sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-25 16:38:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,748 Commits 5 Branches 37 Tags 5.2 MiB
master
Commit Graph

637 Commits

Author SHA1 Message Date
Costa Tsaousis (ktsaou)
01cdcafbe5
added ransomware_online and firehol_webclient; fixes firehol/blocklist-ipsets#17 2016-11-06 23:30:50 +02:00
Costa Tsaousis (ktsaou)
d1c67869cf
fixed example according #149 2016-10-13 09:47:48 +03:00
Costa Tsaousis (ktsaou)
4597f02c62
added dataplane.org feeds; fixes firehol/blocklist-ipsets#16 2016-09-18 11:50:56 +03:00
Costa Tsaousis
7d5f32c015 default user-agent shows operating system (fixes greensnow) 2016-07-21 02:11:26 +03:00
BBcan177
1b3ba4e136 Use Correct URL for BBcan177 MS_1 and MS_3 Feeds 2016-05-10 13:20:59 -04:00
Costa Tsaousis
c72d6c8a9c added bbcan177 and esentire IP feeds 2016-05-03 02:41:00 +03:00
Costa Tsaousis (ktsaou)
ddefa53532 experimental ematch support #125 2016-04-27 21:10:29 +03:00
Costa Tsaousis (ktsaou)
c29725467b sysctl commands for synproxy, did not specify read or write operation 2016-04-26 17:24:41 +03:00
Costa Tsaousis (ktsaou)
00c8fc8916 added botvrij feeds #131 2016-04-19 03:14:33 +03:00
Philip Whineray
8f18fa7e36 Fix typo in variable expansion 2016-04-02 20:35:09 +01:00
Costa Tsaousis (ktsaou)
2d27f6179c fix for FYROM 2016-03-28 01:44:54 +03:00
Costa Tsaousis (ktsaou)
d538409a68 white space fixes 2016-03-28 00:02:56 +03:00
Costa Tsaousis (ktsaou)
89c4472e2e added feodo_badips 2016-03-27 23:49:57 +03:00
Costa Tsaousis (ktsaou)
5fb8c25502 added Summary IP Lists from ATLAS from Arbor Networks 2016-03-27 22:04:30 +03:00
Costa Tsaousis (ktsaou)
62cee7bed8 updated categories for several lists 2016-03-27 14:36:15 +03:00
Philip Whineray
0d60cc20e3 Replace direct use of sed with variable 2016-03-26 16:27:43 +00:00
Costa Tsaousis (ktsaou)
d666d42fa8 added threatcrowd IP Feed 2016-03-22 00:41:40 +02:00
Costa Tsaousis (ktsaou)
e9de745684 fixed typo in teslacrypt 2016-03-21 23:56:09 +02:00
Costa Tsaousis (ktsaou)
0202095e9b added abuse.ch ransomware tracker IP Feeds 2016-03-21 23:32:05 +02:00
Philip Whineray
e99c62b565 Detect if ping -6 should be used 
Newer versions of iputils have removed the ping6 tool but older
versions do not support the -6 flag, per #126.

The unconfigured program will always try to fall back to ping if
it can't find ping6 but this behaviour will generally only be
visible to developers.
