Costa Tsaousis (ktsaou)
01cdcafbe5
added ransomware_online and firehol_webclient; fixes firehol/blocklist-ipsets#17
2016-11-06 23:30:50 +02:00
Costa Tsaousis (ktsaou)
d1c67869cf
fixed example according #149
2016-10-13 09:47:48 +03:00
Costa Tsaousis (ktsaou)
4597f02c62
added dataplane.org feeds; fixes firehol/blocklist-ipsets#16
2016-09-18 11:50:56 +03:00
Costa Tsaousis
7d5f32c015
default user-agent shows operating system (fixes greensnow)
2016-07-21 02:11:26 +03:00
BBcan177
1b3ba4e136
Use Correct URL for BBcan177 MS_1 and MS_3 Feeds
2016-05-10 13:20:59 -04:00
Costa Tsaousis
c72d6c8a9c
added bbcan177 and esentire IP feeds
2016-05-03 02:41:00 +03:00
Costa Tsaousis (ktsaou)
ddefa53532
experimental ematch support #125
2016-04-27 21:10:29 +03:00
Costa Tsaousis (ktsaou)
c29725467b
sysctl commands for synproxy, did not specify read or write operation
2016-04-26 17:24:41 +03:00
Costa Tsaousis (ktsaou)
00c8fc8916
added botvrij feeds #131
2016-04-19 03:14:33 +03:00
Philip Whineray
8f18fa7e36
Fix typo in variable expansion
2016-04-02 20:35:09 +01:00
Costa Tsaousis (ktsaou)
2d27f6179c
fix for FYROM
2016-03-28 01:44:54 +03:00
Costa Tsaousis (ktsaou)
d538409a68
white space fixes
2016-03-28 00:02:56 +03:00
Costa Tsaousis (ktsaou)
89c4472e2e
added feodo_badips
2016-03-27 23:49:57 +03:00
Costa Tsaousis (ktsaou)
5fb8c25502
added Summary IP Lists from ATLAS from Arbor Networks
2016-03-27 22:04:30 +03:00
Costa Tsaousis (ktsaou)
62cee7bed8
updated categories for several lists
2016-03-27 14:36:15 +03:00
Philip Whineray
0d60cc20e3
Replace direct use of sed with variable
2016-03-26 16:27:43 +00:00
Costa Tsaousis (ktsaou)
d666d42fa8
added threatcrowd IP Feed
2016-03-22 00:41:40 +02:00
Costa Tsaousis (ktsaou)
e9de745684
fixed typo in teslacrypt
2016-03-21 23:56:09 +02:00
Costa Tsaousis (ktsaou)
0202095e9b
added abuse.ch ransomware tracker IP Feeds
2016-03-21 23:32:05 +02:00
Philip Whineray
e99c62b565
Detect if ping -6 should be used
...
Newer versions of iputils have removed the ping6 tool but older
versions do not support the -6 flag, per #126 .
The unconfigured program will always try to fall back to ping if
it can't find ping6 but this behaviour will generally only be
visible to developers.
2016-03-20 14:10:49 +00:00
philwhineray
4d8aa9545d
Merge pull request #124 from jgmbenoit/debian-libarchinddir
...
