This is great! Has libfko changed at all, or are all the changes since 2.6.6 in the client/server implementations?
--Jonathan On Mon, Aug 24, 2015 at 9:13 PM Michael Rash <michael.r...@gmail.com> wrote: > > Hi all, > > fwknop-2.6.7 has been released: > > https://www.cipherdyne.org/fwknop/download/ > > https://github.com/mrash/fwknop/releases/tag/2.6.7 > > As usual, please let me if there are any issues. > > Here is the complete ChangeLog: > > - [server] When command execution is enabled with ENABLE_CMD_EXEC for > an > access.conf stanza, added support for running commands via sudo. > This was > suggested by Github user 'freegigi' (issue #159) as a means to > provide > command filtering using the powerful sudoers syntax. This feature is > implemented by prefixing any incoming command from a valid SPA packet > with the sudo command along with optional user and group requirements > as defined by the following new access.conf variables: > ENABLE_CMD_SUDO_EXEC, CMD_SUDO_EXEC_USER, and CMD_SUDO_EXEC_GROUP. > - [server] Kevin Layer reported a bug to the fwknop mailing list that > simultaneous NAT access for two different access.conf stanza was not > functioning properly. After some diagnosis, this was a result of > rule_exists() not properly detecting and differentiating existing > DNAT > rules from new ones with different port numbers when 'iptables -C' > support is not available. This was against iptables-1.4.7, and has > been > fixed in this release of fwknop (tracked as issue #162). > - [server] Added --key-gen to fwknopd. This feature was suggested by > Jonathan Bennett, and will help with ease of use efforts. The first > platform to take advantage of this will likely be OpenWRT thanks to > Jonathan. > - [server] By default, fwknopd will now exit if the interface that it > is > sniffing goes down (patch contributed by Github user 'sgh7'). If this > happens, it is expected that the native process monitoring feature in > things like systemd or upstart will restart fwknopd. However, if > fwknopd > is not being monitored by systemd, upstart, or anything else, this > behavior can be disabled with the EXIT_AT_INTF_DOWN variable in the > fwknopd.conf file. If disabled, fwknopd will try to recover when a > downed interface comes back up. > - [extras] Added a script from Jonathan Bennett at > extras/console-qr/console-qr.sh to generate QR codes from fwknopd > access.conf keys. > - [build] Added --with-firewalld to the autoconf configure script. > This is > a synonym for --with-firewall-cmd to avoid confusion. Some package > maintainers use --with-firewalld to build fwknop. > > > -- > Michael Rash | Founder > http://www.cipherdyne.org/ > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > ------------------------------------------------------------------------------ > _______________________________________________ > Fwknop-discuss mailing list > Fwknop-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >
------------------------------------------------------------------------------
_______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