 2016-03-20 14:10:49 +00:00
philwhineray
4d8aa9545d Merge pull request #124 from jgmbenoit/debian-libarchinddir 
enforced arch indep libdir
 2016-03-20 11:28:03 +00:00
Philip Whineray
62d1808bbe Use detected command variables 2016-03-20 10:19:17 +00:00
Costa Tsaousis (ktsaou)
c976943079 added gpf_comics 2016-03-12 23:31:03 +02:00
Costa Tsaousis (ktsaou)
a17d10be0a added sigmaprojects.org IP lists 2016-03-12 22:59:57 +02:00
Costa Tsaousis (ktsaou)
3abc250886 iblocklist_badpeers is now a netset 2016-03-12 22:43:41 +02:00
Costa Tsaousis (ktsaou)
2855727222 fixed a bug where duplicate .setinfo files are generated; fixed an issue with iblocklist_webexploit and iblocklist_badpeers that were loosing part of their contents while processing 2016-03-12 22:39:47 +02:00
Costa Tsaousis (ktsaou)
0772f27d85 speed up ipset comparisons by removing pairs that are irrelevant 2016-03-12 02:50:25 +02:00
Costa Tsaousis (ktsaou)
b9a27295c5 renamed blueliv lists to their proper names 2016-03-11 22:45:22 +02:00
Costa Tsaousis (ktsaou)
2f84bbd9dc renamed blueliv feeds 2016-03-10 23:23:06 +02:00
Costa Tsaousis (ktsaou)
0ed86898cf updated description of blueliv.com feeds 2016-03-10 22:58:46 +02:00
Costa Tsaousis (ktsaou)
8b65e66e8f added blueliv.com ipsets 2016-03-10 21:50:26 +02:00
Costa Tsaousis (ktsaou)
da43cc4c1f fix for not detecting running vhosts; added command comments on status output 2016-03-06 13:14:14 +02:00
Costa Tsaousis (ktsaou)
ab79da46cd added manual page for cthelper; added connlimit to blacklist and iptrap; added stateful option to blacklist; FIREHOL_DROP_ORPHAN_TCP_ACK_FIN fixed to match only ACK+FIN ignoring all other flags; similarly added FIREHOL_DROP_ORPHAN_TCP_ACK_RST, FIREHOL_DROP_ORPHAN_TCP_ACK, FIREHOL_DROP_ORPHAN_TCP_RST, FIREHOL_DROP_ORPHAN_IPV4_ICMP_TYPE3 (to drop orphan destination unreachable packets); added the word BLOCKED to the log messages of INVALID packets dropped; updated the man pages 2016-03-06 02:26:43 +02:00
Costa Tsaousis (ktsaou)
bed0f8c162 added the functions mentioned in #113 2016-03-05 14:55:31 +02:00
Costa Tsaousis (ktsaou)
ee44b4f6a7 resolved unki-hashtable conflicts 2016-03-05 14:41:05 +02:00
Philip Whineray
7d34fe514d Also added zcat to the internal script lists 2016-02-22 06:51:00 +00:00
Jerome BENOIT
f0256b479c enforced arch indep libdir 2016-02-22 06:00:11 +01:00
Costa Tsaousis (ktsaou)
4e32ed2bc4 added taichung; fixed urlvir 2016-01-30 01:25:37 +02:00
Costa Tsaousis (ktsaou)
e758dfd0c9 added cleanmx_phishing dyndns_ponmocup turris_greylist urlvir 2016-01-30 00:41:28 +02:00
Costa Tsaousis (ktsaou)
4152aafa48 fixed missing typo 2016-01-29 01:28:33 +02:00
Costa Tsaousis (ktsaou)
ab731b50e8 prevent chowning web dir recursively 2016-01-29 01:22:03 +02:00
Costa Tsaousis (ktsaou)
6c426bd9b2 removed cta_cryptowall from firehol_level1 - it seems to be stale 2016-01-25 22:06:37 +02:00
Costa Tsaousis (ktsaou)
cffe1d1bf1 fixed an issue where the new processed file was never compared to the last processed one, resulting in updating ipsets with zero changes 2016-01-25 21:01:23 +02:00
Costa Tsaousis (ktsaou)
3b2c1b070b fix for .gitignore match 2016-01-21 02:27:23 +02:00
Costa Tsaousis (ktsaou)
fbd585a22c prevent errors from missing files 2016-01-17 22:41:44 +02:00
Costa Tsaousis (ktsaou)
e95a217c7f Merge branch 'master' of github.com:firehol/firehol 2016-01-17 22:31:06 +02:00
Costa Tsaousis (ktsaou)
c856312a40 prevent errors about missing files 2016-01-17 22:30:47 +02:00
Philip Whineray
f1580c9c4f Add ipv6mld to handle the MLD protocol 
Multicast Listener Discovery should be allowed on networks with
multicast snooping enabled.
 2016-01-10 09:12:49 +00:00
Philip Whineray
006cacf1f8 Helper allows multiple stateless icmpv6 types/pair 
Prepare for MLD which has the same semantics as ND/RD as far as
some packets being stateless in one direction and other stateless in
the opposite, but has multiple types, not just one, per direction.
 2016-01-10 09:09:13 +00:00
Philip Whineray
9e1cdc96fd Fix command detection for : 
The : is a no-op in bash sometimes used as a fallback, but we had
stopped allowing it which causes a problem on very limited systems
such as openwrt.