enforced arch indep libdir
2016-03-20 11:28:03 +00:00
Philip Whineray
62d1808bbe
Use detected command variables
2016-03-20 10:19:17 +00:00
Costa Tsaousis (ktsaou)
c976943079
added gpf_comics
2016-03-12 23:31:03 +02:00
Costa Tsaousis (ktsaou)
a17d10be0a
added sigmaprojects.org IP lists
2016-03-12 22:59:57 +02:00
Costa Tsaousis (ktsaou)
3abc250886
iblocklist_badpeers is now a netset
2016-03-12 22:43:41 +02:00
Costa Tsaousis (ktsaou)
2855727222
fixed a bug where duplicate .setinfo files are generated; fixed an issue with iblocklist_webexploit and iblocklist_badpeers that were loosing part of their contents while processing
2016-03-12 22:39:47 +02:00
Costa Tsaousis (ktsaou)
0772f27d85
speed up ipset comparisons by removing pairs that are irrelevant
2016-03-12 02:50:25 +02:00
Costa Tsaousis (ktsaou)
b9a27295c5
renamed blueliv lists to their proper names
2016-03-11 22:45:22 +02:00
Costa Tsaousis (ktsaou)
2f84bbd9dc
renamed blueliv feeds
2016-03-10 23:23:06 +02:00
Costa Tsaousis (ktsaou)
0ed86898cf
updated description of blueliv.com feeds
2016-03-10 22:58:46 +02:00
Costa Tsaousis (ktsaou)
8b65e66e8f
added blueliv.com ipsets
2016-03-10 21:50:26 +02:00
Costa Tsaousis (ktsaou)
da43cc4c1f
fix for not detecting running vhosts; added command comments on status output
2016-03-06 13:14:14 +02:00
Costa Tsaousis (ktsaou)
ab79da46cd
added manual page for cthelper; added connlimit to blacklist and iptrap; added stateful option to blacklist; FIREHOL_DROP_ORPHAN_TCP_ACK_FIN fixed to match only ACK+FIN ignoring all other flags; similarly added FIREHOL_DROP_ORPHAN_TCP_ACK_RST, FIREHOL_DROP_ORPHAN_TCP_ACK, FIREHOL_DROP_ORPHAN_TCP_RST, FIREHOL_DROP_ORPHAN_IPV4_ICMP_TYPE3 (to drop orphan destination unreachable packets); added the word BLOCKED to the log messages of INVALID packets dropped; updated the man pages
2016-03-06 02:26:43 +02:00
Costa Tsaousis (ktsaou)
bed0f8c162
added the functions mentioned in #113
2016-03-05 14:55:31 +02:00
Costa Tsaousis (ktsaou)
ee44b4f6a7
resolved unki-hashtable conflicts
2016-03-05 14:41:05 +02:00
Philip Whineray
7d34fe514d
Also added zcat to the internal script lists
2016-02-22 06:51:00 +00:00
Jerome BENOIT
f0256b479c
enforced arch indep libdir
2016-02-22 06:00:11 +01:00
Costa Tsaousis (ktsaou)
4e32ed2bc4
added taichung; fixed urlvir
2016-01-30 01:25:37 +02:00
Costa Tsaousis (ktsaou)
e758dfd0c9
added cleanmx_phishing dyndns_ponmocup turris_greylist urlvir
2016-01-30 00:41:28 +02:00
Costa Tsaousis (ktsaou)
4152aafa48
fixed missing typo
2016-01-29 01:28:33 +02:00
Costa Tsaousis (ktsaou)
ab731b50e8
prevent chowning web dir recursively
2016-01-29 01:22:03 +02:00
Costa Tsaousis (ktsaou)
6c426bd9b2
removed cta_cryptowall from firehol_level1 - it seems to be stale
2016-01-25 22:06:37 +02:00
Costa Tsaousis (ktsaou)
cffe1d1bf1
fixed an issue where the new processed file was never compared to the last processed one, resulting in updating ipsets with zero changes
2016-01-25 21:01:23 +02:00
Costa Tsaousis (ktsaou)
3b2c1b070b
fix for .gitignore match
2016-01-21 02:27:23 +02:00
Costa Tsaousis (ktsaou)
fbd585a22c
prevent errors from missing files
2016-01-17 22:41:44 +02:00
Costa Tsaousis (ktsaou)
e95a217c7f
Merge branch 'master' of github.com:firehol/firehol
2016-01-17 22:31:06 +02:00
Costa Tsaousis (ktsaou)
c856312a40
prevent errors about missing files
2016-01-17 22:30:47 +02:00
Philip Whineray
f1580c9c4f
Add ipv6mld to handle the MLD protocol
...
Multicast Listener Discovery should be allowed on networks with
multicast snooping enabled.
2016-01-10 09:12:49 +00:00
Philip Whineray
006cacf1f8
Helper allows multiple stateless icmpv6 types/pair
...
Prepare for MLD which has the same semantics as ND/RD as far as
some packets being stateless in one direction and other stateless in
the opposite, but has multiple types, not just one, per direction.
2016-01-10 09:09:13 +00:00
Philip Whineray
9e1cdc96fd
Fix command detection for :
...
The : is a no-op in bash sometimes used as a fallback, but we had
stopped allowing it which causes a problem on very limited systems
such as openwrt.
2016-01-10 09:07:16 +00:00
Philip Whineray
776aa593ea
Add pre_up to hosts/switches
...
