Skip to content
  • 2.6.8

    fwknop-2.6.8 (12/23/2015):
        - [server] Added a major new feature that allows fwknopd to easily
          integrate with third-party devices and software. This done through the
          addition of a generic "command open" and "command close" capability, and
          a set of variable substitutions are supported such as '$SRC', '$PORT',
          and '$PROTO'. This feature is designed to allow the user to switch out
          the default firewall - iptables, firewalld, ipfw, or PF - for something
          complete different. For example, here is a write-up on using this feature
          to integrate SPA operations with ipset:
    
            https://cipherdyne.org/blog/2015/12/single-packet-authorization-and-third-party-devices.html
    
        - [server] (Jonathan Bennett) Added new access.conf directives
          '%include <file>' and '%include_folder <directory>'. This allows more
          access stanzas to be defined in other locations in the filesystem, and
          this can be adventageous in some scenarios by letting non-privledged
          users define their own encryption and authentication keys for SPA
          operations. This way, users do not need write access to the main
          /etc/fwknop/access.conf file to change keys around or define new ones.
        - [server] Bug fix to not send the TCP server a TERM signal even when it is
          not running when fwknopd receives a HUP signal.
        - [libfko] Bug fix for a crash that could be triggered in
          fko_set_username() when a username that is 64 chars or longer is
          specified. This crash cannot be triggered in fwknopd even if an SPA
          packet contains such a username however due to additional protections in
          the SPA decoding routines. Further, this bug does not apply to the main
          fwknop client either because the maximal username size is truncated down
          below 64 bytes. Hence, this bug only applies to client-side software that
          is directly using libfko calling the fko_set_username() function.
        - [test suite] Code coverage is now at 90.7% counted by lines. The complete
          coverage report for the 2.6.8 release is available here:
    
            https://www.cipherdyne.org/fwknop/lcov-results/
  • 2.6.7

    tagged fwknop-2.6.7 release
    
  • fwknop-2.6.3

    duplicate 2.6.3 tag to make github tarball downloads work properly
    
  • fwknop-2.6.4

    duplicate 2.6.4 tag to make github tarball downloads work properly
    
  • fwknop-2.6.5

    duplicate 2.6.5 tag to make github tarball downloads work properly
    
  • 2.6.4

    tagged the fwknop-2.6.4 release
    
Something went wrong with that request. Please try again.