 2016-01-10 09:07:16 +00:00
Philip Whineray
776aa593ea Add pre_up to hosts/switches 
Allows executing custom commands before an interface is brought up
 2016-01-10 09:05:48 +00:00
Costa Tsaousis (ktsaou)
c75dd31a18 fix for multiple bidirectional interfaces added one after another 2015-12-17 00:27:54 +02:00
Costa Tsaousis (ktsaou)
815ec23192 added handling of errors in generated output interface for bidirectional interfaces 2015-12-16 23:30:39 +02:00
Costa Tsaousis (ktsaou)
eaccf1e8ed added debug info of generated output interface when bidirectional is given 2015-12-16 23:20:58 +02:00
Costa Tsaousis (ktsaou)
6446b85308 added tracing info for the flow 2015-12-16 23:09:31 +02:00
Costa Tsaousis (ktsaou)
732ee488ba Merge branch 'master' of github.com:firehol/firehol 2015-12-10 18:54:12 +02:00
Costa Tsaousis (ktsaou)
acfa8146f8 added error info if optional commands are missing, but the ipsets enabled require it. 2015-12-10 18:54:00 +02:00
Costa Tsaousis
b88c6bfaed Merge pull request #111 from unki/fireqos.conf.path 
fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR
 2015-12-08 22:22:59 +02:00
Andreas Unterkircher
5ba2c583d0 fireqos.in, add support for hashing filters 2015-12-07 22:48:49 +01:00
Costa Tsaousis (ktsaou)
39b69557bd added jigsaw lists firehol/blocklist-ipsets#7 2015-12-07 22:48:49 +01:00
Andreas Unterkircher
3891dcfeae fireqos.in, accept DSCP parameters case insensitive 2015-12-07 21:28:41 +01:00
Andreas Unterkircher
5e9239c8ce fireqos.in, if match has insidegre specified, limit filter to packets with protocol GRE (47) 2015-12-07 21:23:40 +01:00
Costa Tsaousis (ktsaou)
bd311cfb10 added jigsaw lists firehol/blocklist-ipsets#7 2015-12-07 21:05:44 +01:00
Costa Tsaousis (ktsaou)
66fa93a932 added jigsaw lists firehol/blocklist-ipsets#7 2015-12-06 15:43:52 +02:00
Andreas Unterkircher
81d89aa24a fireqos.in, fix incorrectly added TCP protocol match introduced by my previous patch 2015-12-05 21:35:04 +01:00
Andreas Unterkircher
8b153a4a9f enable FireQOS to match on IP, protocol and ports within GRE packets 2015-12-05 21:35:03 +01:00
Andreas Unterkircher
d7c91df62f fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR 2015-12-05 21:33:34 +01:00
Andreas Unterkircher
3ea4a15d18 fireqos.in, fix incorrectly added TCP protocol match introduced by my previous patch 2015-12-05 21:30:41 +01:00
Philip Whineray
1502decc1a Clean up packaging 
Use configure.ac to maintain version number
Remove redundant NEWS (ChangeLog) and AUTHORS (THANKS) files
Move hooks to their own directory
Rename README to README.md to format nicely on github
Generate README for tar by removing git specifics from README.md
Automate tagging when -rc or final version set in configure.ac
Improve pre-commit checking
 2015-12-05 21:19:54 +01:00
Andreas Unterkircher
a434fe1f6f enable FireQOS to match on IP, protocol and ports within GRE packets 2015-12-05 11:18:09 +01:00
Andreas Unterkircher
0a44572a08 fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR 2015-12-05 11:18:07 +01:00
Philip Whineray
633f4653c7 Clean up packaging 
Use configure.ac to maintain version number
Remove redundant NEWS (ChangeLog) and AUTHORS (THANKS) files
Move hooks to their own directory
Rename README to README.md to format nicely on github
Generate README for tar by removing git specifics from README.md
Automate tagging when -rc or final version set in configure.ac
Improve pre-commit checking
 2015-11-27 23:56:11 +00:00
Andreas Unterkircher
3b8f05cba7 firehol.in, on setting an DSCP value via a DSCP-class, use the right parameter which contains the class 2015-11-27 09:37:44 +01:00
Philip Whineray
3c53903c99 Move bash version checking to configure time 
Clean up version checking, to a single common macro
 2015-11-26 20:39:46 +00:00
Philip Whineray
2c9a2d4000 Extract common functions to functions.common.sh 
Version number detection, command detection, terminal setup and a few
other bits have moved.