Allows executing custom commands before an interface is brought up
2016-01-10 09:05:48 +00:00
Costa Tsaousis (ktsaou)
c75dd31a18
fix for multiple bidirectional interfaces added one after another
2015-12-17 00:27:54 +02:00
Costa Tsaousis (ktsaou)
815ec23192
added handling of errors in generated output interface for bidirectional interfaces
2015-12-16 23:30:39 +02:00
Costa Tsaousis (ktsaou)
eaccf1e8ed
added debug info of generated output interface when bidirectional is given
2015-12-16 23:20:58 +02:00
Costa Tsaousis (ktsaou)
6446b85308
added tracing info for the flow
2015-12-16 23:09:31 +02:00
Costa Tsaousis (ktsaou)
732ee488ba
Merge branch 'master' of github.com:firehol/firehol
2015-12-10 18:54:12 +02:00
Costa Tsaousis (ktsaou)
acfa8146f8
added error info if optional commands are missing, but the ipsets enabled require it.
2015-12-10 18:54:00 +02:00
Costa Tsaousis
b88c6bfaed
Merge pull request #111 from unki/fireqos.conf.path
...
fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR
2015-12-08 22:22:59 +02:00
Andreas Unterkircher
5ba2c583d0
fireqos.in, add support for hashing filters
2015-12-07 22:48:49 +01:00
Costa Tsaousis (ktsaou)
39b69557bd
added jigsaw lists firehol/blocklist-ipsets#7
2015-12-07 22:48:49 +01:00
Andreas Unterkircher
3891dcfeae
fireqos.in, accept DSCP parameters case insensitive
2015-12-07 21:28:41 +01:00
Andreas Unterkircher
5e9239c8ce
fireqos.in, if match has insidegre specified, limit filter to packets with protocol GRE (47)
2015-12-07 21:23:40 +01:00
Costa Tsaousis (ktsaou)
bd311cfb10
added jigsaw lists firehol/blocklist-ipsets#7
2015-12-07 21:05:44 +01:00
Costa Tsaousis (ktsaou)
66fa93a932
added jigsaw lists firehol/blocklist-ipsets#7
2015-12-06 15:43:52 +02:00
Andreas Unterkircher
81d89aa24a
fireqos.in, fix incorrectly added TCP protocol match introduced by my previous patch
2015-12-05 21:35:04 +01:00
Andreas Unterkircher
8b153a4a9f
enable FireQOS to match on IP, protocol and ports within GRE packets
2015-12-05 21:35:03 +01:00
Andreas Unterkircher
d7c91df62f
fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR
2015-12-05 21:33:34 +01:00
Andreas Unterkircher
3ea4a15d18
fireqos.in, fix incorrectly added TCP protocol match introduced by my previous patch
2015-12-05 21:30:41 +01:00
Philip Whineray
1502decc1a
Clean up packaging
...
Use configure.ac to maintain version number
Remove redundant NEWS (ChangeLog) and AUTHORS (THANKS) files
Move hooks to their own directory
Rename README to README.md to format nicely on github
Generate README for tar by removing git specifics from README.md
Automate tagging when -rc or final version set in configure.ac
Improve pre-commit checking
2015-12-05 21:19:54 +01:00
Andreas Unterkircher
a434fe1f6f
enable FireQOS to match on IP, protocol and ports within GRE packets
2015-12-05 11:18:09 +01:00
Andreas Unterkircher
0a44572a08
fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR
2015-12-05 11:18:07 +01:00
Philip Whineray
633f4653c7
Clean up packaging
...
Use configure.ac to maintain version number
Remove redundant NEWS (ChangeLog) and AUTHORS (THANKS) files
Move hooks to their own directory
Rename README to README.md to format nicely on github
Generate README for tar by removing git specifics from README.md
Automate tagging when -rc or final version set in configure.ac
Improve pre-commit checking
2015-11-27 23:56:11 +00:00
Andreas Unterkircher
3b8f05cba7
firehol.in, on setting an DSCP value via a DSCP-class, use the right parameter which contains the class
2015-11-27 09:37:44 +01:00
Philip Whineray
3c53903c99
Move bash version checking to configure time
...
Clean up version checking, to a single common macro
2015-11-26 20:39:46 +00:00
Philip Whineray
2c9a2d4000
Extract common functions to functions.common.sh
...
Version number detection, command detection, terminal setup and a few
other bits have moved.
The processed (not .in) scripts will look for it in e.g. /usr/local/lib/firehol
or wherever the system will install it. The .in scripts will look for it in
their own directory.
