sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-30 19:02:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
267 Commits 5 Branches 37 Tags 5.2 MiB
c0b8faf23d
Commit Graph

148 Commits

Author SHA1 Message Date
ktsaou
c48a98eee7 Fixed a minor bug in kernel module handling that made it not detect that 
ip_tables is already compiled (or loaded) in the kernel.
 2003-08-19 22:21:32 +00:00
ktsaou
6810350605 More Gentoo compatibility (mainly change of port names to port numbers in 
services).
 2003-07-31 20:44:45 +00:00
ktsaou
c4843a5579 Minor changes for gentoo compatibility (SAVE feature) 
.
 2003-07-27 22:58:59 +00:00
ktsaou
3e5219f280 Added service HYLAFAX, although experimental. 2003-07-20 22:45:50 +00:00
ktsaou
77e3e68ca5 As suggested by "Francisco Javier Félix Belmonte" <ffelix@gescosoft.com> 
fixed all EOF statements in order to produce cleaner iptables run script.
 2003-07-20 22:14:28 +00:00
ktsaou
dac981aaa2 Added service POSTGRES. 2003-07-20 21:52:41 +00:00
ktsaou
ac10d81534 Added TIME service. 2003-07-20 21:50:29 +00:00
ktsaou
9388014f2b Changed service CUPS ports to numeric. Gentoo does not have this defined. 2003-07-20 21:48:01 +00:00
ktsaou
318c025726 Added --cmd-owner support. 2003-07-20 21:46:41 +00:00
ktsaou
5928af285d Added service webmin. 2003-06-30 22:18:46 +00:00
ktsaou
fd502a035e Added jabber and jabberd services. 2003-06-30 22:07:01 +00:00
ktsaou
efeca5adba Aesthetic changes in mac helper. 2003-06-28 23:22:49 +00:00
ktsaou
67b3f9fa8c Updated service LPD according to RFCs, and now it accepts only ports 
721 to 731 inclusive, plus the default client ports.
 2003-06-28 21:26:20 +00:00
ktsaou
14a6a38e79 Reverted DEFAULT_CLIENT_PORTS to 1024+ (was 1000+) 
Made LPD client ports "any".
 2003-06-28 20:52:09 +00:00
ktsaou
692d614c50 Added the "mac" optional rule parameter, that matches the source mac 
address of packets.

Added the "mac" helper that verifies that packets comming in from a
specific source IP address, always come from a specific MAC address.
This applies to the whole firewall (INPUT and FORWARD).
 2003-06-18 22:56:24 +00:00
ktsaou
94a31d71b6 Added FIREHOL_INPUT_ACTIVATION_POLICY, FIREHOL_OUTPUT_ACTIVATION_POLICY, 
and FIREHOL_FORWARD_ACTIVATION_POLICY to control the firewall default
policy during firewall activation.
 2003-06-18 21:44:52 +00:00
ktsaou
320152e875 Optimized RESERVED_IPS as suggested by Marc 'HE' Brockschmidt 
<marc@marcbrockschmidt.de>.
 2003-06-11 07:00:24 +00:00
ktsaou
5a44cbbffe Added MSN and DCPP services. 2003-06-10 21:27:46 +00:00
ktsaou
f747037d25 Added man page for firehol.conf, contributed by 
"Marc 'HE' Brockschmidt" <marc@marcbrockschmidt.de>

Thanks Marc.
 2003-06-10 20:44:27 +00:00
ktsaou
3e7421d755 Made FireHOL mv /etc/firehol.conf to /etc/firehol/firehol.conf, if 
/etc/firehol (directory) does not exist.

Also, made _CMD variables better detect wrong situations, such as
multiple instanses of the same command, command not found, etc.
 2003-05-22 19:39:53 +00:00
ktsaou
90931fecf6 Made default config in /etc/firehol/firehol.conf to comform with various 
distributions that prefer it this way (Gentoo).

This will also allow to have services.d within this directory.
 2003-05-01 01:30:23 +00:00
ktsaou
032abaacdd "Marc 'HE' Brockschmidt" <marc@marcbrockschmidt.de> wrote: 
Today, I've tried to debianize firehol, but noticed a few problems
(eg. the need for a force-reload-option for every init-script [you could
realize it as an alias for restart]).
I've corrected a few " !!!" (As a reader of Terry Pratchett, I had to
kill them ;-)
I'm attaching a patch for these issues.

I've also created a manpage for FireHOL, and I'm working on the manpage
for firehole.conf.