The processed (not .in) scripts will look for it in e.g. /usr/local/lib/firehol
or wherever the system will install it. The .in scripts will look for it in
their own directory.

Updated the configure system so that it correctly replaces paths rather
via the Makefile rather than trying to subsitute NONE in configire.ac.

Extracted all of the configure-time command substitutions to a single
sed file which is used to process the script.in files. Extended the
package checks to cover this file.
 2015-11-25 23:36:29 +00:00
Andreas Unterkircher
893619e1c2 fireqos.ini, fail if DSCP and TOS match have been specified at the same time 2015-11-25 06:12:43 +01:00
Andreas Unterkircher
7d1d20db99 fireqos.in, add missing for-close 2015-11-23 09:57:22 +01:00
Andreas Unterkircher
7bc0993e55 fireqos.in, accept DSCP as match parameter 2015-11-23 09:32:55 +01:00
Andreas Unterkircher
b927f1a103 fireqos.in, remove trailing whitespaces 2015-11-23 09:32:45 +01:00
Philip Whineray
c36fdde175 Allow finding iprange in /usr/local/sbin 2015-11-22 11:52:57 +00:00
Philip Whineray
68e4496bce Eliminate dependency on brctl 2015-11-15 17:43:20 +00:00
Philip Whineray
c13b074048 Rely on external iprange, checking version 2015-11-15 17:11:59 +00:00
Philip Whineray
6765eb41dc Do a better job of honouring PAGER environment 2015-11-15 16:45:09 +00:00
Costa Tsaousis (ktsaou)
6a75a12265 fixed a typo 2015-11-14 21:12:25 +02:00
Costa Tsaousis (ktsaou)
e3282fcd45 added persistent nat even for multiple alternatives - implemented with firehol logic using the recent module 2015-11-14 20:50:09 +02:00
Costa Tsaousis (ktsaou)
bf335e2a14 added protection *connlimit* and *connrate*; removed default mask from parameter connlimit 2015-11-14 17:08:47 +02:00
Costa Tsaousis (ktsaou)
b029c56bec added rule option *connlog* to only log the first packet of connections; refactored *connlimit* to support all possible options; added *hashlimit* with all its options; most actions now accept the keywork *with* which also supports *with connlimit* and *with hashlimit* 2015-11-14 04:23:56 +02:00
Costa Tsaousis (ktsaou)
2c62697073 moved a log line that should respect the silent flag 2015-11-14 04:21:16 +02:00
Costa Tsaousis (ktsaou)
6c303b37de Merge branch 'master' of github.com:firehol/firehol 2015-11-13 00:29:05 +02:00
Costa Tsaousis (ktsaou)
a03049e7d4 added support for DNS temporary failures - in such cases, DNS resolution is retried up to 20 times (only when the DNS server responds with temporary DNS failure) 2015-11-13 00:28:48 +02:00
Costa Tsaousis (ktsaou)
747f718119 use iprange --diff mode for comparing ipset versions 2015-11-13 00:27:36 +02:00
Philip Whineray
b73d00f7d9 configure script now only detected needed commands 
When programs are disabled, their dependencies are omitted. Same
if ipv6 or ipv6 is disabled.
 2015-11-12 21:36:06 +00:00
Costa Tsaousis (ktsaou)
fb7eb84609 added option --quiet to silently check if ipsets differ with --diff 2015-11-12 03:30:27 +02:00
Costa Tsaousis (ktsaou)
3952fd0744 Merge branch 'master' of github.com:firehol/firehol 2015-11-12 03:19:15 +02:00
Costa Tsaousis (ktsaou)
e1f0e0d392 added option --diff to show the differences between ipsets 2015-11-12 03:19:00 +02:00
Philip Whineray
111aa66962 Add flags to disable ipv4/ipv6 in firehol 2015-11-11 22:37:53 +00:00
Philip Whineray
b670b4cd21 Allow configuring to not install specific scripts 
When not installing a script, also stop its documentation, example
files etc.
 2015-11-11 18:28:01 +00:00
Philip Whineray
fdef2baa35 Add comment regarding namespace problem 2015-11-11 07:54:28 +00:00
Philip Whineray
fde365ab94 Make sure use same defaults file for all 
Make it read-all so non-root use in update-ipsets is OK
Make the source test for readability so we do not get an error if not
 2015-11-11 07:44:28 +00:00
Costa Tsaousis (ktsaou)
d1473e1f59 fixed typos 2015-11-10 23:03:08 +02:00
Costa Tsaousis (ktsaou)
112a21c445 added prototype for custom/admin/user supplied downloaders; fixed an issue with git commits 2015-11-10 22:15:58 +02:00
Philip Whineray
370a6616f4 Honour the config directory set by configure 
Ensure that ipset_remove_all_tmp_sets() is defined before it can
be called in firehol_exit().