Updated the configure system so that it correctly replaces paths rather
via the Makefile rather than trying to subsitute NONE in configire.ac.
Extracted all of the configure-time command substitutions to a single
sed file which is used to process the script.in files. Extended the
package checks to cover this file.
2015-11-25 23:36:29 +00:00
Andreas Unterkircher
893619e1c2
fireqos.ini, fail if DSCP and TOS match have been specified at the same time
2015-11-25 06:12:43 +01:00
Andreas Unterkircher
7d1d20db99
fireqos.in, add missing for-close
2015-11-23 09:57:22 +01:00
Andreas Unterkircher
7bc0993e55
fireqos.in, accept DSCP as match parameter
2015-11-23 09:32:55 +01:00
Andreas Unterkircher
b927f1a103
fireqos.in, remove trailing whitespaces
2015-11-23 09:32:45 +01:00
Philip Whineray
c36fdde175
Allow finding iprange in /usr/local/sbin
2015-11-22 11:52:57 +00:00
Philip Whineray
68e4496bce
Eliminate dependency on brctl
2015-11-15 17:43:20 +00:00
Philip Whineray
c13b074048
Rely on external iprange, checking version
2015-11-15 17:11:59 +00:00
Philip Whineray
6765eb41dc
Do a better job of honouring PAGER environment
2015-11-15 16:45:09 +00:00
Costa Tsaousis (ktsaou)
6a75a12265
fixed a typo
2015-11-14 21:12:25 +02:00
Costa Tsaousis (ktsaou)
e3282fcd45
added persistent nat even for multiple alternatives - implemented with firehol logic using the recent module
2015-11-14 20:50:09 +02:00
Costa Tsaousis (ktsaou)
bf335e2a14
added protection *connlimit* and *connrate*; removed default mask from parameter connlimit
2015-11-14 17:08:47 +02:00
Costa Tsaousis (ktsaou)
b029c56bec
added rule option *connlog* to only log the first packet of connections; refactored *connlimit* to support all possible options; added *hashlimit* with all its options; most actions now accept the keywork *with* which also supports *with connlimit* and *with hashlimit*
2015-11-14 04:23:56 +02:00
Costa Tsaousis (ktsaou)
2c62697073
moved a log line that should respect the silent flag
2015-11-14 04:21:16 +02:00
Costa Tsaousis (ktsaou)
6c303b37de
Merge branch 'master' of github.com:firehol/firehol
2015-11-13 00:29:05 +02:00
Costa Tsaousis (ktsaou)
a03049e7d4
added support for DNS temporary failures - in such cases, DNS resolution is retried up to 20 times (only when the DNS server responds with temporary DNS failure)
2015-11-13 00:28:48 +02:00
Costa Tsaousis (ktsaou)
747f718119
use iprange --diff mode for comparing ipset versions
2015-11-13 00:27:36 +02:00
Philip Whineray
b73d00f7d9
configure script now only detected needed commands
...
When programs are disabled, their dependencies are omitted. Same
if ipv6 or ipv6 is disabled.
2015-11-12 21:36:06 +00:00
Costa Tsaousis (ktsaou)
fb7eb84609
added option --quiet to silently check if ipsets differ with --diff
2015-11-12 03:30:27 +02:00
Costa Tsaousis (ktsaou)
3952fd0744
Merge branch 'master' of github.com:firehol/firehol
2015-11-12 03:19:15 +02:00
Costa Tsaousis (ktsaou)
e1f0e0d392
added option --diff to show the differences between ipsets
2015-11-12 03:19:00 +02:00
Philip Whineray
111aa66962
Add flags to disable ipv4/ipv6 in firehol
2015-11-11 22:37:53 +00:00
Philip Whineray
b670b4cd21
Allow configuring to not install specific scripts
...
When not installing a script, also stop its documentation, example
files etc.
2015-11-11 18:28:01 +00:00
Philip Whineray
fdef2baa35
Add comment regarding namespace problem
2015-11-11 07:54:28 +00:00
Philip Whineray
fde365ab94
Make sure use same defaults file for all
...
Make it read-all so non-root use in update-ipsets is OK
Make the source test for readability so we do not get an error if not
2015-11-11 07:44:28 +00:00
Costa Tsaousis (ktsaou)
d1473e1f59
fixed typos
2015-11-10 23:03:08 +02:00
Costa Tsaousis (ktsaou)
112a21c445
added prototype for custom/admin/user supplied downloaders; fixed an issue with git commits
2015-11-10 22:15:58 +02:00
Philip Whineray
370a6616f4
Honour the config directory set by configure
...
