Are EXTERNAL_CMDs (OPEN & CLOSE) supported in 2.6.10?
I'm trying to configure fwknopd to use NFQ and run custom external commands (OPEN & CLOSE).
I've found that the CONF_EXTERNAL_CMD* and related options to be remarked in server/fwknopd_common.h and the likes.
When uncomment them, compile, and try to run, I end up with a segmentation fault.
My intention is to use external commands that add information to iptables recent lists. Ideally this will avoid needing to alter the iptables kernel blob as new source IPs are allowed and expired. The iptables recent match extension takes care of this and doesn't need to alter the actual iptables.
I think that I can modify my iptables manually to call the recent match extension as necessary. (I've done this before.) As such, I should only need fwknopd to receive the SPA, ideally via NFQ, and then call the necessary EXTERNAL_CMD_OPEN command to add things to the recent.
Note: recent supports expiry itself so I don't even think I need to use EXTERNAL_CMD_OPEN.
I'm brand new to fwknop(d) and would appreciate any advice. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