 2015-11-10 18:35:12 +00:00
Philip Whineray
d2ec651cdc Detect and use TAR_CMD 
A couple of other programs replaced
Allow unconfigured programs to detect iprange in-situ
 2015-11-10 07:26:59 +00:00
Costa Tsaousis (ktsaou)
f7c3f430fd Merge branch 'master' of github.com:firehol/firehol 2015-11-10 01:50:38 +02:00
Costa Tsaousis (ktsaou)
41db726dfb added ability to ask update for specific ipsets; added distribution, admin and user supplied ipsets; moved the current directory to a temporary place to prevent accidental damage or random files appearing in system locations 2015-11-10 01:50:33 +02:00
Philip Whineray
c031254067 Remove unused commands 
Detect unused commands in script during pre-commit checks
Always use /sbin and /usr/sbin as part of autoconf detection
 2015-11-09 20:52:11 +00:00
Philip Whineray
ee401fc813 Switch vnetbuild to common command detection 2015-11-09 07:39:05 +00:00
Costa Tsaousis (ktsaou)
740c738f29 made range printing, always print ranges 2015-11-09 09:33:05 +02:00
Philip Whineray
ea252883d8 Add perl script to detect plain command usage 
Update scripts with the problems found
In firehol, moved the iptables() and ipset() helpers to before they are

used, since this is how the detection script learns they are not a problem.
 2015-11-08 17:28:16 +00:00
Costa Tsaousis (ktsaou)
6a1dbc4db7 fixed a division by zero 2015-11-08 12:35:02 +02:00
Costa Tsaousis (ktsaou)
741d0d09a3 --enable-all does not enable certain ip lists; these can only be enabled manually 2015-11-08 09:26:26 +02:00
Costa Tsaousis (ktsaou)
c5e6026c61 modified to automatically support sane default for running as root or as user 2015-11-08 06:27:36 +02:00
Costa Tsaousis (ktsaou)
9d2b75bc9f allow configuration variables to be set via environment 2015-11-08 05:11:51 +02:00
Costa Tsaousis (ktsaou)
f28122934e isolated warning about WEB_DIR and LIB_DIR 2015-11-08 03:25:30 +02:00
Costa Tsaousis (ktsaou)
4b463218a7 allowed badips.com lists to be empty 2015-11-07 23:54:50 +02:00
Costa Tsaousis (ktsaou)
04e93f0b0d prevent ipsets from being updated with zero IP count (it is allowed for all malware ipsets); added function for temporary settings per ipset; added history_statistics() to calculate min/max/avg update time, min/max entries and min/max IPs for the last 500 updates of ipsets 2015-11-07 23:46:31 +02:00
Costa Tsaousis (ktsaou)
05f91ad033 added min/max update duration calculation for all lists 2015-11-07 19:23:51 +02:00
Costa Tsaousis (ktsaou)
2c843be9a7 calculated the average update frequency of lists; support for the new dns progress bar of iprange 2015-11-07 18:56:21 +02:00
Costa Tsaousis (ktsaou)
9b4320a44c disable dns progress bar by default 2015-11-07 18:55:47 +02:00
Costa Tsaousis (ktsaou)
c699a4cd91 moved RUN_DIR to /tmp because certain distros have very small /var/run tmpfs - /tmp is the proper place for temporary files 2015-11-07 15:26:04 +02:00
Costa Tsaousis (ktsaou)
4c9a7a2c2d use iprange DNS resolv instead of the host command; use iprange binary format for the history log of aggregated ipsets 2015-11-07 15:05:53 +02:00
Costa Tsaousis (ktsaou)
a59e485d22 Merge branch 'master' of github.com:firehol/firehol 2015-11-07 13:24:24 +02:00
Phil Whineray
0dac5317fb Detect and use pthreads when building iprange 2015-11-07 06:50:36 +00:00
Costa Tsaousis
c608bc3c22 update-ipsets now uses the async DNS resolver of iprange 2015-11-07 04:38:29 +02:00
Costa Tsaousis (ktsaou)