Ensure that ipset_remove_all_tmp_sets() is defined before it can
be called in firehol_exit().
2015-11-10 18:35:12 +00:00
Philip Whineray
d2ec651cdc
Detect and use TAR_CMD
...
A couple of other programs replaced
Allow unconfigured programs to detect iprange in-situ
2015-11-10 07:26:59 +00:00
Costa Tsaousis (ktsaou)
f7c3f430fd
Merge branch 'master' of github.com:firehol/firehol
2015-11-10 01:50:38 +02:00
Costa Tsaousis (ktsaou)
41db726dfb
added ability to ask update for specific ipsets; added distribution, admin and user supplied ipsets; moved the current directory to a temporary place to prevent accidental damage or random files appearing in system locations
2015-11-10 01:50:33 +02:00
Philip Whineray
c031254067
Remove unused commands
...
Detect unused commands in script during pre-commit checks
Always use /sbin and /usr/sbin as part of autoconf detection
2015-11-09 20:52:11 +00:00
Philip Whineray
ee401fc813
Switch vnetbuild to common command detection
2015-11-09 07:39:05 +00:00
Costa Tsaousis (ktsaou)
740c738f29
made range printing, always print ranges
2015-11-09 09:33:05 +02:00
Philip Whineray
ea252883d8
Add perl script to detect plain command usage
...
Update scripts with the problems found
In firehol, moved the iptables() and ipset() helpers to before they are
used, since this is how the detection script learns they are not a problem.
2015-11-08 17:28:16 +00:00
Costa Tsaousis (ktsaou)
6a1dbc4db7
fixed a division by zero
2015-11-08 12:35:02 +02:00
Costa Tsaousis (ktsaou)
741d0d09a3
--enable-all does not enable certain ip lists; these can only be enabled manually
2015-11-08 09:26:26 +02:00
Costa Tsaousis (ktsaou)
c5e6026c61
modified to automatically support sane default for running as root or as user
2015-11-08 06:27:36 +02:00
Costa Tsaousis (ktsaou)
9d2b75bc9f
allow configuration variables to be set via environment
2015-11-08 05:11:51 +02:00
Costa Tsaousis (ktsaou)
f28122934e
isolated warning about WEB_DIR and LIB_DIR
2015-11-08 03:25:30 +02:00
Costa Tsaousis (ktsaou)
4b463218a7
allowed badips.com lists to be empty
2015-11-07 23:54:50 +02:00
Costa Tsaousis (ktsaou)
04e93f0b0d
prevent ipsets from being updated with zero IP count (it is allowed for all malware ipsets); added function for temporary settings per ipset; added history_statistics() to calculate min/max/avg update time, min/max entries and min/max IPs for the last 500 updates of ipsets
2015-11-07 23:46:31 +02:00
Costa Tsaousis (ktsaou)
05f91ad033
added min/max update duration calculation for all lists
2015-11-07 19:23:51 +02:00
Costa Tsaousis (ktsaou)
2c843be9a7
calculated the average update frequency of lists; support for the new dns progress bar of iprange
2015-11-07 18:56:21 +02:00
Costa Tsaousis (ktsaou)
9b4320a44c
disable dns progress bar by default
2015-11-07 18:55:47 +02:00
Costa Tsaousis (ktsaou)
c699a4cd91
moved RUN_DIR to /tmp because certain distros have very small /var/run tmpfs - /tmp is the proper place for temporary files
2015-11-07 15:26:04 +02:00
Costa Tsaousis (ktsaou)
4c9a7a2c2d
use iprange DNS resolv instead of the host command; use iprange binary format for the history log of aggregated ipsets
2015-11-07 15:05:53 +02:00
Costa Tsaousis (ktsaou)
a59e485d22
Merge branch 'master' of github.com:firehol/firehol
2015-11-07 13:24:24 +02:00
Phil Whineray
0dac5317fb
Detect and use pthreads when building iprange
2015-11-07 06:50:36 +00:00
Costa Tsaousis
c608bc3c22
update-ipsets now uses the async DNS resolver of iprange
2015-11-07 04:38:29 +02:00
Costa Tsaousis (ktsaou)
25249ad1f8
added options to silent dns errors and hide the progress bar
