a new function in the database layer was needed to retrieve all registered blacklisted IP addresses. This is used when OpenVPN starts, to update the defined firewall chain to block those IP addresses immediately and make in this way make it durable when OpenVPN or the server restarts. * SOURCE TREE: Created install rules via cmake Now you can run configure with --prefix and --sqlite3-prefix options to define where to install the eurephia modules and the SQLite3 database file. The default --prefix is set to /etc/openvpn/eurephia and for the --sqlite3-prefix it is /etc/openvpn When running make install, the needed files will be installed into these directories. * SOURCE TREE: Reorganised the source code and some code cleanup Moved all OpenVPN plug-in related things into ./plugins, including firewall interface. All shared code got moved into ./common and moved the generic part of the database files into ./database kind regards, David Sommerseth da...@us... |