25249ad1f8 added options to silent dns errors and hide the progress bar 2015-11-07 04:06:04 +02:00
Costa Tsaousis (ktsaou)
d590fef00c added asynchronous DNS resolver - now it needs to be build with -lpthread 2015-11-07 03:45:09 +02:00
Costa Tsaousis (ktsaou)
2f3a825dda added async dns resolution - still in progress, so it is disabled, make with CFLAGS=-DASYNC_RESOLVER to enable for testing 2015-11-06 03:00:37 +02:00
Costa Tsaousis (ktsaou)
213a28571d moved hostname resolution to a separate function 2015-11-06 01:22:52 +02:00
Costa Tsaousis (ktsaou)
c021d69c91 better handling of erroneus lines in input files; 30% faster printing of IP addresses; support for DNS resolution of hostnames in input files 2015-11-06 01:08:34 +02:00
Costa Tsaousis (ktsaou)
94d4b7eb73 added more packetmail lists 2015-11-05 01:33:16 +02:00
Costa Tsaousis (ktsaou)
dd91db096c fix for optional and possibly missing commands 2015-11-05 00:16:22 +02:00
Costa Tsaousis (ktsaou)
5f9c83ce48 cleanup of required commands; cleanup of log formatting; some better error handling 2015-11-05 00:10:07 +02:00
Costa Tsaousis (ktsaou)
f2cc8ead49 fixes after the external command management to make it operational again 2015-11-04 01:32:44 +02:00
Costa Tsaousis (ktsaou)
4ce16f3319 added errors in *-next parameters when no file is given before the *-next parameter 2015-11-04 01:32:14 +02:00
Phil Whineray
dfa1664df0 Merge branch 'master' into update-ipsets-commands 
Conflicts:
	sbin/update-ipsets.in
 2015-11-02 07:52:12 +00:00
Costa Tsaousis (ktsaou)
83ee676c91 fixed various issues and improved significantly the download manager and the logging 2015-11-02 08:46:46 +02:00
Costa Tsaousis (ktsaou)
3aea86defa increased the timeouts a bit to prevent download errors 2015-11-02 00:54:15 +02:00
Costa Tsaousis (ktsaou)
81462ae4b9 fixed a bug that did not update the geolocation maps for ipsets that have not been updated, in --rebuild mode 2015-11-02 00:35:49 +02:00
Costa Tsaousis (ktsaou)
44acb44d97 it now exposes start time and consecutive errors to json files 2015-11-01 23:10:11 +02:00
Costa Tsaousis (ktsaou)
6dd27e1863 fixed the merge() function to support other maintainers too; made cleantalk use the new merge() function. 2015-11-01 22:48:28 +02:00
Phil Whineray
e27d0e205b Replace explicit commands with detected variables 2015-11-01 17:53:23 +00:00
Phil Whineray
b1aa3cd788 Merge branch 'master' into update-ipsets-commands 
Conflicts:
	sbin/update-ipsets.in
 2015-11-01 17:52:02 +00:00
Costa Tsaousis (ktsaou)
deedc579b0 added cleantalk lists 2015-10-31 23:52:50 +02:00
Phil Whineray
1e5fa7befa Merge branch 'master' into update-ipsets-commands 2015-10-31 14:54:47 +00:00
Costa Tsaousis (ktsaou)
677be3c307 updated firehol lists 2015-10-31 16:28:24 +02:00
Phil Whineray
1ea9a58bd4 Convert update-ipsets to new command system 2015-10-31 12:29:25 +00:00
Costa Tsaousis (ktsaou)
1f70cb606f added asynchronous hostname resolver based on adnshost, added hphosts lists (resolved from hostnames) 2015-10-31 13:02:40 +02:00
Costa Tsaousis (ktsaou)
e9f137cd94 fixed a bug that resulted in duplicate routing table entries (added -u to a sort) 2015-10-31 11:45:48 +02:00
Costa Tsaousis (ktsaou)
31723d0dc4 fixed a bug where a request to print single IPs containing the IP 255.255.255.255 resulted in printing all 4 billion IPv4 IPs possible 2015-10-31 11:44:14 +02:00
Costa Tsaousis (ktsaou)
94ffc784ec added Cyber Threat Alliance Cryptowall 2015-10-31 04:11:55 +02:00