2015-11-07 04:06:04 +02:00
Costa Tsaousis (ktsaou)
d590fef00c
added asynchronous DNS resolver - now it needs to be build with -lpthread
2015-11-07 03:45:09 +02:00
Costa Tsaousis (ktsaou)
2f3a825dda
added async dns resolution - still in progress, so it is disabled, make with CFLAGS=-DASYNC_RESOLVER to enable for testing
2015-11-06 03:00:37 +02:00
Costa Tsaousis (ktsaou)
213a28571d
moved hostname resolution to a separate function
2015-11-06 01:22:52 +02:00
Costa Tsaousis (ktsaou)
c021d69c91
better handling of erroneus lines in input files; 30% faster printing of IP addresses; support for DNS resolution of hostnames in input files
2015-11-06 01:08:34 +02:00
Costa Tsaousis (ktsaou)
94d4b7eb73
added more packetmail lists
2015-11-05 01:33:16 +02:00
Costa Tsaousis (ktsaou)
dd91db096c
fix for optional and possibly missing commands
2015-11-05 00:16:22 +02:00
Costa Tsaousis (ktsaou)
5f9c83ce48
cleanup of required commands; cleanup of log formatting; some better error handling
2015-11-05 00:10:07 +02:00
Costa Tsaousis (ktsaou)
f2cc8ead49
fixes after the external command management to make it operational again
2015-11-04 01:32:44 +02:00
Costa Tsaousis (ktsaou)
4ce16f3319
added errors in *-next parameters when no file is given before the *-next parameter
2015-11-04 01:32:14 +02:00
Phil Whineray
dfa1664df0
Merge branch 'master' into update-ipsets-commands
...
Conflicts:
sbin/update-ipsets.in
2015-11-02 07:52:12 +00:00
Costa Tsaousis (ktsaou)
83ee676c91
fixed various issues and improved significantly the download manager and the logging
2015-11-02 08:46:46 +02:00
Costa Tsaousis (ktsaou)
3aea86defa
increased the timeouts a bit to prevent download errors
2015-11-02 00:54:15 +02:00
Costa Tsaousis (ktsaou)
81462ae4b9
fixed a bug that did not update the geolocation maps for ipsets that have not been updated, in --rebuild mode
2015-11-02 00:35:49 +02:00
Costa Tsaousis (ktsaou)
44acb44d97
it now exposes start time and consecutive errors to json files
2015-11-01 23:10:11 +02:00
Costa Tsaousis (ktsaou)
6dd27e1863
fixed the merge() function to support other maintainers too; made cleantalk use the new merge() function.
2015-11-01 22:48:28 +02:00
Phil Whineray
e27d0e205b
Replace explicit commands with detected variables
2015-11-01 17:53:23 +00:00
Phil Whineray
b1aa3cd788
Merge branch 'master' into update-ipsets-commands
...
Conflicts:
sbin/update-ipsets.in
2015-11-01 17:52:02 +00:00
Costa Tsaousis (ktsaou)
deedc579b0
added cleantalk lists
2015-10-31 23:52:50 +02:00
Phil Whineray
1e5fa7befa
Merge branch 'master' into update-ipsets-commands
2015-10-31 14:54:47 +00:00
Costa Tsaousis (ktsaou)
677be3c307
updated firehol lists
2015-10-31 16:28:24 +02:00
Phil Whineray
1ea9a58bd4
Convert update-ipsets to new command system
2015-10-31 12:29:25 +00:00
Costa Tsaousis (ktsaou)
1f70cb606f
added asynchronous hostname resolver based on adnshost, added hphosts lists (resolved from hostnames)
2015-10-31 13:02:40 +02:00
Costa Tsaousis (ktsaou)
e9f137cd94
fixed a bug that resulted in duplicate routing table entries (added -u to a sort)
2015-10-31 11:45:48 +02:00
Costa Tsaousis (ktsaou)
31723d0dc4
fixed a bug where a request to print single IPs containing the IP 255.255.255.255 resulted in printing all 4 billion IPv4 IPs possible
2015-10-31 11:44:14 +02:00
Costa Tsaousis (ktsaou)
94ffc784ec
added Cyber Threat Alliance Cryptowall
2015-10-31 04:11:55 +02:00
Costa Tsaousis (ktsaou)
ff46d12ac0
added ipblacklistcloud, graphiclineweb, chaosreigns, nullsecure
2015-10-31 01:29:51 +02:00
Phil Whineray
0de62875fc
Check for missing $ on commands in pre-commit
...