---
Thank you Marc.
 2003-04-30 23:29:47 +00:00
ktsaou
9e71125a19 Fixed a 'touch' cmd to use the external command system. 2003-04-24 08:15:08 +00:00
ktsaou
4884040765 Made HELPME detect duplicate routers and prevent multiple definitions 
of them.
 2003-04-24 08:12:51 +00:00
ktsaou
3d0dc572bf Eliminated duplicate router definitions in HELPME, when an interface 
has multiple IPs on the same subnet.
 2003-04-23 20:42:26 +00:00
ktsaou
c425e713d8 FireHOL now stops the firewall with its own logic (without calling 
/etc/init.d/iptables) since some distribution do not have this.
 2003-04-20 10:18:10 +00:00
ktsaou
2bc1846dae Module management can now be controlled with FIREHOL_LOAD_KERNEL_MODULES. 
Default value is 1, it can be set to 0 to disable module management.

Also, now FireHOL automatically detects if ip_tables and ip_conntrack
are build into the kernel, by looking for relative files in /proc/net.
 2003-04-18 20:52:44 +00:00
ktsaou
a826bfa1c3 Removed all hard-coded references to external commands and made a dynamic 
list at the top of FireHOL. Now FireHOL will refuse to run if some command
is missing.
 2003-04-08 00:12:02 +00:00
ktsaou
9b309c9143 Fixed MIRROR statements to produce REJECT on the OUTPUT of the host. 2003-03-19 21:51:56 +00:00
ktsaou
41e429b128 Copyright notices now print year 2003. 2003-03-18 21:27:35 +00:00
ktsaou
0c5eb0d73e Cosmetic changes in 'helpme' 2003-03-17 23:03:00 +00:00
ktsaou
33f8946676 Fixed broken 'helpme' detection of networks behind gateways. Now it works. 2003-03-17 22:57:26 +00:00
ktsaou
b915a00360 'helpme' now detects multiple overlapping networks defined for the same 
interface. In such cases it only defines the wider network.
 2003-03-17 22:42:18 +00:00
ktsaou
052e7844d6 Made 'helpme' detect point-to-point routes better. 2003-03-16 22:13:30 +00:00
ktsaou
ab4ada21cb Added service 'socks'. 2003-03-15 01:24:19 +00:00
ktsaou
ff8f6e8433 'panic' now prevent you from loosing the SSH you are issuing this command 
by allowing the established connection specified in the environment
variable SSH_CLIENT (only if it exists: it is lost if you su -, you should
su without the minus).

Also, the panic argument takes one optional argument. This can be an IP
address in which case all established connections between the host and this
IP will be allowed.
 2003-03-15 00:59:27 +00:00
ktsaou
0df8d5110c The squid service has been defined with numeric port numbers because 
Debian systems have not this service defined.
 2003-03-14 21:22:37 +00:00
ktsaou
9335770dca Command line argument 'panic' does not call the system's iptables script 
but blocks all traffic by itself, since many systems do not have the
'panic' argument.
 2003-03-14 20:59:07 +00:00
ktsaou
e0b1570dd2 Added FIREHOL_AUTOSAVE variable that controls the file that is saved with 
the 'save' argument of FireHOL. By default this variable is empty in which
case FireHOL detects RedHat and Debian systems and saves it to the right
place.
 2003-03-14 20:36:52 +00:00
ktsaou
65dbe74904 'helpme' now allows ICMP traffic by default. 2003-03-07 23:34:29 +00:00
ktsaou
1e18a727a4 Fixed double quoting in router statements produced by 'helpme'. 2003-03-07 23:17:38 +00:00
ktsaou
4d2812c723 'helpme' handles multiple networks in router statements. 2003-03-07 23:12:15 +00:00
ktsaou
efa4baa6d2 'helpme' mode does not require a configuration file present. 2003-03-07 23:01:31 +00:00
ktsaou
07a429ac05 Made it not ignore the default route in 'helpme' routers. 2003-03-07 09:19:19 +00:00
ktsaou
6ecf404948 Minor changes in 'helpme' generation. 2003-03-06 08:18:49 +00:00
ktsaou
0982c89ea3 Made it ignore a default gateway when there was a P-t-P default gateways 
found.
 2003-03-05 22:06:51 +00:00
ktsaou
8f185c5880 Made the 'helpme' feature append another interface for the default gateway. 2003-03-05 18:23:57 +00:00
ktsaou
8cd37417e8 Minor changes in the default help page presented by FireHOL. 2003-03-05 00:33:56 +00:00
ktsaou
513f0518aa Re-wrote 'helpme' to detect multiple IPs and networks per interfaces, 
and to produce multiple interfaces for each IP. This means that FireHOL
is somewhat smart to match IPs with networks and interfaces, to detect
networks behind gateways, default gateways on point-to-point interfaces,
and to produce router statements matching the interfaces detected above.
 2003-03-05 00:11:56 +00:00
ktsaou
500c0c6468 Made 'helpme' ignore interfaces that do not have an IP or no traffic is 
routed to them (no route).
 2003-03-03 21:51:04 +00:00