Costa Tsaousis (ktsaou)
ff46d12ac0 added ipblacklistcloud, graphiclineweb, chaosreigns, nullsecure 2015-10-31 01:29:51 +02:00
Phil Whineray
0de62875fc Check for missing $ on commands in pre-commit 
Tidied up common behaviour into a function
Updated TPUT_CMD where it was missing the $
 2015-10-30 22:18:57 +00:00
Phil Whineray
0ff50524b9 Update link-balancer to use detected commands 2015-10-30 20:39:58 +00:00
Phil Whineray
1ad836d854 Remove root requirement for unittests 
Significant workaround added for 0440 permissions on /proc/net/ip_tables_names
 2015-10-30 20:38:12 +00:00
Phil Whineray
11b112498f Add RMMOD_CMD and SLEEP_CMD for FireQOS 2015-10-30 07:53:18 +00:00
Phil Whineray
f27eec2e91 Do not call version routine until we have SED_CMD 
Fix typo in case for version extraction
Extend kcov usage
 2015-10-28 20:34:01 +00:00
Phil Whineray
73d531d340 Use require_cmd as expected now 2015-10-27 22:06:34 +00:00
Phil Whineray
881dc95ff4 Force full detection of AWK path 2015-10-27 21:55:27 +00:00
Phil Whineray
e723f3ba19 fireqos now has same command detection as firehol 
Update pre-commit script to detect entries missing from configure script
Update unittest to run fireqos without a PATH set
Update unittest with a view to running code coverage check
 2015-10-27 21:35:21 +00:00
Phil Whineray
9449e984d6 Added WC_CMD to command table 
Also, updated pre-commit script to ensure all used commands are
present in the table.
 2015-10-27 13:03:05 +00:00
Phil Whineray
070430762d Fixup commands not using _CMD variables 
Also fix remaining problems around autodetection
Both were exposed by the new unittest strategy
 2015-10-26 22:36:00 +00:00
Phil Whineray
4e1bf97891 Only update PATH whilst detecting commands 
Update the unit tests so that an empty path is given. Highlight any
command failures (i.e. not using the special variables) that are
emitted.
 2015-10-26 22:35:17 +00:00
Phil Whineray
f652298849 Resolve uname discrepancy 2015-10-26 07:11:44 +00:00
Phil Whineray
8ef0c9a984 Include options for commands, where required 
Put back uname - it is currently used before the variable is set up
 2015-10-25 08:51:24 +00:00
Phil Whineray
ab2259f49b Fix possible quoting problem and introduce test 2015-10-25 08:10:32 +00:00
Phil Whineray
c76f7626a2 Use UNAME_CMD when finding kernel version 2015-10-25 07:34:16 +00:00
Phil Whineray
41e3065cdc Always return TTY to sane defaults 2015-10-25 07:33:42 +00:00
Phil Whineray
e6c887acf5 Use efficient alternative to extract command path 2015-10-25 07:31:31 +00:00
Phil Whineray
d63e61c3c3 Validate that all commands exist and can execute 
We will output a message indicating what can be done if this occurs
 2015-10-23 13:56:05 +01:00
Costa Tsaousis (ktsaou)
f0c2da8736 fix to remove a space that was appended on all commands detected; added a check to make sure the autoconf configured commands still exist; #82 2015-10-22 22:19:17 +03:00
Phil Whineray
1de06a4dbf Allow configure script to set default AUTOSAVE 2015-10-21 20:44:17 +01:00
Phil Whineray
08425eaac0 Rework command detection routines 
Process is now table-driven and has the following features:
- Honours the value set in /etc/firehol/firehol-defaults.conf, if any
- Uses the value set by autoconf, if any
- Autodetects in preferred order, allowing optional parameters as needed

This takes out all the special cases. Commands that are only sometimes
required are detected up front but still only checked when needed.