Tidied up common behaviour into a function
Updated TPUT_CMD where it was missing the $
2015-10-30 22:18:57 +00:00
Phil Whineray
0ff50524b9
Update link-balancer to use detected commands
2015-10-30 20:39:58 +00:00
Phil Whineray
1ad836d854
Remove root requirement for unittests
...
Significant workaround added for 0440 permissions on /proc/net/ip_tables_names
2015-10-30 20:38:12 +00:00
Phil Whineray
11b112498f
Add RMMOD_CMD and SLEEP_CMD for FireQOS
2015-10-30 07:53:18 +00:00
Phil Whineray
f27eec2e91
Do not call version routine until we have SED_CMD
...
Fix typo in case for version extraction
Extend kcov usage
2015-10-28 20:34:01 +00:00
Phil Whineray
73d531d340
Use require_cmd as expected now
2015-10-27 22:06:34 +00:00
Phil Whineray
881dc95ff4
Force full detection of AWK path
2015-10-27 21:55:27 +00:00
Phil Whineray
e723f3ba19
fireqos now has same command detection as firehol
...
Update pre-commit script to detect entries missing from configure script
Update unittest to run fireqos without a PATH set
Update unittest with a view to running code coverage check
2015-10-27 21:35:21 +00:00
Phil Whineray
9449e984d6
Added WC_CMD to command table
...
Also, updated pre-commit script to ensure all used commands are
present in the table.
2015-10-27 13:03:05 +00:00
Phil Whineray
070430762d
Fixup commands not using _CMD variables
...
Also fix remaining problems around autodetection
Both were exposed by the new unittest strategy
2015-10-26 22:36:00 +00:00
Phil Whineray
4e1bf97891
Only update PATH whilst detecting commands
...
Update the unit tests so that an empty path is given. Highlight any
command failures (i.e. not using the special variables) that are
emitted.
2015-10-26 22:35:17 +00:00
Phil Whineray
f652298849
Resolve uname discrepancy
2015-10-26 07:11:44 +00:00
Phil Whineray
8ef0c9a984
Include options for commands, where required
...
Put back uname - it is currently used before the variable is set up
2015-10-25 08:51:24 +00:00
Phil Whineray
ab2259f49b
Fix possible quoting problem and introduce test
2015-10-25 08:10:32 +00:00
Phil Whineray
c76f7626a2
Use UNAME_CMD when finding kernel version
2015-10-25 07:34:16 +00:00
Phil Whineray
41e3065cdc
Always return TTY to sane defaults
2015-10-25 07:33:42 +00:00
Phil Whineray
e6c887acf5
Use efficient alternative to extract command path
2015-10-25 07:31:31 +00:00
Phil Whineray
d63e61c3c3
Validate that all commands exist and can execute
...
We will output a message indicating what can be done if this occurs
2015-10-23 13:56:05 +01:00
Costa Tsaousis (ktsaou)
f0c2da8736
fix to remove a space that was appended on all commands detected; added a check to make sure the autoconf configured commands still exist; #82
2015-10-22 22:19:17 +03:00
Phil Whineray
1de06a4dbf
Allow configure script to set default AUTOSAVE
2015-10-21 20:44:17 +01:00
Phil Whineray
08425eaac0
Rework command detection routines
...
Process is now table-driven and has the following features:
- Honours the value set in /etc/firehol/firehol-defaults.conf, if any
- Uses the value set by autoconf, if any
- Autodetects in preferred order, allowing optional parameters as needed
This takes out all the special cases. Commands that are only sometimes
required are detected up front but still only checked when needed.
Also:
- allow detection/preinstall of iprange
- only emit iprange command warnings when it would be used
- restore tty settings when Ctrl-C hit (echo is disabled otherwise)
2015-10-21 20:44:17 +01:00
Sander Ruitenbeek
1f2c8fadee
Fixed interface oneliner to snip out NONE after interface name (ex. sit0NONE).
2015-10-20 22:32:52 +02:00
Phil Whineray
a28a459c8f
Install update-ipsets script as with others
2015-10-18 12:05:23 +01:00
Phil Whineray
5b40aec1ad
Compile and install iprange to /sbin
...
