Software Release - fwknop-1.0
05 November, 2006
The 1.0 release of fwknop is ready for
download. This release marks
the production-ready release of
Single Packet Authorization technology
for Linux systems. Single Packet Authorization is becoming an increasingly
important mechanism for protecting services such as
SSH, and is basically the successor
technology to port knocking.
Here is an exerpt from the
ChangeLog:
- Bugfix for OpenSSH-4.3p2 patch to make sure to include the spa.h header file.
- Bugfix for access hashes accumluating when multiple ports are requested to be opened by a client.
- Better validation of IPT_AUTO_CHAIN variable so that the from_chain cannot be identical to the to_chain.
- Bugfix in RPM to install List::MoreUtils.
- Bugfix so that the MD5 sum for an SPA packet is not examined for each SOURCE block. This fixes a problem where an SPA packet could appear to be replayed if multiple SOURCE blocks are defined in /etc/fwknop/access.conf.
- Refactored main SPA access loop so that it is clearer how and when SPA clients are granted access.
- Better handling of GnuPG key identifier strings (they can now contain spaces, and syslog messages wrap the identifiers with double quotes).
- Added source IP address to command string in the SPA packet so that the REQUIRE_SOURCE_ADDRESS criteria can be applied by the fwknopd server.