Also:
- allow detection/preinstall of iprange
- only emit iprange command warnings when it would be used
- restore tty settings when Ctrl-C hit (echo is disabled otherwise)
 2015-10-21 20:44:17 +01:00
Sander Ruitenbeek
1f2c8fadee Fixed interface oneliner to snip out NONE after interface name (ex. sit0NONE). 2015-10-20 22:32:52 +02:00
Phil Whineray
a28a459c8f Install update-ipsets script as with others 2015-10-18 12:05:23 +01:00
Phil Whineray
5b40aec1ad Compile and install iprange to /sbin 
Added option --disable-iprange to avoid it
 2015-10-18 11:17:39 +01:00
Costa Tsaousis (ktsaou)
297811db63 max/ceil % is now relative to parent's ceiling rate (it was by mistake to parent's base rate); added warning if a class takes priority outside the valid ranges of HTB (0-7); switched default colors from blue to green 2015-10-03 01:40:16 +03:00
Costa Tsaousis (ktsaou)
49b5ff3664 when a table was already up to date but other depend on it, it was failing. fix for issue #78 2015-08-02 17:38:55 +03:00
Costa Tsaousis (ktsaou)
d95a06a922 fix for issue #77 2015-08-02 17:03:53 +03:00
Phil Whineray
0cb697d218 Add IPv6 support to vnetbuild and update example 2015-07-29 20:13:44 +01:00
Costa Tsaousis (ktsaou)
0b751c5db6 fixed bug in action sockets_suspects_trap and ipset_apply 2015-07-05 02:48:13 +03:00
Costa Tsaousis (ktsaou)
c7468eeeb9 rewrote the ipsets functionality so that: a) it optimizes netsets with iprange if present, b) it adapts the maxelem parameter for the updated ipset so that updating ipsets with big incremental updates does not fail, c) maintains compatibility with older ipset versions; side-effect: calling an ipset update without restarting the firewall now only support ipsets that are used in firehol.conf; if iprange is present, processing of ipsets is a lot faster 2015-06-15 02:33:08 +03:00
Costa Tsaousis
64bc7e62be added support for adapting ipsets maxelem when updating an ipset 2015-06-13 06:52:14 +03:00
Costa Tsaousis (ktsaou)
27b1751eb8 save in ipsets.conf the types and options of ipsets 2015-06-07 16:22:03 +03:00
Costa Tsaousis (ktsaou)
c9340661ff prevented a backup of all the ipsets in memory - because it takes too long when the system has many ipsets installed 2015-05-23 19:04:19 +03:00
Costa Tsaousis (ktsaou)
cc705b5818 added log() and loglimit() helpers to allow logging from ipsets globally 2015-05-20 02:03:58 +03:00
Phil Whineray
2d1351b279 Remove all reference to awk 2015-05-02 14:28:56 +01:00
Phil Whineray
4557d36cac Remove final use of awk 2015-05-02 14:28:56 +01:00
philwhineray
d0307dacb4 Merge pull request #70 from ktsaou/vnetbuild 
Add vnetbuild
 2015-04-26 19:24:23 +01:00
Costa Tsaousis (ktsaou)
cbe68661a8 added wrappers for rawmark() and custommark() 2015-04-25 13:27:32 +03:00
Costa Tsaousis (ktsaou)
a4f6a1a6c4 tproxy uses markdef() to allocate a mark; marks.conf is now saved only after successful firewall activation 2015-04-25 13:27:10 +03:00
Costa Tsaousis (ktsaou)
bad5465f6a ipset add support for comma as an IP separator 2015-04-25 13:03:07 +03:00
Phil Whineray
54db4b39c4 Add vnetbuild 2015-04-25 09:22:58 +01:00
Costa Tsaousis (ktsaou)
ee9bdb4535 disabled spinner in explain mode 2015-04-25 01:20:41 +03:00
Costa Tsaousis (ktsaou)
665538ca24 allowed to define multiple "except" rules in statements that accept this keyword 2015-04-25 01:16:35 +03:00
Costa Tsaousis (ktsaou)
53cdfc6b1d fix for older versions of ipset 2015-04-24 21:31:32 +03:00
Costa Tsaousis (ktsaou)
2a8547d47d fix for older versions of ipset 2015-04-24 21:01:40 +03:00
Costa Tsaousis (ktsaou)
2647833260 fix for older versions of ipset 2015-04-24 20:57:20 +03:00
Costa Tsaousis (ktsaou)
323c25d320 fix for older versions of ipset 2015-04-24 20:56:24 +03:00
Costa Tsaousis (ktsaou)
d806def4ee fix for older versions of ipset 2015-04-24 20:55:04 +03:00
Costa Tsaousis (ktsaou)
503c76f0be ipset support for older machines: just set IPSET_RESTORE_SUPPORTS_FLUSH_SWAP_DESTROY=0; rule() now generates NAT rules with a protocol if a port has been specified 2015-04-24 20:39:09 +03:00