Added option --disable-iprange to avoid it
2015-10-18 11:17:39 +01:00
Costa Tsaousis (ktsaou)
297811db63
max/ceil % is now relative to parent's ceiling rate (it was by mistake to parent's base rate); added warning if a class takes priority outside the valid ranges of HTB (0-7); switched default colors from blue to green
2015-10-03 01:40:16 +03:00
Costa Tsaousis (ktsaou)
49b5ff3664
when a table was already up to date but other depend on it, it was failing. fix for issue #78
2015-08-02 17:38:55 +03:00
Costa Tsaousis (ktsaou)
d95a06a922
fix for issue #77
2015-08-02 17:03:53 +03:00
Phil Whineray
0cb697d218
Add IPv6 support to vnetbuild and update example
2015-07-29 20:13:44 +01:00
Costa Tsaousis (ktsaou)
0b751c5db6
fixed bug in action sockets_suspects_trap and ipset_apply
2015-07-05 02:48:13 +03:00
Costa Tsaousis (ktsaou)
c7468eeeb9
rewrote the ipsets functionality so that: a) it optimizes netsets with iprange if present, b) it adapts the maxelem parameter for the updated ipset so that updating ipsets with big incremental updates does not fail, c) maintains compatibility with older ipset versions; side-effect: calling an ipset update without restarting the firewall now only support ipsets that are used in firehol.conf; if iprange is present, processing of ipsets is a lot faster
2015-06-15 02:33:08 +03:00
Costa Tsaousis
64bc7e62be
added support for adapting ipsets maxelem when updating an ipset
2015-06-13 06:52:14 +03:00
Costa Tsaousis (ktsaou)
27b1751eb8
save in ipsets.conf the types and options of ipsets
2015-06-07 16:22:03 +03:00
Costa Tsaousis (ktsaou)
c9340661ff
prevented a backup of all the ipsets in memory - because it takes too long when the system has many ipsets installed
2015-05-23 19:04:19 +03:00
Costa Tsaousis (ktsaou)
cc705b5818
added log() and loglimit() helpers to allow logging from ipsets globally
2015-05-20 02:03:58 +03:00
Phil Whineray
2d1351b279
Remove all reference to awk
2015-05-02 14:28:56 +01:00
Phil Whineray
4557d36cac
Remove final use of awk
2015-05-02 14:28:56 +01:00
philwhineray
d0307dacb4
Merge pull request #70 from ktsaou/vnetbuild
...
Add vnetbuild
2015-04-26 19:24:23 +01:00
Costa Tsaousis (ktsaou)
cbe68661a8
added wrappers for rawmark() and custommark()
2015-04-25 13:27:32 +03:00
Costa Tsaousis (ktsaou)
a4f6a1a6c4
tproxy uses markdef() to allocate a mark; marks.conf is now saved only after successful firewall activation
2015-04-25 13:27:10 +03:00
Costa Tsaousis (ktsaou)
bad5465f6a
ipset add support for comma as an IP separator
2015-04-25 13:03:07 +03:00
Phil Whineray
54db4b39c4
Add vnetbuild
2015-04-25 09:22:58 +01:00
Costa Tsaousis (ktsaou)
ee9bdb4535
disabled spinner in explain mode
2015-04-25 01:20:41 +03:00
Costa Tsaousis (ktsaou)
665538ca24
allowed to define multiple "except" rules in statements that accept this keyword
2015-04-25 01:16:35 +03:00
Costa Tsaousis (ktsaou)
53cdfc6b1d
fix for older versions of ipset
2015-04-24 21:31:32 +03:00
Costa Tsaousis (ktsaou)
2a8547d47d
fix for older versions of ipset
2015-04-24 21:01:40 +03:00
Costa Tsaousis (ktsaou)
2647833260
fix for older versions of ipset
2015-04-24 20:57:20 +03:00
Costa Tsaousis (ktsaou)
323c25d320
fix for older versions of ipset
2015-04-24 20:56:24 +03:00
Costa Tsaousis (ktsaou)
d806def4ee
fix for older versions of ipset
2015-04-24 20:55:04 +03:00
Costa Tsaousis (ktsaou)
503c76f0be
ipset support for older machines: just set IPSET_RESTORE_SUPPORTS_FLUSH_SWAP_DESTROY=0; rule() now generates NAT rules with a protocol if a port has been specified
2015-04-24 20:39:09 +03:00